June 7, 2010 at 9:47 am
How do you feel about monitoring database activity from the network level for compliance? Do you currently do this via an appliance, and how is it working out for you? Pros/Cons?
Thanks.
June 7, 2010 at 10:39 am
lorisj33 (6/7/2010)
How do you feel about monitoring database activity from the network level for compliance? Do you currently do this via an appliance, and how is it working out for you? Pros/Cons?Thanks.
What compliance would you be referring (HIPS, PCI, DoD)? I work mainly with DoD compliance but have worked with PCI and there was no real requirement for monitoring network traffic going in and out of a database; mostly ensuring that the communication channel was secure and logging who accessed it. Which DoD just cares about protocols enabled at the server level and what ports are opened. PCI that I can remember needed something stating that SQL Server communication channels were secured, and data access was restricted at the database level (which it all depended on what data was being stored as to what level of security was required), at least what I recall.
Shawn Melton
Twitter: @wsmelton
Blog: wsmelton.github.com
Github: wsmelton
June 7, 2010 at 12:36 pm
Thanks Shawn. For our situation it's for HIPAA data. We are looking into NitroSecurity, and a few others, and I wondered who else was using network data capture techniques that are not already built into SQL Server (2008). We currently have mostly SQL 2005 but a couple of 2000 servers that need to be migrated yet. We could also setup the auditing features in 2008 when we get there, but we're not there yet. I'm use to hardening SQL Server itself, but haven't dealt with capturing who's looking at what data over the network activity analysis. I'm breaking into new territory.
June 7, 2010 at 1:36 pm
Ah HIPAA is such a great tool for job security:-D
I know the previous employer I was at we looked at a few applicances for central logging, but don't recall the vendors. I know there are plenty of people on this forum that deal with HIPAA that should be able to lend a suggestion.
Shawn Melton
Twitter: @wsmelton
Blog: wsmelton.github.com
Github: wsmelton
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply