Re: Securing Data

From: Sue Hoegemeier (Sue_H_at_nomail.please)
Date: 01/28/05

• Next message: Sue Hoegemeier: "Re: permissions gone missing in sysprotects"
• Previous message: Sue Hoegemeier: "Re: Cannot access my SQL Database"
• In reply to: Robert Cohen: "Securing Data"
• Next in thread: Don Grover: "Re: Securing Data"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 27 Jan 2005 18:56:28 -0700

One option if you are running SQL Server 2000 is to turn on
C2 auditing to monitor who changes what. See books online
for more information.
You can also find more information on C2 auditing at:
http://www.microsoft.com/technet/archive/security/news/c2eval.mspx
The other SQL Server security links are available at:
http://www.microsoft.com/sql/techinfo/administration/2000/security/default.asp

You can also remove the builtin\administrators group:
NF: How to impede Windows NT administrators from
administering a clustered instance of SQL Server
http://support.microsoft.com/?id=263712

-Sue

On Thu, 27 Jan 2005 12:06:03 -0500, "Robert Cohen"
<dont@want.spam.com> wrote:

>Hello All,
>
> Our organization is developing an electronic medical record for our
>organization using ASP and SQL. The issue we are stuck at is how to ensure
>the data hasn't been tampered. Obviously we can protect the data from our
>regular users. But how do you protect it from the network administrators?
>We want to be able to attest in court that the database hasn't been
>modified. So I am curious how others are handling this issue. I see all
>this stuff like digitial certificates and things like that, but am unsure
>what is best (ideally we don't want have to buy certificates for each entry
>into the database).
>
>Please help.
>
>--
>Robert Cohen
>A legend in his own mind

• Next message: Sue Hoegemeier: "Re: permissions gone missing in sysprotects"
• Previous message: Sue Hoegemeier: "Re: Cannot access my SQL Database"
• In reply to: Robert Cohen: "Securing Data"
• Next in thread: Don Grover: "Re: Securing Data"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Full Text Indexing on Microsoft SQL Server 2000 with Windows XP Pro ... I went in there and I found the Auditing level set to None which ... > Editions of SQL Server 2000"). ... >> I am not seeing any unusual messages in the Event Viewer also. ... (microsoft.public.sqlserver.programming) Re: Tracing sql server user logins ... Now for your question: base auditing ... > GroupName sysname NULL, ... SQL Server does not audit by ... >>Failure causes only failed login attempts to be audited. ... (microsoft.public.sqlserver.security) Re: Question on C2 Log ... I am now analyzing the trace, ... >> auditing all logins no matter it is successfully or failed? ... >> Audit Level you wanted. ... click SQL Server and Windows. ... (microsoft.public.sqlserver.security) Re: failed login attempts ... The Hostname of the client computer is captured (for sure in ... You can indeed turn on failed login auditing via a ... You can also capture this information with ... Microsoft SQL Server doesn't have built-in failed logins ... (microsoft.public.sqlserver.security) RE: SQL Worm ... You may want to enabling login auditing in SQL Server. ... Also to identify the culprit process/workstation you can use the ... (microsoft.public.sqlserver.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint