Database auditing refers to tracking the use of records and authority. When auditing a database, each operation is monitored and logged to an audit trail, including when or which information on database object or data record that was used. Nonetheless, not all audit logs have the same value to the auditors, as they require logs that display the information in a significant and contextual style.
Database Audit
Together with events log best practices, there are several related tasks that should be added into any routine server best practice check.
This checklist has been thought to provide a head-start for preparation ahead of a server audit.
Audit Preparation:
- Record necessary information about whoever is performing the server audit.
Pre- Audit System Maintenance:
- Uninstall unused programs on Windows and Linux: It's also a good idea to keep only the most necessary software installed on your servers, as any third-party install is a potential backdoor for malicious actors.
- Install the latest service packs and patches: Microsoft distributes bug fixes for their products in service packs, including system administration tools, updates for system drivers, and additional components all bundled together.
Audit Privileges and Access:
- Check the server privilege level: Make sure that the SQL Server is running on the least-privileged local account level.
- Clean up old accounts: Accounts that are no longer in use pose considerable security threats because they do not keep up with updated security standards. It's a good idea to delete accounts that have not been used in more than a month.
- Restrict group access: Thoroughly watch and track which groups have access to what, mainly when using large generic "Everyone" groups.
- Make sure login restrictions are applied
- Control administrator settings: The admin account should be renamed, and passwords reset periodically.
- Eliminate all non-essential users from the administrator group.
Data protection during your audit:
- Encrypt sensitive data files
- Remove unnecessary shared folders
Database Server Security during your audit:
- Disable all protocols except TCP/IP: Make sure only the necessary protocols are enabled; usually, TCP/IP is adequate.
- Configure server ports: Proper port access configuration is an important security measure for any database server.
Database Events Logs:
- Check SQL Server login audit: Any failed login attempt can mean a malicious attempt to access the system.
- Check system event log configuration: Once all relevant actions across the network are included in the logs, take all the necessary measures to make sure that they are securely and adequately stored.
- Create a new SQL Server Audit: Generate an SQL Server Audit object using SQL Server Management Studio, a configurable tool for handling all sorts of server events. Your recently created audit should instantly appear in the "Audits" section of the Object Explorer window. It is disabled by default, so you would need to enable it.