October 17, 2008 at 4:18 pm
How can we identify unauthorised access to a database?
lets say you have defined all the access to different groups and users but still if there are any unauthorised access, how can we identify or moniter them. can we get any kind of alert when unauthorised personnel access the restricted data.
October 18, 2008 at 10:58 pm
If you mean logging on to the SQL Server, you'll want to turn Audit Failures on. Whenever there is a login failure, it'll get written to both the SQL Server error log and the operating system Application event log. You can turn on alerts to detect the fact that the failure has occurred. Then again, if you have a larger monitoring system like a System Center, you can watch the app event log and alert accordingly.
K. Brian Kelley
@kbriankelley
October 19, 2008 at 9:18 am
it sound's to me like you want to take Brian Kelly's suggestion one step further, and log successful logins as well...i think you are saying everyone is SUPPOSED to connect via a certain group, but some people might be sneaking in the back door as sa or some admin group when they are not supposed to. make sure you log the hostname, so you can track the login to a specific machine, so you can come back to say, Bob on machine XPP003 and make him stop.
Lowell
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply