The key to auditing your data is having the knowledge
of who is accessing your data, or who is trying to break-in and steal your
data. Break-ins or attempted break-ins are not the only thing you need to
worry about tracking. You also need to monitor inappropriate use by those
individuals that do have legitimate access to your data. Another area to be
concerned about is to make sure your administration staff are not making
inappropriate configuration changes.
SQL Server 2008 Enterprise addition now includes a
robust audit mechanism built into the database engine. The new SQL Server Audit
capabilities provide more flexibility and granularity to what you can audit.
SQL Server Audit was design with the following things in mind:
·
Audit feature, and its objects, must be truly secure
·
Performance impact must be minimized
·
Audit feature must be easy to manage
·
Audit-centric questions must be easy to answer
The audit functions
within SQL Server 2008 are fully manageable from within SQL Server Management
Studio, through SQL Management Objects (SMO) and/or Transact-SQL DDL. This
allows you the capability to programmatically manage the auditing
functionality using Transact-SQL scripts or using SMO.
Auditing of SQL
Server is made up of three main audit objects. There is the “Server Audit”
object, which defines the target of the audit, which can be a file, the Window
Application or Security Log. The “Server Audit Specification” object describes
what needs to be audited at the server level. The “Database Audit
Specification” object identifies what needs to be audited at the database
level. You use all of these to provide your set of audit specifications.
This white paper dives in and describes in detail all of these different
objects. Along with this, there is a technical architecture discussion on
auditing, that touches on permissions and the performance consideration of using
the new auditing aspect of SQL Server 2008.
The new auditing
feature of SQL Server 2008 provides robust and comprehensive auditing
capabilities for an enterprise. These new audit features perform much better
than the older SQL Trace method. If you have not been doing auditing or have
been using the audit features of older versions you owe it to yourself to read
this white paper to better understand how SQL Server 2008 can meet your audit
requirements.