Best Practices for Deployment of SQL Compliance Manager

Similar documents
SQL Server Solutions GETTING STARTED WITH. SQL Secure

Basic knowledge of the Microsoft Windows operating system and its core functionality.

Administering Microsoft SQL Server Databases

Administering Microsoft SQL Server 2012/2014 Databases

Administering Microsoft SQL Server Databases

Course 6231A: Maintaining a Microsoft SQL Server 2008 Database

Course 6231A: Maintaining a Microsoft SQL Server 2008 Database

Administering Microsoft SQL Server 2014 Databases

CXS Citrix XenServer 6.0 Administration

Microsoft Exchange Server 2007 Implementation and Maintenance

SQL Security Whitepaper SECURITY AND COMPLIANCE SOLUTIONS FOR PCI DSS PAYMENT CARD INDUSTRY DATA SECURITY STANDARD

Synergetics-Standard-SQL Server 2012-DBA-7 day Contents

C Number: C Passing Score: 800 Time Limit: 120 min File Version: 5.0. IBM C Questions & Answers

Managing Oracle Real Application Clusters. An Oracle White Paper January 2002

Maintaining a Microsoft SQL Server 2008 Database (Course 6231A)

Microsoft Administering Microsoft SQL Server 2014 Databases

NETWRIX GROUP POLICY CHANGE REPORTER

Hardware Intel Core I5 and above 4 GB RAM LAN Connectivity 500 MB HDD (Free Space)

INFRASTRUCTURE BEST PRACTICES FOR PERFORMANCE

NETWRIX WINDOWS SERVER CHANGE REPORTER

COURSE 20462C: ADMINISTERING MICROSOFT SQL SERVER DATABASES

20462: Administering Microsoft SQL Server 2014 Databases

Training 24x7 DBA Support Staffing. Administering a SQL Database Infrastructure (40 Hours) Exam

VMware Mirage Getting Started Guide

Expert Oracle GoldenGate

Chapter 10 Protecting Virtual Environments

20462C - Version: 1. Administering Microsoft SQL Server Databases

MS-20462: Administering Microsoft SQL Server Databases

Chapter 3 `How a Storage Policy Works

ForeScout Extended Module for Tenable Vulnerability Management

IronSync File Synchronization Server. IronSync FILE SYNC SERVER. User Manual. Version 2.6. May Flexense Ltd.

CXS-203-1I Citrix XenServer 6.0 Administration

Course CXS-203 Citrix XenServer 6.0 Administration

Course 20764: Administering a SQL Database Infrastructure

Designing Database Solutions for Microsoft SQL Server (465)

Oracle Database Auditing

VMware vfabric Data Director 2.5 EVALUATION GUIDE

On-Premises v7.x Installation Guide

NETWRIX ACTIVE DIRECTORY CHANGE REPORTER

Implementation Quick Guide. EZManage SQL Pro

Oracle Database 12c: Administration Workshop Ed 2

Oracle Database 12c: Administration Workshop Ed 2

ZYNSTRA TECHNICAL BRIEFING NOTE

vsphere Update Manager Installation and Administration Guide 17 APR 2018 VMware vsphere 6.7 vsphere Update Manager 6.7

Oracle Database 11g for Experienced 9i Database Administrators

HP WebInspect Enterprise

User Guide - Exchange Database idataagent

Product Guide. McAfee Performance Optimizer 2.2.0

Administering Microsoft SQL Server 2012 Databases

Cloud Compute. Backup Portal User Guide

Administering vrealize Log Insight. 05-SEP-2017 vrealize Log Insight 4.3

Introduction. How Does it Work with Autodesk Vault? What is Microsoft Data Protection Manager (DPM)? autodesk vault

Version 2.3 User Guide

Microsoft Administering a SQL Database Infrastructure

SQL Server Course Administering a SQL 2016 Database Infrastructure. Length. Prerequisites. Audience. Course Outline.

NETWRIX CHANGE REPORTER SUITE

ORACLE 11gR2 DBA. by Mr. Akal Singh ( Oracle Certified Master ) COURSE CONTENT. INTRODUCTION to ORACLE

MA0-104.Passguide PASSGUIDE MA0-104 Intel Security Certified Product Specialist Version 1.0

File Protection Whitepaper

User Manual. ARK for SharePoint-2007

Oracle Database 12c Administration Workshop

Oracle 12C DBA Online Training. Course Modules of Oracle 12C DBA Online Training: 1 Oracle Database 12c: Introduction to SQL:

Chapter 9 Protecting Client Data

MBS Microsoft Oracle Plug-In 6.82 User Guide

Microsoft Administering a SQL Database Infrastructure.

User s Manual. Version 5

Data Storage, Recovery and Backup Checklists for Public Health Laboratories

6231B - Version: 1. Maintaining a Microsoft SQL Server 2008 R2 Database

Chapter 2 CommVault Data Management Concepts

Best Practices. Deploying Optim Performance Manager in large scale environments. IBM Optim Performance Manager Extended Edition V4.1.0.

Projects. Corporate Trainer s Profile. CMM (Capability Maturity Model) level Project Standard:- TECHNOLOGIES

Acronis Data Cloud plugin for ConnectWise Automate

SafeConsole On-Prem Install Guide. version DataLocker Inc. July, SafeConsole. Reference for SafeConsole OnPrem

Administering a SQL Database Infrastructure (M20764)

Ekran System v Program Overview

DocAve 6 Software Platform Service Pack 1

Citrix XenServer 6 Administration

DocuShare 6.6 Customer Expectation Setting

Administration GUIDE. OnePass Agent for Exchange Mailbox. Published On: 11/19/2013 V10 Service Pack 4A Page 1 of 177

SQL Security Whitepaper SECURITY AND COMPLIANCE SOLUTIONS FOR SARBANES OXLEYANDCOBIT

[AVNICF-MCSASQL2012]: NICF - Microsoft Certified Solutions Associate (MCSA): SQL Server 2012

ForeScout Extended Module for ServiceNow

Splashtop Enterprise for IoT Devices - Quick Start Guide v1.0

File Archiving Whitepaper

Exam 1Z0-061 Oracle Database 12c: SQL Fundamentals

Administrator Guide. Flexible Storage

Purpose. Configuring ARCHIVELOG mode

User Guide - Exchange Mailbox Archiver Agent

DOCUMENTATION. UVM Appliance Azure. Quick Start Guide

The Balabit s Privileged Session Management 5 F5 Azure Reference Guide

Netwrix Auditor for Active Directory

CDP Data Center Console User Guide CDP Data Center Console User Guide Version

Administering a SQL Database Infrastructure

Administering Microsoft SQL Server 2012 Databases

Veeam Agent for Microsoft Windows

Upgrade Guide. Upgrading to EventTracker v6.4 b50. Upgrade Guide Centre Park Drive Publication Date: Feb 17, 2010.

"Charting the Course... MOC C: Administering an SQL Database Infrastructure. Course Summary

Database: LABEL ARCHIVE Server is compatible with Microsoft Access, SQL Server 2005/2008, and Oracle 10 or higher.

Maintaining a Microsoft SQL Server 2005 Database Course 2780: Three days; Instructor-Led

Getting Started. 05-SEPT-2017 vrealize Log Insight 4.5

Transcription:

Best Practices for Deployment of SQL Compliance Manager Table of Contents OVERVIEW/PURPOSE...2 REQUIRED LEVEL OF AUDITING...2 SQL COMPLIANCE REPOSITORY SQL SETTINGS...2 CONFIGURATION SETTINGS...3 CAPTURED DATA BASELINE/SQL STATEMENT STORED... 3 ARCHIVE AND DATA RETENTION... 3 REPORTING... 4 LOGINS... 4 BACKUP AND RECOVERY... 4 PRODUCTION IMPLEMENTATION...4 ROLL-OUT... 4 ALERTING... 4 FILTERING... 5 CREATING AUDIT EVENT FILTERS...5 SQL Compliance Manager Deployment Best Practices Page 1

Overview/Purpose This document deals with the best practices of implementation and deployment of Idera s SQL Compliance Manager. The information in this document is to be used as a reference. Since each production environment has its own challenges, it is best to evaluate each rollout in a realistic test environment before production launch. Required Level of Auditing It is important to balance what is required to be audited and the hardware resources available, or you may be inundated with data and it will be difficult to follow the audit trail: Determine the appropriate methodology of auditing. Compliance Manager can audit based on the instance, database, and table (for DML and Select activity). You can also limit the auditing to specific users on the privileged users tab. What are the auditing requirements for data collection? For instance do you need to collect all failed logins, security changes, DDL, DBCC, etc? In order to get a clear concise audit trail, it is recommended to limit the audit data collected to the minimal amount required for both external auditing and internal controls. It is also recommended to limit Select and DML auditing to specific tables. If appropriate audit stored procedures, indexes and views. Auditing system tables usually adds higher overhead and can make it more difficult to follow the audit trail due to collecting large amounts of data on SQL system specific transactions. SQL Compliance Repository SQL Settings To optimize the performance of the SQL Compliance Manager repository, it is recommended to modify some of the SQL server settings. Tempdb Setting Guidelines Autogrow File 25% Growth 200 MB Space Allocated SQL Compliance Manager Deployment Best Practices Page 2

The above is a guideline and makes the archive process more efficient. In larger environments, it may be necessary to increase the TempDB size to 500 MB or more. By default, tempdb auto grows as needed while SQL Server is running. Unlike other databases, however, it is reset to its initial size each time the database engine is started. If the size defined for tempdb is small, part of your system processing load may be taken up with auto-growing tempdb to the size needed to support your workload each time to restart SQL Server. Model Database Setting Guidelines Autogrow File 25% Growth Simple Mode (optional: switch to full mode in order to ensure redundancy) 200 MB Space Allocated The above is a guideline and makes the creation of new databases more realistic in larger environments. In larger environments, it may be necessary to increase the ModelDB size to 500MB or more. This is critical as well because the model database is the template used by Microsoft SQL Server when creating other databases, such as tempdb or user databases. When a database is created, the entire contents of the model database, including database options, are copied to the new database; the default size is.75mb which is typically too small. Configuration Settings To optimize compliance manager, it is imperative to adjust some of the configuration settings such as SQL statement stored, Archive and Retention, Reporting, Logins, and Backup/Recovery. Below are examples of how this is completed. Captured Data Baseline/SQL Statement Stored Once the auditing settings have been completed, collect data for 7 days to get a baseline of how much data will be collected for each database. Typically each event is approximately.5kb to 1.5 KB depending on the audit settings. An estimate to calculate storage requirements: 1 million events will roughly equal 1GB of data. If the SQL statements are selected to be captured, the default length of the statement stored is 512 characters, if this is increased this will increase the size of the data. Archive and Data Retention Based on the amount of data collected, determine the most appropriate interval to archive the data. It is recommended to perform archive actions during quiet times within your environment. Based on the requirements of the compliance officer or security officer, adjust the archive event period appropriately (monthly, quarterly, or annually). SQL Compliance Manager Deployment Best Practices Page 3

Reporting It is recommended to have reporting services installed on a separate server. Configure the users that will have read only rights to view the captured data. Logins Application permissions are available within SQL Compliance Manager. To provide the best security, grant view audit data permission to those users that should not be making configuration changes. Backup and Recovery Implement a backup schedule for the databases containing audit information. Using Idera s SQL Safe Backup product, you can easily backup old archive databases and take them offline. This will assist with saving disk space as well as encrypting the data. For more information on backing up the events database please refer to the SQL Compliance Manager User Guide. Production Implementation Roll-Out Since the auditing of SQL server is very environment specific and depending on the load on the SQL servers, transactions audited, and hardware configuration, it is recommended to perform a phased roll-out. The phased roll-out should start with installing the Compliance Manager repository and collection server on server hardware that is sufficient for the specific audit requirements. It is recommended to dedicate this server only to be the Compliance Manager server. Once compliance has been configured, it is advisable to register new audited SQL servers in groups of five and have compliance run and collect events and evaluate the load of the Compliance Manager server. Typically CPU, Memory, and Disk I/O are aspects of the SQL Compliance Manager Collection server that experience the most performance hit. Once you have determined that the server is not being taxed too heavily you can add another five instances to audit. Alerting SQL Compliance Manager can generate an alert when it finds a suspicious event in your audit data. Alert rules define what a suspicious event is and how SQL Compliance Manager should respond. For example, you can create a rule to alert on DML events that occur on a sensitive database. You can configure SQL Compliance Manager to write a custom alert message to the application event log and send an alert email notification to your corporate and personal SMTP accounts when the alert is triggered. SQL Compliance Manager Deployment Best Practices Page 4

SQL Compliance Manager only alerts on the events you select for an audited SQL Server instance or database. After the Collection Server processes the raw event data sent by the SQL Compliance Agent, the Collection Server uses the criteria defined by your alert rules to search for suspicious events. When a matching event is found, the alert is triggered. If you specified a message for this alert, SQL Compliance Manager saves the alert message in the SQL Compliance repository database. You can view alert messages and the corresponding events using the Alerts view in the Management Console. Depending on the amount of alert activity your environment generates, you may want to groom alert messages on a routine basis. Filtering You can audit event filters to improve scalability, remove unwanted events from the audit data stream, and increase the granularity of your audit settings. Audit event filters determine which collected SQL events should be kept for processing by the Collection Server. Like your audit settings, the audit event filters should correlate with the SQL events you need to track in order to meet your compliance objectives. After receiving the trace files from the SQL Compliance Agent, the Collection Server applies your audit event filters. Any matching events are permanently deleted and eliminated from the data stream. All remaining events are processed for alerts and stored in the appropriate Repository database. Creating Audit Event Filters An audit event filter allows you to exclude specific events from being captured and stored in the repository. This approach helps you collect only the audit data you need. Audit event filters can also help performance by reducing the size of the Repository databases and the processing load on the Collection Server. Event filters are very easy to set up and configure. The filter creation uses a wizard which lets you be very granular in the configuration to ensure only required events are captured. SQL Compliance Manager Deployment Best Practices Page 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback