SQL Server Audit Checklist
SQL Server Audit Checklist
SQL Server Audit Checklist
1. Review Windows NT / 2000 host identification and authentication mechanisms, Trust Relationships Account Policies User and Group Accounts 2. Consider Windows NT /2000 resource access control to protect the SQL Server programs, and databases Network Shares Directory and File Permissions 3. Review use of operating system audit trail mechanisms, including Audit Policy 4. Identify Microsoft SQL Server products and versions in use 5. Identify service pack levels and hot-fixes for both OS and SQL Server 6. Identify SQL Server Authentication Mode (Integrated / Mixed) 7. Identify the major applications which are using SQL Server 8. Review configuration settings sp_configure 9. Obtain listing of databases and identify databases subject to audit sysdatabases 10. Review database options sp_dboptions 11. Obtain listing of database objects for each database sysobjects 12. Review server logins & ensure valid sysxlogins 13. Consider default and generic user-ids e.g. sa; probe 14. Ensure Windows NT / 2000 passwords options are appropriate 15. Ensure Windows NT / 2000 group membership 16. For databases subject to audit, evaluate users and ensure appropriate sysusers 17. Evaluate roles Server Roles Database Roles User Roles Application Roles 18. Evaluate use of dbo & guest for production databases 19. Evaluate database object ownership 20. Evaluate statement & object permissions, syspermissions sysprotects sp_helprotect 21. Evaluate audit trail and logging mechanisms 22. Evaluate control over utilities (e.g passwords scripted in batch jobs), bcp; isql 23. Evaluate back-up & recovery processes 24. Identify and evaluate use of remote /linked servers 25. Consider network security issues TCP/IP security, Network Protocol Libraries, encryption