SQL Secure 관련 정보

SQL Server 내 누구에게 무슨 권한이 있으며 어떻게 권한이 부여되었는지 확인합니다.

Idera SQL secure is a security analysis solution that identifies SQL Server security violations and ensures security policies are enforced. Find out who has access to what and identify each user’s effective rights across all SQL Server objects. Alert on violations of your corporate policies, monitor changes made to security settings, and provide security audit reports as well as recommendations on how to improve your security model.

With SQL Secure you can see who has access to what and how permissions are granted.

  • Identify existing vulnerabilities in your SQL Servers
  • Harden security policies across SQL Servers
  • Rank security levels with the security report card
  • Analyze and report user permissions across SQL Servers
  • Customizable templates for PCI, HIPAA and more

Identify vulnerabilities
Understand who has access to what and identify each user’s effective rights across all SQL Server objects. Drill down by user or group to shed light on areas where security vulnerabilities may exist or have a chance of developing. Use the report catalog to track vul­nerabilities, security changes, and user entitlement over time.

Set strong security policies
View a complete history of SQL Server security set­tings and designate a baseline to compare against future changes, providing a valuable audit trail for forensic analysis.

Prevent Security Violations
SQL secure provides an Idera defined Level 2 security check for balanced intrusion protection that leverages MSBPA and CIS guidelines, and more. The security report card identifies top security vulnerabilities on your servers. Each security check is categorized as High, Medium, or Low Risk. You can drill into each security check to get more detail.

Analyze user permissions
Analyze membership to powerful server roles and groups such as administrators, systems administrators, and security administrators to ensure the level of access is warranted. From a group, see the list of group members and select a member for further analysis. From a user, see the group memberships and drill upwards to view inherited permissions.

Security Templates
We’ve taken the security standards most companies are held accountable to and developed customizable templates to extract the information needed to satisfy security auditor’s requirements. Choose from templates for PCI, HIPAA, and FERPA which leverage guidelines from STIG and CIS.

Security Analysis

  • Effective Rights Analysis - Analysis of users’ effective rights shows you how and where each right is granted, making it easy to pinpoint exactly what changes need to be made in order to close security holes.
  • Database Roles Permissions - View SQL Server role members and sub-roles assigned and their effective permissions.
  • Server Object Settings - Browse and analyze all files, directories and registry settings associated with SQL Server and determine ownership as well as explicit and inherited security rights.
  • Weak password detection - Analyzes password health of SQL Server logins and reports on when passwords are weak or blank which would cause a susceptible to intrusion situation.
  • Surface area and protocols - Identify services, ports, protocols and API's that may allow SQL Server to be attacked by a malicious user. Enables you to understand and standardize which services you really need started or activated in your environment in order to reduce risk.

Security Reporting

  • Pre-defined Policy Templates - Combines the most well known industry standards into 3 distinct levels, (Basic-Balanced-Strong) that define realistic guidelines for protecting SQL Server from the most common intrusion attacks.
  • Reporting Services - Shows details of services such as log-on and configuration.
  • Security Scorecard - Lists potential security concerns on your SQL Servers such as cross-database chaining and allows you to drilldown to view the full details of the diagrammed relationships.
  • History and Baselining - The SQL secure Repository keeps a complete history of SQL Server security settings, providing the ability to designate a baseline to compare against future snapshots to detect changes. This also provides a valuable audit trail for forensic analysis.
  • Powerful Reporting - Built-in standard reports provide detailed information for security auditing and compliance purposes. Produce custom reports detailing the specific information required for SLA’s or perform custom analysis via the data stored on the SQL secure repository. Data can be extracted and imported to Excel.

Enterprise Management

  • Central Console - Provides an easy-to-use single point of control where the user can manage the creation of collection rules and policies, view risks and assessments, monitor collection history, analyze user access rights and much more.
  • Configurable Data Collection - Define exactly what SQL Server security information you want to gather and when. Gathers from SQL Server, OS, File System, Registry and Active Directory.
  • Central Repository - All security data collected by SQL secure is stored in a central repository for easy reporting and forensic analysis.
  • Flexible Views - Use the flexible grid view to audit and analyze user permissions. Sort, group, or export all SQL Server logins in your enterprise. View all users' assigned and effective rights and permissions at the server, database and object level.