December 14, 2015 at 10:08 am
Does anyone know of a utility software that will look through a database for security concerns. Maybe looking for PCI, HIPAA, or other best practice issues?
We from time to time will pickup software development jobs and need to do a "quick" assessment of a Database for it's security practices. It would be nice to have something that looks at some basic standardizations, regulations and concerns.
Thanks for any insight.
December 14, 2015 at 11:32 am
To start, you want all accounts to be operating under least privilege. Look at what logins have sysadmin, dbo, or db_datareader access. The following script will lust what accounts, domain groups, and members have admin membership.
http://www.sqlservercentral.com/articles/Security/76919/
It's also a good idea to have PHI columns encrypted and to know what stored procedure return PHI columns, but other than going by the column name, there is no sure way to identity what columns might contain PHI.
select * from information_schema.columns
where column_name like '%SSN%'
or column_name like '%DOB%'
or column_name like '%name%'
or column_name like '%phone%';
SELECT ROUTINE_NAME, ROUTINE_DEFINITION
FROM INFORMATION_SCHEMA.ROUTINES
WHERE ROUTINE_TYPE='PROCEDURE' AND
(
ROUTINE_DEFINITION like '%SSN%'
or ROUTINE_DEFINITION like '%DOB%'
or ROUTINE_DEFINITION like '%name%'
or ROUTINE_DEFINITION like '%phone%'
);
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
December 15, 2015 at 5:16 am
Idera have a tool called Compliance Manager, might be worth checking out.
'Only he who wanders finds new paths'
December 15, 2015 at 8:48 am
The best tool for identifying and protecting PHI is a comprehensive and accurate Data Dictionary. For example, both an automated tool and a developer can easily overlook the fact that a column DEPSSNM VARCHAR(30) contains the dependent's social security number.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply