Figure B.1 Configure the database you would like to audit using the Audit Manager dialogue box. The second required step is building the log tables. The log tables store the log information. These are the tables that you will interact with to view the audited events. To build the log tables, you should perform the follow- ing steps: 1. From Audit Manager, click the Build Log Tables button to bring up the Build Log Tables dialogue box as shown in Figure B.3. 2. Click the Build Audit Log Tables button. 3. Click OK after the Log Tables are successfully built. 4. Leave Audit Manager open to perform the final phase of the config- uration. Third-Party SQL Server Security Management Tools 389 Figure B.2 Use Audit Setup in the Audit Manager dialogue box to configure the actions you would like to audit in each table of your database. Finally, you need to build the triggers necessary to track the changes in the database. The syntax for creating the triggers is automatically created on the tables that you want to audit. To build the triggers, you should per- form the following steps: 1. From Audit Manager, click the Build Triggers button. 2. Click OK to close the message box confirming that the triggers have been built. After you have configured auditing, you can optionally purge the log data and uninstall auditing. You can use the Purge Log Data feature to help keep your Audit Log Tables small and manageable. The Uninstall Auditing feature is used to remove the settings you have configured. The Audit Log Viewer tool is used to view the auditing information you have captured. The tool can be used to filter the data so that you can view the information that has been captured. 390 Appendix B Figure B.3 Use Build Log Tables in the Audit Manager dialogue box to store details of each audited event. More Information OmniAudit is a completely server-side solution that requires no modifica- tions to client software. As such, it works automatically for any client soft- ware used to change the contents of a table, including vendor tools such as Enterprise Manager and Query Analyzer, as well as all commercial or pro- prietary software that your databases are supporting. OmniAudit was created by Krell Laboratories, which specializes in data- base development software for Microsoft SQL Server. You can find out more information about this product, download a free 30-day trial copy, and purchase a license to the software at Krell Labs Web site located at www.krell-software.com. Third-Party SQL Server Security Management Tools 391 Lumigent Log Explorer Log Explorer offers rich and flexible transaction browsing capabilities. By interpreting the database transaction log, where SQL Server records every operation that changes the database, Log Explorer gives you the historical information you need to figure out the problems and how to fix them. Using Log Explorer’s flexible filtering capabilities, you can review pre- cisely the activity of interest, filtered by time, table, application, or other attributes. The row revision history feature lets you drill down on the data changes to a particular row over time. The row transaction history shows which operations made those changes. Log Explorer’s virtual log capability lets you review current and historical log data together seamlessly, even for changes that occurred before Log Explorer was installed. Log Explorer’s real-time monitoring lets you observe changes to the database as they occur. The data export facility lets you save selected changed data to a SQL Server table or to a file in HTML, XML, or text format, from which you can generate a variety of reports. You can use the Log Explorer to perform the following actions: ■■ Browse the transaction log ■■ Reconstruct past state ■■ Locate user and program activity ■■ Verify program behavior and identify program errors ■■ Trace program interactions, timing effects, and deadlock situations ■■ Correlate your application behavior with the actions of other system components This tool can be helpful in finding past events and then reversing them without having to erase everything else that has occurred on the database. Getting Started Because the Log Explorer works primarily off the database transaction log, there is little modification within SQL Server. This product does not require alterations to the schema of the tables and databases you are viewing. After installation you will want to have the following information available to begin using the Log Explorer: ■■ The database log you would like to view. 392 Appendix B ■■ Whether you want to view the current log information or informa- tion from a log backup. ■■ If you select a log backup, you need to know the location where the log was backed up. ■■ If you are trying to restore a modification or a deleted object, you will need to have as much information as possible about the object that changed and the time that it most likely occurred. To start using the Log Explorer, you should perform the following steps: 1. Open the Log Explorer from the Lumigent program group. 2. Enter your connection information for the server you want to moni- tor and click Connect. This opens the Lumigent Log Explorer dia- logue box shown in Figure B.4. 3. Click the Attach Log File option. 4. Select the Database you want to view and whether you want to view the online log or a backup. Click Attach to attach the log. Figure B.4 The Lumigent Log Explorer allows you to attach an existing log file and view the current detail. Third-Party SQL Server Security Management Tools 393 After you have attached a log file, you can use the functions of the utility to browse the data and make your changes. These functions can include the following items. ■■ Restore truncated or dropped tables ■■ Undo or redo user transactions ■■ Browse current log information ■■ Export the log records to SQL Server tables ■■ Execute a SQL Script To get details on how to implement each of the previously mentioned functions, you should refer to the Help files that are shipped with the Log Explorer product. More Information The Log Explorer can be used as a stand-alone product or it can be an enter- prisewide solution. You will need to evaluate the number of users that need to use the product and the number of servers that the users need to view. You can get more information about this product at the Lumigent Web site, www.lumigent.com. Lumigent offers a free, 30-day trial copy of the Log Explorer as well as several testimonials of the product. Additionally, Lumigent has done an excellent job of citing case studies as examples of how their product can be used. The cost is low, and the first time you need the product to back out of changes or review application and user errors you will appreciate the product. Best Practices ■■ Evaluate your auditing needs. If you need to enhance the auditing of your current system, you may want to consider an additional product to help with the process. ■■ Start evaluating a couple of log analyzer tools. They are invaluable when you need to reverse an action or recover a deleted object. 394 Appendix B 395 This appendix gathers all of the review questions at the end of each of the book’s chapters in one place and provides answers for them. In some cases, your own answers may vary slightly from the answers provided in this appendix. Chapter 1: Introducing SQL Server Security 1. Why is security critical to application design? A critical part of application design is determining the requirements of the system and users who will be accessing the database. The application design should include the following types of security concerns: ■■ The required level of auditing. ■■ The method in which users will connect to SQL Server (Windows Authentication versus SQL Server Authentication). ■■ The permissions that users will require to the database objects. Answers to Review Questions CHAPTER C ■■ The types of statements that will be run to perform the work against SQL Server. The primary issue here is whether or not stored procedures will be used for data access and manipulation. 2. What are the advantages to Windows Authentication over SQL Server Authentication? ■■ The user authentication process is encrypted. ■■ Groups can be allowed access to SQL Server to simplify SQL Login management. ■■ Users don’t have to maintain multiple accounts. They use the same account for both SQL Server access and Windows domain access. 3. Why would you need to implement SQL logins? Logins are the objects that allow access to SQL Server. Without a valid login, a user cannot connect to SQL Server. 4. What is the purpose of a role? Roles are used to group database users. You can give a role permis- sions just as you would a user. Roles are an easy way to assign per- missions to multiple users. 5. Who should own all database objects? The DBO. 6. What are the advantages of using stored procedures? Stored procedures increase performance, offer security, and supply a consistent application framework that can be used to standardize error messages and increase code reusability. 7. Why would you use an application role? Application roles can isolate one application from another. They are beneficial in restricting access for a database to an application instead of a specific user. 8. What are Data Transformation Services (DTS)? Data Transformation Services is the set of tools and services sup- plied with SQL Server that are used to transfer data. 396 Appendix C 9. What are the primary concerns of replication security? Replication security is controlled primarily through the configura- tion of the SQL Server Agent service account. If this is configured properly on all servers involved in replication, the administration of replication security should be minimal. 10. What is the SQL Profiler tool? SQL Profiler captures the events occurring within SQL Server. It can be very beneficial for auditing server activity and security access. Chapter 2: Designing a Successful Security Model 1. Why do you need a test server? A test server should be implemented with a security model that is identical to that of the production server. The test server provides a layer between the development server and the production server. You will be able to test your applications for security concerns prior to deploying them to the production server. This increases the likeli- hood of a successful deployment to production. 2. Why is it important that the test and production server have a matching security configuration? If they have a matching security model, you will be able to resolve all security-related issues before the application is deployed to pro- duction. 3. What is the purpose of the Clustering service? The Clustering service is used to create a fault-tolerant data storage solution. If a server goes down, the Clustering service can failover and move the responsibilities for processing an application to another server. 4. As a DBA, why is it important to know the role of each database and application? Your troubleshooting skills will be enhanced if you know the purpose of the database and application. It is also helpful if you review the Transact-SQL statements that are used for access to your databases. Answers to Review Questions 397 5. Why would you use multiple instances of SQL Server on a single server? Multiple instances of SQL Server can be used to isolate one applica- tion from another. Each instance of SQL Server has its own SQL Server and SQL Server Agent services. Each instance also has its own security model. You can deploy multiple applications on a sin- gle computer and isolate them as though they were installed on sep- arate machines. 6. What is the difference between the Enterprise Edition of SQL Server and the Standard Edition of SQL Server? The Enterprise Edition of SQL Server provides the following secu- rity-related advantages over the Standard Edition of SQL Server: ■■ Clustering services ■■ Log shipping ■■ Federated Database Servers (Distributed Partitioned Views) 7. Why is documentation of your security design so important? Documentition is esential to ensure that everyone who is using SQL Server understands the core of your security design. It will help ensure that applications that are purchased or created adhere to the current requirements. Chapter 3: Exploring Initial Security Parameters 1. What is the purpose of the SQL Server Agent service? The SQL Server Agent service handles the SQL Server automation processes. The automation processes include jobs, operators, alerts, and e-mail integration for notification status of events. 2. What is a service account? A service account is a Windows account that a Windows service uses for its startup process. The account is also used as the security cre- dentials for the service. For SQL Server you should have a service account for the SQL Server service and the SQL Server Agent ser- vice. In most cases, these two services use the same account. 3. Why should you use a domain user account for your service account? 398 Appendix C [...]... instances of SQL Server can be used to isolate one application from another Each instance of SQL Server has its own SQL Server and SQL Server Agent services Each instance also has its own security model You can deploy multiple applications on a single computer and isolate them as though they have been installed on separate machines 7 What is the purpose of the SQL Server service? The SQL Server service... for all servers that are running SQL Server 4 What is the purpose of a server group in Enterprise Manager? A server group organizes the servers you have registered in Enterprise Manager 5 What permissions are required in order to install a SQL Server instance? To install SQL Server you must be a member of the local administrators group 6 Why would you want to create multiple instances of SQL Server. .. analyzer tools, 385 Log Explorer (Lumigent), 392–94 logical architecture, transaction logs, 309 10 login instances of SQL Server, 53 passwords, 6 usernames, 6 login accounts built-in, 98–99 database users, 105 –6 SQL Server, 102 –3 sysxLogins system table, 103 –4 Windows, 99 100 login security, 85–86 best practices, 110 See also authentication; encryption Log On As a Service, domain user accounts, 70 logs transaction... been certified as C2-compliant For 411 412 Appendix C your server to meet the C2-compliant security level, you must have C2-Mode auditing enabled 2 What is a SQL Trace? A SQL Trace captures SQL events performed against the SQL Server It is similar to a recorder The trace results can be stored in either a file or a SQL Server table 3 What are the SQL Profiler templates used for? Profiler templates are... and user processes I I The SQL statement of a given process I I Processes that can be killed Chapter 14: Creating an Audit Policy 1 What is C2-Mode security? The U.S National Security Agency (NSA) created the C2 security rating as a standard to rate the security of a server This standard evaluates all levels of software from the application to the operating system SQL Server 2000 has been certified as... handles all data interaction and query processing If the SQL Server service is stopped, you do not have access to your SQL Server Chapter 4: Establishing Login Security 1 What are the advantages to Windows Authentication over SQL Authentication? I I The user authentication process is encrypted I I Groups can be allowed access to SQL Server to simplify SQL Login management I I The users don’t have to maintain... connection to the server A standard connection uses SQL Server authentication and requires a username and password 6 What is Java Database Connectivity (JDBC)? Java Database Connectivity (JDBC) is based on the industry standard ODBC 413 Index A access, 5 access checks, security level setting, 188–89 application design and, 134 databases, 104 stored procedures, 106 users, 105 –6 SQL Server Authentication,... access See access; database access database access, 104 stored procedures, 106 users, 105 –6 database developer, functions, 47–48 Database Maintenance Plan Wizard, log shipping and, 238–45 database owners See ownership, database objects database roles, 106 –7 fixed database roles, 107 –8 OLAP security, 296–97 public roles, 107 user-defined roles, 108 10 databases objects, copying, DTS, 265–66 OLAP, 281–82... 62–65 multiple instances of SQL Server, 51–53 physical, requirements, 48–62 desktop architecture, nonclient /server, 178 destination servers, log shipping, 237–38 source server role, 239 Developer Edition, SQL Server design and, 51 development server, 39 DHCP (Dynamic Host Configuration Protocol), installation and, 43 difficult integration, 182 dimensions, cubes, 290 dimension security, OLAP, 299–301 dimension... ownership chains Using the DBO can help minimize permission management in SQL Server Chapter 7: Implementing Front-End Application Security 1 What additional security options can be supplied from the Server Network Library Utility? Secure Sockets Layer (SSL) and the SQL Server port number for the server are configured through the Server Network Library Utility 2 Why would you ever have to configure the . instances of SQL Server can be used to isolate one applica- tion from another. Each instance of SQL Server has its own SQL Server and SQL Server Agent services. Each instance also has its own security. Edition of SQL Server and the Standard Edition of SQL Server? The Enterprise Edition of SQL Server provides the following secu- rity-related advantages over the Standard Edition of SQL Server: ■■. instances of SQL Server can be used to isolate one applica- tion from another. Each instance of SQL Server has its own SQL Server and SQL Server Agent services. Each instance also has its own security