Week 6 Written Assignment C2 Security Auditing on SQL Server

If you need your SQL server to maintain a detailed audit trail, then the C2 audit option may be a
good choice. However, you might have to consider few things before configuring it to be sure
that you don't have some issues over time.
You are required to complete BOTH Part A and Part B of the assignment.
Part A
Please write short essay answers discussing the following questions:
1. What is the difference between C2 Audit Tracing and Server Audit?
2. What information will the C2 audit capture on the SQL server?
3. What are some of the considerations before implementing the audit trace such as
resources and impacts?
Part B Lab Auditing
Phase 1 Implementing Oracle Fine-Grained Auditing (FGA)
In a previous lab, you have created DBSEC user and CUSTOMER table.
In this lab, you will implement a FGA case. The CUSTOMER table will be the one you created
on the previous lab. Your task is to design and implement the following auditing functions on the
CUSTOMER table.
1. Track all "SELECT" activities on the CUSTOMER table, including database user,
operating system user, and time when the operation is performed.
2. Track the changes when CREDIT_LIMIT is set to a value above $5,000.
3. Track the CUSTOMER table when a customer record was deleted.
You need to generate one SQL script file to perform all the following tasks:
1. Add a policy to implement audit task 1 (SELECT). The policy will be named as
AUDIT_POLICY_1_SELECT.
2. Add a policy to implement audit task 2 (CREDIT_LIMIT). The policy will be
named as AUDIT_POLICY_2_CREDIT.
3. Add a policy to implement audit task 3 (DELETE on CUSTOMER table). The
policy will be named as AUDIT_POLICY_3_DELETE.
4. Turn on the audit function.
5. Connect to user DBSEC, and perform the following DML functions for testing
purpose:
SELECT CUSTOMER_ID, FIRST_NAME,LAST_NAME,CREDIT_LIMIT
FROM customer
WHERE CUSTOMER_ID=201340;

UPDATE customer SET

CREDIT_LIMIT=2500000
WHERE CUSTOMER_ID=201340;
DELETE from CUSTOMER WHERE CUSTOMER_ID=201340;
6. Show the audit trail including when and who has used/modified the CUSTOMER
table.
7. Roll back the above change.
Tips:
1. You may use a drop user statement to refresh your database and enable testing.
Then, you need to recreate your CUSTOMER table. But, it is not required as a part of this
project.
2. When you need to connect to SYSTEM user, please use a syntax so that it will ask
the user to type the password. A typical example will be: "connect system;"
Phase 2
1. Using an Oracle select an existing user and audit all its activities.
Using Oracle:
Step #1: Connect as SYSTEM and make sure that the following parameters are set:
SQL> show parameter aud
NAME
TYPE
VALUE
------------------------------------ ----------- ----audit_sys_operations
boolean TRUE
audit_trail
string
DB
Step #2: Issue audit statement as follows:
AUDIT ALL BY DBSEC_CLERK
Step #3: Connect as DBSEC_CLERK and perform one DDL and DML statement.
Step #4: Connect as SYSTEM and retrieve the content of DBA_AUDIT_TRAIL.
Submission Requirement:
The SQL script files will be required and the screen capture of the lab completed steps.