2023年8月1日发(作者:)
sql2005关闭c2审核_C2审核–使⽤C2审核模式SQLServer审核和通⽤标准合规性sql2005关闭c2审核This article will cover SQL Server C2 auditing using C2 audit mode including an introduction, comparison of auditingtechnologies, and common criteria compliance本⽂将介绍使⽤C2审核模式SQL Server C2审核,包括简介,审核技术⽐较,配置和通⽤标准合规性介绍 (Introduction)Auditing is a key aspect of an IT system for many reasons such as compliances, troubleshooting, etc. SQL Server hasdifferent possibilities of configuring auditing at different levels. Though there exists different customizable, configurableauditing mechanisms, there needs to have predefined, standard auditing mechanism so that end users need to simplyenable the auditing option.由于诸如合规性,疑难解答等许多原因,审核是IT系统的关键⽅⾯。SQLServer具有在不同级别配置审核的不同可能性。 尽管存在不同的可⾃定义,可配置的审核机制,但仍需要具有预定义的标准审核机制,以便最终⽤户只需简单地启⽤审核选项。不同的审核配置 (Different Auditing Configurations)As indicated before, there are several options for auditing in SQL Server.如前所述,SQL Server中有多个审计选项。OptionServer andDatabase AuditProsConsCustomizable to any granular levelDML/DDL triggers can be implementedfor granular levelA lot of is neededTriggersThe performance will be impactedSystem ViewsSQL ProfilerExtended EventsAvailable out of the boxCustomizable to any granular levelCustomizable to any granular levelLimited Auditing options and most of the time it providesthe current states performance will be urations are needed选项服务器和数据库审核扳机系统视图SQL事件探查器扩展活动优点可⾃定义到任何粒度级别DML / DDL触发器可以实现细化级别开箱即⽤可⾃定义到任何粒度级别可⾃定义到任何粒度级别缺点需要⼤量性能会受到影响受限审核选项,并且在⼤多数情况下,它仅提供当前状态。性能将受到影响。需要配置解 (Solution)C2 Auditing and Common Criteria Compliance are two internationally accepted auditing standards.C2审核和通⽤标准合规性是两个国际公认的审核标准。C2 audit mode is the auditing option that can be used to facilitate auditing standard. By enabling C2 auditing, it allows theadministrator to enable a comprehensive type of auditing, logging. This is named as C2 audit mode because it is logging ofthe form specified by the U.S. Department of Defense regulations to meet the certification at the C2 level of trust. Thoseregulations were specified in a document called the Trusted Computer System Evaluation Criteria, often referred to as the“Orange Book” in the “Rainbow Series.” The Orange Book is now depreciated in favor of the Common eless, is still a commonly used term.C2审核模式是可⽤于促进审核标准的审核选项。 通过启⽤C2审核,它允许管理员启⽤全⾯的审核,⽇志记录类型。 之所以称为C2审核模式,是因为它记录了美国国防部法规指定的形式,以符合C2信任级别的认证。 这些规定在称为“受信任的计算机系统评估标准”的⽂档中进⾏了指定,该⽂档通常在“彩虹系列”中称为“橙⽪书”。 现在,《橙⽪书》已贬值,以⽀持通⽤标准。 尽管如此, 仍然是⼀个常⽤术语。C2 audit mode generally means assigning a unique generated audit ID to each group of related processes, starting at fter, certain forms of system calls performed by every process are logged with the audit ID.C2审核模式通常意味着从登录开始就为每组相关进程分配唯⼀的⽣成的审核ID。 此后,由每个进程执⾏的某些形式的系统调⽤都会⽤审核ID进⾏记录。在SQL Server中配置C2审核 (Configuring C2 Auditing in SQL Server)C2 audit mode feature is available in SQL Server on-premises edition but not in Azure SQL Server Database, Azure SQLData Warehouse and Parallel Data Warehouse. In the case of Azure, there are separate auditing options are available.C2审核模式功能在SQL Server本地版本中可⽤,但在Azure SQL Server数据库,Azure SQL数据仓库和并⾏数据仓库中不可⽤。 对于Azure,有单独的审核选项可⽤。This can be configured in multiple ways. Following is the configuration of C2 Auditing by using the user interface. Under theserver properties, in the Security Tab, the following option can be selected to enable C2 audit mode.可以通过多种⽅式进⾏配置。 以下是使⽤⽤户界⾯进⾏C2审核的配置。 在服务器属性下的“ 安全性”选项卡中,可以选择以下选项来启⽤C2审核模式。In the above Figure, there is another option, Common Criteria compliance which will be discussed later.在上图中,还有另⼀个选项,即“通⽤标准符合性”,将在后⾯讨论。Also, this can be accomplished by T-SQL as well.同样,这也可以通过T-SQL完成。123456789--Enabling C2 Auditingsp_configure 'show advanced options', 1;
GORECONFIGURE;
GOsp_configure 'c2 audit mode', 1GORECONFIGURE WITH OVERRIDE;
GOThe output of this result is followed.跟踪此结果的输出。Configuration option ‘show advanced options’ changed from 1 to 1. Run the RECONFIGURE statement to install.配置选项“显⽰⾼级选项”从1更改为1。运⾏RECONFIGURE语句进⾏安装。Configuration option ‘c2 audit mode’ changed from 0 to 1. Run the RECONFIGURE statement to install.配置选项“ c2审核模式”从0更改为1。运⾏RECONFIGURE语句进⾏安装。SQL Server needs to be restarted for this configuration to effect after the configuration is made.配置完成后,需要重新启动SQL Server才能使此配置⽣效。When the SQL Server instance is started, audit log will be written to trace file in the mssqldata directory for defaultinstances or the mssql$instancenamedata directory for named instances. For example, C:Program FilesMicrosoft ERVERMSSQLDATA is the folder name for traces. The trace file name will have the format ofas audittrace_, where the second part of the name indicates date and time when the trace file wascreated. Since these logs are created in a folder, windows permissions need to be applied in order to secure audit files.启动SQL Server实例时,对于默认实例,审计⽇志将写⼊ mssql data⽬录中的跟踪⽂件,对于命名实例,将写⼊ mssql $instancename data⽬录中的跟踪⽂件。 例如, C: Program Files Microsoft SQL Server ERVER MSSQL DATA是⽂件夹的名称 痕迹。 跟踪⽂件名的格式为audittrace_,其中第⼆部分表⽰创建跟踪⽂件的⽇期和时间。 由于这些⽇志是在⽂件夹中创建的,因此需要应⽤Windows权限才能保护审核⽂件。This trace file can be read from the SQL Profiler tool by opening the profiler tool and opening the trace file.可以通过打开分析器⼯具并打开跟踪⽂件,从SQL Profiler⼯具中读取此跟踪⽂件。Also, the following T-SQL query can be used to retrieve the audit data from traces.同样,以下T-SQL查询可⽤于从跟踪中检索审计数据。12345--Retiving C2 Audited DataSELECT *
FROM ::fn_trace_gettable( 'C:Program FilesMicrosoft SQL ', default )The advantage of this is that the users have the option of joining, filtering or grouping option for better analysis. In case oftroubleshooting, it is much better to import traces to a database table. In the case of database tables, you have the option ofadding indexes to improve the performance.这样做的好处是⽤户可以选择加⼊,过滤或分组以进⾏更好的分析。 在进⾏故障排除的情况下,最好将跟踪导⼊数据库表中。 对于数据库表,可以选择添加索引以提⾼性能。The trace file will have a rollover the size of 200 MB which is fixed and after the SQL Server database engine restarts newtrace file will be created. It is important to note that C2 auditing can consume a huge amount of disk space on an activesystem in a short amount of time. This is due to the fact that every auditing option is stored in the trace file. Also, in thecase of C2 audit mode is failing, SQL Server instance will be shut down. This means that Auditing has the highest priorityover the SQL Server database engine user operations. This means that administrators have to have extra care for the SQLServer systems where C2 auditing is enabled.跟踪⽂件的总⼤⼩为200 MB,这是固定的,并且在SQL Server数据库引擎重新启动之后,将创建新的跟踪⽂件。 重要的是要注意,C2审核会在很短的时间内消耗活动系统上的⼤量磁盘空间。 这是因为每个审核选项都存储在跟踪⽂件中。 另外,在C2审核模式失败的情况下,SQL Server实例将被关闭。 这意味着审核⽐SQL Server数据库引擎⽤户操作具有最⾼优先级。 这意味着管理员必须特别注意启⽤了C2审核SQL Server系统。Also, to disable the C2 audit mode for a temporary basis, you need to restart SQL Server with the –f flag. If SQL Servershut down due to the failure of C2 Auditing, disable C2 audit mode temporary, then disable the C2 auditing after restartingthe SQL Server instance.另外,要临时禁⽤C2审核模式,您需要使⽤–f标志重新启动SQL Server。 如果由于C2审核失败⽽关闭SQL Server,请暂时禁⽤C2审核模式,然后在重新启动SQL Server实例后禁⽤C2审核。A major disadvantage of the C2 audit mode is the performance impact to the SQL Server instance apart from the hugestorage it requires. An advantage of the C2 Auditing is that data is saved in the trace files where backups can be r, since these traces files are stored outside of SQL Server, security needs to be applied in order to protect thetrace files.C2审核模式的主要缺点是对SQL Server实例的性能影响(除了所需的巨⼤存储空间)。 C2审核的⼀个优点是数据被保存在可以进⾏备份的跟踪⽂件中。 但是,由于这些跟踪⽂件存储在SQL Server外部,因此需要应⽤安全性以保护跟踪⽂件。通⽤标准合规 (Common Criteria Compliance)C2 auditing has been deprecated by the Common Criteria specification which was developed by the European Criteria Compliance is internationally recognized set of guidelines for security for information technologyproducts. This is applied to operating systems, Databases, Network Devices and Smart cards etc. Common criteria certifiedproducts have been rigorously evaluated by accredited third party security labs.C2审核已被欧盟制定的通⽤标准规范所弃⽤。 通⽤标准合规性是国际公认的信息技术产品安全性准则集。 这适⽤于操作系统,数据库,⽹络设备和智能卡等。经过认可的第三⽅安全实验室已对通⽤标准认证的产品进⾏了严格评估。This option is available same versions as C2 Audit but Common Criteria Compliance is available in Enterprise and DataCenter editions of SQL Server 2008 R2 and after versions. However, with respect to the SQL Server, if you are complyingwith either C2 or common criteria, the audit result is similar. In the case of Common Criteria Compliance, audited data canbe viewed from system views which is more secure than the C2 audit mode.此选项的可⽤版本与C2审核的版本相同,但SQL Server 2008 R2的企业版和数据中⼼版以及更⾼版本中提供了“通⽤标准合规性”。 但是,对于SQL Server,如果您符合C2或通⽤标准,则审核结果是相似的。 对于“通⽤标准合规性”,可以从系统视图查看已审核的数据,该数据⽐C2审核模式更安全。Similar to C2 Auditing, Common Criteria Compliance can be enabled using the same option of the Security tab of the ServerProperties dialog as shown below.与C2审核类似,可以使⽤“ 服务器属性”对话框的“ 安全性”选项卡中的相同选项来启⽤“通⽤标准合规性”,如下所⽰。This can be done from T-SQL as shown below:可以从T-SQL完成,如下所⽰:--Enabling common criteria compliancesp_configure 'show advanced options', 1;
GO
RECONFIGURE;
GO
EXEC _configure N'common criteria compliance enabled', N'1'GORECONFIGURE WITH OVERRIDEGO
As for C2 Audit, SQL Server needs to be restarted for this configuration to effect after the configuration is made.对于C2审核,需要重新启动SQL Server才能使此配置在完成配置后⽣效。Common Criteria Compliance allows the following to occur:通⽤标准合规性允许发⽣以下情况:Residual Information Protection (RIP)残留信息保护(RIP)The ability to view login statistics查看登录统计信息的能⼒That column GRANT should not override table DENY该列GRANT不应覆盖表DENYThese login statistics can be viewed by querying the _exec_sessions dynamic management view. Last login date timeand last unsuccessful login date time are available in _exec_sessions but is not recorded unless Common CriteriaCompliance is enabled.可以通过查询_exec_sessions动态管理视图来查看这些登录统计信息。 上次登录⽇期时间和上次失败登录⽇期时间在_exec_sessions中可⽤,但除⾮启⽤了“通⽤标准符合性”,否则不会记录下来。Following are the Criteria Compliance related columns in the _exec_sessions DMV.以下是_exec_sessions DMV中与“标准符合性”相关的列。123456SELECT session_id, login_name, last_successful_logon,
last_unsuccessful_logon, unsuccessful_logons
FROM _exec_sessionsIn Common Criteria Compliance, the major advantage is that the auditing data is stored in the database instance r, in Common Criteria Compliance workaround should be applied to keep the historical data as dm_exec_sessionsDMV does not store the historical data.在Common Criteria Compliance中,主要优点是审核数据存储在数据库实例本⾝中。 但是,由于dm_exec_sessions DMV不存储历史数据,因此在“通⽤标准合规性”中应采⽤变通⽅法来保留历史数据。摘要 (Summary)In case of any auditing mechanism, there will be an impact on the performance of the system. By considering theperformance, Common Criteria Compliance is better than C2 audit mode. Also, feature-wise C2 Auditing is better thanCommon Criteria Compliance.如果采⽤任何审核机制,将会对系统的性能产⽣影响。 通过考虑性能,通⽤标准合规性优于C2审核模式。 此外,按功能进⾏的C2审核要⽐“通⽤标准合规性”更好。In case of SQL Server, administrators has the options of enabling both C2 audit mode and Common Criterial Compliance.对于SQL Server,管理员可以选择启⽤C2审核模式和“通⽤标准合规性”。sql2005关闭c2审核
2023年8月1日发(作者:)
sql2005关闭c2审核_C2审核–使⽤C2审核模式SQLServer审核和通⽤标准合规性sql2005关闭c2审核This article will cover SQL Server C2 auditing using C2 audit mode including an introduction, comparison of auditingtechnologies, and common criteria compliance本⽂将介绍使⽤C2审核模式SQL Server C2审核,包括简介,审核技术⽐较,配置和通⽤标准合规性介绍 (Introduction)Auditing is a key aspect of an IT system for many reasons such as compliances, troubleshooting, etc. SQL Server hasdifferent possibilities of configuring auditing at different levels. Though there exists different customizable, configurableauditing mechanisms, there needs to have predefined, standard auditing mechanism so that end users need to simplyenable the auditing option.由于诸如合规性,疑难解答等许多原因,审核是IT系统的关键⽅⾯。SQLServer具有在不同级别配置审核的不同可能性。 尽管存在不同的可⾃定义,可配置的审核机制,但仍需要具有预定义的标准审核机制,以便最终⽤户只需简单地启⽤审核选项。不同的审核配置 (Different Auditing Configurations)As indicated before, there are several options for auditing in SQL Server.如前所述,SQL Server中有多个审计选项。OptionServer andDatabase AuditProsConsCustomizable to any granular levelDML/DDL triggers can be implementedfor granular levelA lot of is neededTriggersThe performance will be impactedSystem ViewsSQL ProfilerExtended EventsAvailable out of the boxCustomizable to any granular levelCustomizable to any granular levelLimited Auditing options and most of the time it providesthe current states performance will be urations are needed选项服务器和数据库审核扳机系统视图SQL事件探查器扩展活动优点可⾃定义到任何粒度级别DML / DDL触发器可以实现细化级别开箱即⽤可⾃定义到任何粒度级别可⾃定义到任何粒度级别缺点需要⼤量性能会受到影响受限审核选项,并且在⼤多数情况下,它仅提供当前状态。性能将受到影响。需要配置解 (Solution)C2 Auditing and Common Criteria Compliance are two internationally accepted auditing standards.C2审核和通⽤标准合规性是两个国际公认的审核标准。C2 audit mode is the auditing option that can be used to facilitate auditing standard. By enabling C2 auditing, it allows theadministrator to enable a comprehensive type of auditing, logging. This is named as C2 audit mode because it is logging ofthe form specified by the U.S. Department of Defense regulations to meet the certification at the C2 level of trust. Thoseregulations were specified in a document called the Trusted Computer System Evaluation Criteria, often referred to as the“Orange Book” in the “Rainbow Series.” The Orange Book is now depreciated in favor of the Common eless, is still a commonly used term.C2审核模式是可⽤于促进审核标准的审核选项。 通过启⽤C2审核,它允许管理员启⽤全⾯的审核,⽇志记录类型。 之所以称为C2审核模式,是因为它记录了美国国防部法规指定的形式,以符合C2信任级别的认证。 这些规定在称为“受信任的计算机系统评估标准”的⽂档中进⾏了指定,该⽂档通常在“彩虹系列”中称为“橙⽪书”。 现在,《橙⽪书》已贬值,以⽀持通⽤标准。 尽管如此, 仍然是⼀个常⽤术语。C2 audit mode generally means assigning a unique generated audit ID to each group of related processes, starting at fter, certain forms of system calls performed by every process are logged with the audit ID.C2审核模式通常意味着从登录开始就为每组相关进程分配唯⼀的⽣成的审核ID。 此后,由每个进程执⾏的某些形式的系统调⽤都会⽤审核ID进⾏记录。在SQL Server中配置C2审核 (Configuring C2 Auditing in SQL Server)C2 audit mode feature is available in SQL Server on-premises edition but not in Azure SQL Server Database, Azure SQLData Warehouse and Parallel Data Warehouse. In the case of Azure, there are separate auditing options are available.C2审核模式功能在SQL Server本地版本中可⽤,但在Azure SQL Server数据库,Azure SQL数据仓库和并⾏数据仓库中不可⽤。 对于Azure,有单独的审核选项可⽤。This can be configured in multiple ways. Following is the configuration of C2 Auditing by using the user interface. Under theserver properties, in the Security Tab, the following option can be selected to enable C2 audit mode.可以通过多种⽅式进⾏配置。 以下是使⽤⽤户界⾯进⾏C2审核的配置。 在服务器属性下的“ 安全性”选项卡中,可以选择以下选项来启⽤C2审核模式。In the above Figure, there is another option, Common Criteria compliance which will be discussed later.在上图中,还有另⼀个选项,即“通⽤标准符合性”,将在后⾯讨论。Also, this can be accomplished by T-SQL as well.同样,这也可以通过T-SQL完成。123456789--Enabling C2 Auditingsp_configure 'show advanced options', 1;
GORECONFIGURE;
GOsp_configure 'c2 audit mode', 1GORECONFIGURE WITH OVERRIDE;
GOThe output of this result is followed.跟踪此结果的输出。Configuration option ‘show advanced options’ changed from 1 to 1. Run the RECONFIGURE statement to install.配置选项“显⽰⾼级选项”从1更改为1。运⾏RECONFIGURE语句进⾏安装。Configuration option ‘c2 audit mode’ changed from 0 to 1. Run the RECONFIGURE statement to install.配置选项“ c2审核模式”从0更改为1。运⾏RECONFIGURE语句进⾏安装。SQL Server needs to be restarted for this configuration to effect after the configuration is made.配置完成后,需要重新启动SQL Server才能使此配置⽣效。When the SQL Server instance is started, audit log will be written to trace file in the mssqldata directory for defaultinstances or the mssql$instancenamedata directory for named instances. For example, C:Program FilesMicrosoft ERVERMSSQLDATA is the folder name for traces. The trace file name will have the format ofas audittrace_, where the second part of the name indicates date and time when the trace file wascreated. Since these logs are created in a folder, windows permissions need to be applied in order to secure audit files.启动SQL Server实例时,对于默认实例,审计⽇志将写⼊ mssql data⽬录中的跟踪⽂件,对于命名实例,将写⼊ mssql $instancename data⽬录中的跟踪⽂件。 例如, C: Program Files Microsoft SQL Server ERVER MSSQL DATA是⽂件夹的名称 痕迹。 跟踪⽂件名的格式为audittrace_,其中第⼆部分表⽰创建跟踪⽂件的⽇期和时间。 由于这些⽇志是在⽂件夹中创建的,因此需要应⽤Windows权限才能保护审核⽂件。This trace file can be read from the SQL Profiler tool by opening the profiler tool and opening the trace file.可以通过打开分析器⼯具并打开跟踪⽂件,从SQL Profiler⼯具中读取此跟踪⽂件。Also, the following T-SQL query can be used to retrieve the audit data from traces.同样,以下T-SQL查询可⽤于从跟踪中检索审计数据。12345--Retiving C2 Audited DataSELECT *
FROM ::fn_trace_gettable( 'C:Program FilesMicrosoft SQL ', default )The advantage of this is that the users have the option of joining, filtering or grouping option for better analysis. In case oftroubleshooting, it is much better to import traces to a database table. In the case of database tables, you have the option ofadding indexes to improve the performance.这样做的好处是⽤户可以选择加⼊,过滤或分组以进⾏更好的分析。 在进⾏故障排除的情况下,最好将跟踪导⼊数据库表中。 对于数据库表,可以选择添加索引以提⾼性能。The trace file will have a rollover the size of 200 MB which is fixed and after the SQL Server database engine restarts newtrace file will be created. It is important to note that C2 auditing can consume a huge amount of disk space on an activesystem in a short amount of time. This is due to the fact that every auditing option is stored in the trace file. Also, in thecase of C2 audit mode is failing, SQL Server instance will be shut down. This means that Auditing has the highest priorityover the SQL Server database engine user operations. This means that administrators have to have extra care for the SQLServer systems where C2 auditing is enabled.跟踪⽂件的总⼤⼩为200 MB,这是固定的,并且在SQL Server数据库引擎重新启动之后,将创建新的跟踪⽂件。 重要的是要注意,C2审核会在很短的时间内消耗活动系统上的⼤量磁盘空间。 这是因为每个审核选项都存储在跟踪⽂件中。 另外,在C2审核模式失败的情况下,SQL Server实例将被关闭。 这意味着审核⽐SQL Server数据库引擎⽤户操作具有最⾼优先级。 这意味着管理员必须特别注意启⽤了C2审核SQL Server系统。Also, to disable the C2 audit mode for a temporary basis, you need to restart SQL Server with the –f flag. If SQL Servershut down due to the failure of C2 Auditing, disable C2 audit mode temporary, then disable the C2 auditing after restartingthe SQL Server instance.另外,要临时禁⽤C2审核模式,您需要使⽤–f标志重新启动SQL Server。 如果由于C2审核失败⽽关闭SQL Server,请暂时禁⽤C2审核模式,然后在重新启动SQL Server实例后禁⽤C2审核。A major disadvantage of the C2 audit mode is the performance impact to the SQL Server instance apart from the hugestorage it requires. An advantage of the C2 Auditing is that data is saved in the trace files where backups can be r, since these traces files are stored outside of SQL Server, security needs to be applied in order to protect thetrace files.C2审核模式的主要缺点是对SQL Server实例的性能影响(除了所需的巨⼤存储空间)。 C2审核的⼀个优点是数据被保存在可以进⾏备份的跟踪⽂件中。 但是,由于这些跟踪⽂件存储在SQL Server外部,因此需要应⽤安全性以保护跟踪⽂件。通⽤标准合规 (Common Criteria Compliance)C2 auditing has been deprecated by the Common Criteria specification which was developed by the European Criteria Compliance is internationally recognized set of guidelines for security for information technologyproducts. This is applied to operating systems, Databases, Network Devices and Smart cards etc. Common criteria certifiedproducts have been rigorously evaluated by accredited third party security labs.C2审核已被欧盟制定的通⽤标准规范所弃⽤。 通⽤标准合规性是国际公认的信息技术产品安全性准则集。 这适⽤于操作系统,数据库,⽹络设备和智能卡等。经过认可的第三⽅安全实验室已对通⽤标准认证的产品进⾏了严格评估。This option is available same versions as C2 Audit but Common Criteria Compliance is available in Enterprise and DataCenter editions of SQL Server 2008 R2 and after versions. However, with respect to the SQL Server, if you are complyingwith either C2 or common criteria, the audit result is similar. In the case of Common Criteria Compliance, audited data canbe viewed from system views which is more secure than the C2 audit mode.此选项的可⽤版本与C2审核的版本相同,但SQL Server 2008 R2的企业版和数据中⼼版以及更⾼版本中提供了“通⽤标准合规性”。 但是,对于SQL Server,如果您符合C2或通⽤标准,则审核结果是相似的。 对于“通⽤标准合规性”,可以从系统视图查看已审核的数据,该数据⽐C2审核模式更安全。Similar to C2 Auditing, Common Criteria Compliance can be enabled using the same option of the Security tab of the ServerProperties dialog as shown below.与C2审核类似,可以使⽤“ 服务器属性”对话框的“ 安全性”选项卡中的相同选项来启⽤“通⽤标准合规性”,如下所⽰。This can be done from T-SQL as shown below:可以从T-SQL完成,如下所⽰:--Enabling common criteria compliancesp_configure 'show advanced options', 1;
GO
RECONFIGURE;
GO
EXEC _configure N'common criteria compliance enabled', N'1'GORECONFIGURE WITH OVERRIDEGO
As for C2 Audit, SQL Server needs to be restarted for this configuration to effect after the configuration is made.对于C2审核,需要重新启动SQL Server才能使此配置在完成配置后⽣效。Common Criteria Compliance allows the following to occur:通⽤标准合规性允许发⽣以下情况:Residual Information Protection (RIP)残留信息保护(RIP)The ability to view login statistics查看登录统计信息的能⼒That column GRANT should not override table DENY该列GRANT不应覆盖表DENYThese login statistics can be viewed by querying the _exec_sessions dynamic management view. Last login date timeand last unsuccessful login date time are available in _exec_sessions but is not recorded unless Common CriteriaCompliance is enabled.可以通过查询_exec_sessions动态管理视图来查看这些登录统计信息。 上次登录⽇期时间和上次失败登录⽇期时间在_exec_sessions中可⽤,但除⾮启⽤了“通⽤标准符合性”,否则不会记录下来。Following are the Criteria Compliance related columns in the _exec_sessions DMV.以下是_exec_sessions DMV中与“标准符合性”相关的列。123456SELECT session_id, login_name, last_successful_logon,
last_unsuccessful_logon, unsuccessful_logons
FROM _exec_sessionsIn Common Criteria Compliance, the major advantage is that the auditing data is stored in the database instance r, in Common Criteria Compliance workaround should be applied to keep the historical data as dm_exec_sessionsDMV does not store the historical data.在Common Criteria Compliance中,主要优点是审核数据存储在数据库实例本⾝中。 但是,由于dm_exec_sessions DMV不存储历史数据,因此在“通⽤标准合规性”中应采⽤变通⽅法来保留历史数据。摘要 (Summary)In case of any auditing mechanism, there will be an impact on the performance of the system. By considering theperformance, Common Criteria Compliance is better than C2 audit mode. Also, feature-wise C2 Auditing is better thanCommon Criteria Compliance.如果采⽤任何审核机制,将会对系统的性能产⽣影响。 通过考虑性能,通⽤标准合规性优于C2审核模式。 此外,按功能进⾏的C2审核要⽐“通⽤标准合规性”更好。In case of SQL Server, administrators has the options of enabling both C2 audit mode and Common Criterial Compliance.对于SQL Server,管理员可以选择启⽤C2审核模式和“通⽤标准合规性”。sql2005关闭c2审核
![一种面向实时数据库的独立透明型安全审计保护的方法[发明专利]](/uploads/image/0819.jpg)
发布评论