Reverting your SQL Server database back to a specific point in time

Introduction

There are certain circumstances in which you may need to roll back your database to a specific point in time. There may be various reasons why this could be necessary but it is usually related to the execution of accidental or malicious DML or DDL statements. For example:

November 20, 2013

How to set up and use SQL Server Audit

In the previous part of the SQL Server auditing methods series, SQL Server Audit feature – Introduction, we described main features of the SQL Server Auditfeature – its main characteristics, what events it can audit and where the audit information is stored. We also explained two levels of auditing – the database-level and server-level, and three components necessary for using the feature – the SQL Server audit object, database audit specification, and server audit specification

November 17, 2013

How to audit your auditing in SQL Server – tracking when triggers are disabled

SQL Server auditing triggers are mostly used to maintain the integrity of the information on a database, or to provide an auditing trail of data changes. A trigger is a special type of a database object which is automatically executed upon certain conditions – e.g. actions performed by the user. What auditing triggers must provide while auditing data changes are answers to the following forensic questions:

November 6, 2013

SQL Server Change Data Capture (CDC) – Introduction

In the previous part of this series, How to read SQL Server Change Tracking results, we described SQL Server Change Tracking – its features, how to use it, and how to read the results. We also showed examples of the captured records. If you need to know is whether the row has been changed or not, the type of the last change, and which column was changed, without the details (old and new values, who, and when) about the change, then SQL Server Change Tracking is not the right auditing solution for you

November 1, 2013

What is SQL Server Change Tracking and how to set it up?

SQL DBAs are sometimes confused by the differences in SQL Server Change Tracking and Change Data Capture features. Not only can their names be mixed up, but also feature specifications. The goal of this series is to present each of 3 SQL Server auditing features (Change Tracking, Change Data Capture and SQL Server Auditing) and ApexSQL Audit – a complete third-party solution. We will show their features, similarities, differences, advantages, and disadvantages in order to help users determine the right tool for their auditing requirements

October 23, 2013

How to audit SQL Server to comply with Basel II

What is Basel II

The Basel Capital Accord Basel II a set of international banking standards based on three mutually reinforcing pillars, issued by the Basel Committee on Banking Supervision in June 2004. It’s an improvement of the Basel I Accord, and it introduces a new approach to data management

Pillar 1 – minimum capital requirements – defines the minimum capital required to cover the risks that the bank might encounter. To put it simply – the financial institutions are required to have enough cash to cover potential risks.

October 16, 2013

Audit failed SQL Server logins – Part 1 – distributed queries, brute force attacks, and SQL injections

Failed SQL Server logins are common in various scenarios. Accidently mistyped credentials (user name or password), changed permissions, or expired password are some of the benign reasons for failed SQL Server logins. On the other hand, there are malicious failed logins – unauthorized attempts to access confidential data stored on a SQL Server instance, that are more of a concern

October 10, 2013

SOX survival kit for the SQL Server DBA

The Sarbanes–Oxley Act of 2002, Sarbanes–Oxley, Sarbox, or SOX is a US federal law “written by lawyers for lawyers”. It’s a regulation created to improve the quality and integrity of financial reporting, and ensure the financial and business information is factual and accurate.

October 4, 2013