MS SQL SERVER security settings audit

Authors

  • Анастасия Евгениевна Мазуренко NTUU "KPI"

DOI:

https://doi.org/10.18372/2410-7840.19.11442

Keywords:

database (DB), DB objects protection, security settings audit, information system

Abstract

The article is devoted to the trending problem of the information protection in databases. Correctly organized security policy allows you to protect sensitive information in database. Security policies ensure that view and / or modification of such information should be performed only by users who have appropriate rights. This minimizes the risks of attacks on the information, and also increases the assurance that the security management system encompass all confidential information from the organization’s database. The most important aspect of maintaining proper security policy is to control the security settings. From the set of available options, the author identifies the main, grouped into five categories, which should be controlled by the administrator on a mandatory basis: access control to SQL Server with administrative privileges; audit CONTROL and IMPERSONATE permissions; database owners control; access permissions to the database objects; failed login attempts control. In order to control security settings, the author proposes a set of procedures in the form of SQL-queries for each of these categories.

Author Biography

Анастасия Евгениевна Мазуренко, NTUU "KPI"

student of the Institute of Physics and Technologies of the NTUU "KPI"

References

SANS Institute InfoSec Reading Room. Setting Up a Database Security Logging and Monitoring Program. Access mode: World Wide Web. – URL: https://www. sans.org/reading-room/whitepapers/application/setting-database-security-logging-monitoring-program-34222.

Top Ten Database Security Threats. Access mode: World Wide Web. – URL: https://www.imperva. com/ docs/ gated/ WP_TopTen_ Database_Threats. pdf.

Access mode: World Wide Web. – URL: http://ebook-dl.com/item/securing-sql-server-third-edition-protecting-your-database-from-attackers-3rd-edition-denny-cherry.

Chapter 18 - Securing Your Database Server. Access mode: World Wide Web. – URL: https:// msdn. microsoft. com / en-us / library / ff648664.aspx.

sys.database_permissions (Transact-SQL) Access mode: World Wide Web. – URL: https:// msdn.microsoft.com/en-us/library/ms188367.aspx.

Downloads

Published

2017-03-27

Issue

Vol. 19 No. 1 (2017)

Section

Articles

License

Authors who publish with this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).