1 / 12

Content: Purpose Mechanism Difficulty Proposal

Database Security & Audit Proposal. Content: Purpose Mechanism Difficulty Proposal. 1. Purpose. Insure data security and not be modified arbitrarily All operations to Sensitivity data by those who have permissions should be audited.(Contain read/write/…). 2. Mechanism.

lois
Télécharger la présentation

Content: Purpose Mechanism Difficulty Proposal

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Database Security & Audit Proposal • Content: • Purpose • Mechanism • Difficulty • Proposal

  2. 1. Purpose • Insure data security and not be modified arbitrarily • All operations to Sensitivity data by those who have permissions should be audited.(Contain read/write/…)

  3. 2. Mechanism • Database Account & Privileges Control • Database Operation Audit • Data files and Backup files security • Data encryption • Sensitivity Data separation

  4. 2. Mechanism Database Account & Privileges Control • Prod/UAT Server

  5. 2. Mechanism Database Account & Privileges Control • Dev Server

  6. 2. Mechanism Database Audit Method

  7. 2. Mechanism Database Audit Content

  8. 2. Mechanism How to Query Audit Result • Store Procedure: sp_audit_result: Query the audit result in Aud database. [The day before that day ] sp_audit_result_trc: Query the result from trace file. [That day] • User : aud_user • Usage: exec sp_audit_result ‘username’, ‘time’ ----or with no parameter exec sp_audit_result_trc 'username‘----or with no parameter

  9. 2. Mechanism • Data files and Backup files security Infrastructure: Keep the data files directory inaccessible by not related people. Move the backup files to security place at specific time after database backup taken. Audit access or other operations of the users who have permissions to backup/data files. DMS: Encrypt the backup file when backup the database contain Sensitivity data • Data encryption App Team(Optional): Encrypt the sensitivity data columns/Use Keys when design database.

  10. Sensitivity Data separation • ??????????????????Tan Hong ~~`

  11. 3. Difficulty • The sysadmin have all permissions, who should hold Sysadmin? If the sysadmin delete the audit database? • Do Infrastructure monitor the copy operation? If some guys copy the backup file out and …

  12. 4. Proposal

More Related