August 22, 2009 at 4:10 pm
Comments posted to this topic are about the item Two Factor Authentication
August 24, 2009 at 3:57 am
In SS2008 there is the Auditing feature. You can document activities that occur on the database through that option.
August 24, 2009 at 4:10 am
JohnMagnabosco (8/24/2009)
In SS2008 there is the Auditing feature. You can document activities that occur on the database through that option.
The question is whether certain IDs can elimiante records related to the auditing. I like Steve's idea of certain actions requiring two users to implement, and with auditing that can't be defeated. In my world, we have certain ID's that have to be checked out of a system for use. The system that keeps the passwords has a feature to check out half a password to each of two people. Vertain actions require two people, and they each enter half the password to log the privileged ID into the system. The two users then watch each other to make sure nothing untoward happens. Cumebrsome, but it works.
August 24, 2009 at 4:30 am
The "two person to launch" approach is an excellent one; but as for automatic documentation the Auditing feature of SS2008 is a good option. The log can be secured so that the DBA cannot modify the results. It can even be written to the Windows Event Log if you choose.
August 24, 2009 at 4:52 am
Wouldn't you need to build your own sql admin interace to the server and restrict access to SQL tools?
Otherwise how else would you instruct the server to "hold fire" on an SA's requests given an SA's unlimited capabilities?
August 24, 2009 at 6:26 am
problem I see here is overnight support. What if you need to perform an auditable function whilst on-call to resolve an issue? Two DBAs will need to be contactable. The delay might not be acceptable.
Also what happens when people go on holiday?
---------------------------------------------------------------------
August 24, 2009 at 6:55 am
I think this would be a good option for high-security systems. I don't think it will fly in most small businesses.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
August 24, 2009 at 8:02 am
GSquared (8/24/2009)
I think this would be a good option for high-security systems. I don't think it will fly in most small businesses.
I would have to agree with GSquared on this one. I work for a relatively small business (200+ employees) that is 24/7. There are only three people in IT and only two of us really understand the database. If one is on vacation... well, you get the idea.
We do make every effort to communicate with each other via email about changes to the DB. Even though our offices are within speaking distance, the email creates a documentation trail that we can reference. Of course, this doesn't keep us from purposely doing something bad, but it does help us remember what we have done.
The solution needs to be sized in relationship to the business/DB in question.
August 24, 2009 at 8:10 am
GSquared (8/24/2009)
I think this would be a good option for high-security systems. I don't think it will fly in most small businesses.
Some of this depends on the regulatory requirements as well. A small business that has to meet some regulatory or contractual requirements may have to come up with the resources necessary to properly segregate duties. Organizations that have hundreds of servers probably have enough staff to do dual factor activities.
August 24, 2009 at 8:24 am
It's harder in small businesses, but with remote connectivity, it shouldn't be too hard to implement. I wouldn't necessarily think this would be used constantly unless you had a really tough regulatory environment where you had to approve lots of actions.
However, as I mentioned, I think this could be a non-technical person. It's not that you need someone that understands completely what's happening, but that they know of what's happening. I'd have given my VP of Sales (my boss) this in one job. He could ask if I really needed to add a sysadmin and get a reasonable explanation, or not, and then make the decision. At that place I was the IT guy, and one jr programmer, so for me it would have been a great backstop that memory changes, big security changes, etc. would be in his mind if I left unexpectedly. He could lightly brief the next IT guy.
August 24, 2009 at 9:12 am
I work in big shops--banks, insurance companies and government. Currently, there is so much red tape in order to accomplish the smallest task, I would be leery of any changes which increased the red tape.
Essentially, the issue is --- should I discipline myself and my team by preparing for and documenting big changes in a professional manner, or should I have a system which forces me to prepare for and document big changes to a database?
Remember, once a security hurdle is put in place, it rarely is withdrawn--the noose just gets tighter.
Given the choice, I would prefer to address issues of security and documentation with database team procedures--which are properly discussed and agreed upon by the team--then implemented in a professional manner.
August 24, 2009 at 9:26 am
george sibbald (8/24/2009)
problem I see here is overnight support. What if you need to perform an auditable function whilst on-call to resolve an issue? Two DBAs will need to be contactable. The delay might not be acceptable.Also what happens when people go on holiday?
For overnight issues, you could allow the single admin to implement it, with logging of activities which need to be approved the next morning. With the proper auditing/logging system in place it should be possible to implement a rollback if a change was not approved.
For holiday/vacation times, you would need to have something set up to cover those days anyway, wouldn't you?
August 24, 2009 at 9:40 am
codemaster_7 (8/24/2009)
I work in big shops--banks, insurance companies and government. Currently, there is so much red tape in order to accomplish the smallest task, I would be leery of any changes which increased the red tape.Essentially, the issue is --- should I discipline myself and my team by preparing for and documenting big changes in a professional manner, or should I have a system which forces me to prepare for and document big changes to a database?
Remember, once a security hurdle is put in place, it rarely is withdrawn--the noose just gets tighter.
Given the choice, I would prefer to address issues of security and documentation with database team procedures--which are properly discussed and agreed upon by the team--then implemented in a professional manner.
I prefer the system to enforce the controls, otherwise there is a much higher chance the controls will not function as intended. System controls are much more reliable than depending on humans.
For high risk systems, there are numerous reasons why the red tape exists. A system enforced, well documented process ensures that changes and new implementations do not go into production without appropriate testing, change management, risk assessment and mitigation, and appropriate approvals, thus minimizing the chances for nasty surprises.
August 24, 2009 at 9:52 am
Gotta watch out for those "rouge" administrators, after all there's a "rouge" under every bed!
I think you meant "rogue". 😛
August 24, 2009 at 10:54 am
jpowers (8/24/2009)
george sibbald (8/24/2009)
problem I see here is overnight support. What if you need to perform an auditable function whilst on-call to resolve an issue? Two DBAs will need to be contactable. The delay might not be acceptable.Also what happens when people go on holiday?
For overnight issues, you could allow the single admin to implement it, with logging of activities which need to be approved the next morning. With the proper auditing/logging system in place it should be possible to implement a rollback if a change was not approved.
For holiday/vacation times, you would need to have something set up to cover those days anyway, wouldn't you?
I thought the editorial was about requiring two people to approve an action before it could be actioned, rather than auditing after the event. Allowing a single person to do the same actions just because its overnight seems to defeat the purpose. Same goes for holidays if you only have two DBAs and a holiday leaves you with only one.
Somewhat surprised more people have not seen this as overkill. Does anyone out there actually do this?
---------------------------------------------------------------------
Viewing 15 posts - 1 through 15 (of 20 total)
You must be logged in to reply to this topic. Login to reply