Versions Compared

Old Version 26

changes.mady.by.user Alejandra Barrientos

Saved on

compared with

New Version Current

changes.mady.by.user Stephanie Mariscal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This build of IDERA SQL Secure includes many fixed issues, including the following previous updates.

4.

...

3 New features

  • Anchor
    SQLSECU-
    2783
    2754
    SQLSECU-
    2783
    2754
    The SQL Secure Data Collector Job Keys allow you to manage snapshot collection jobs. Use this option to throttle the collector jobs so that they do not overload the SQL Server instanceallows you to schedule snapshots at the policy level, which lets you apply them to multiple instances.

  • Anchor
    SQLSECU-

    2763

    2638
    SQLSECU-

    2763

    2638
    SQL Secure

    supports TLS 1.2 to send email requests to SMTP.

...

  • allows you to add system-supplied or user-specified certificates to the whitelist for the Certificate private key were never exported security check

    Note
    The whitelist is already populated with the Microsoft certificates marked with NO-PRIVATE-KEY .
  • Anchor
    SQLSECU-
    2704
    2091
    SQLSECU-
    2704
    2091
    SQL Secure enhanced the assessment's loading time; they no longer take several minutes to display The Suspect SQL Logins report now includes 'Enforce Password Policy" and 'Enforce Password Expiration' information.
  • Anchor
    SQLSECU-
    2778
    2842
    SQLSECU-
    2778Snapshot collection on Availability Group Nodes no longer generates a file permissions warning message.
    2842
    The Database Roles report now has an Only active employees filter that allows selecting Active, Disabled, or All AD accounts.

4.3 Fixed issues

  • Anchor
    SQLSECU-

    2779

    2816
    SQLSECU-

    2779Snapshot collection completes successfully for a log-shipped database

    2816
    The Suspect SQL Logins report correctly lists SQL accounts avoiding Windows NT accounts.

  • Anchor
    SQLSECU-

    2716

    2871
    SQLSECU-

    2716 The number of Stored Procedures in the Stored Procedures Encrypted details of the security check no longer differs from the number of Stored Procedures in SSMS

    2871
    SQL Secure improved Snapshots performance for large databases.

  • Anchor
    SQLSECU-

    2777

    2874
    SQLSECU-

    2777SQL Secure no longer displays timeout errors while generating the Database Roles Reports

    2874
    Fixed an issue when performing a snapshot comparison containing certificate changes.

  • Anchor
    SQLSECU-

    2781

    2869
    SQLSECU-

    2781Renaming and disabling sa login account no longer shows a "sa Account Not Disabled" security check

    2869
    SQL Secure now shows the correct values for CLR SAFE_ACCESS and CLR Enabled security checks.

  • Anchor
    SQLSECU-

    2780

    2806
    SQLSECU-

    2780"Public Server Role only granted default Microsoft permissions" security check shows the correct information related to Server Roles

    2806
    SQL Secure now contains the CIS for SQL Server 2022 benchmark. All other CIS benchmarks have been updated to their most recent available benchmark version.

4.2 New features

  • Anchor
    SQLSECU-2589215
    SQLSECU-2589
    The Snapshot Comparison Report no longer displays server changes when no changes have been made.
    215
    SQL Secure now allows you to take a snapshot of all registered servers in a policy. Snapshots can also be scheduled at the policy level
  • Anchor
    SQLSECU-27742655
    SQLSECU-2774
    The User Permission Report works correctly with different collations sets
    2655
    The Server Roles report now shows members from Windows groups.
  • Anchor
    SQLSECU-27621242
    SQLSECU-2762
    SQL Secure imports hidden instances using CSV files.
    1242
    The Database Roles report now displays the creation date of the database.

4.2 Fixed issues

  • Anchor
    SQLSECU-2788SQLSECU-2788
    Anchor
    SQLSECU-27662833
    SQLSECU-2766
    The Snapshot collection process completes successfully for imported instances using CSV files
    2833
    SQL Secure successfully monitors a set of databases after taking a snapshot, avoiding the "Some databases were unavailable for auditing" warning.
  • Anchor
    SQLSECU-27712831
    SQLSECU-27712831
    SQL Secure now correctly labels log-shipped databases in standby/read-only recovery as "Databases Files" when running a snapshot.
  • Anchoranchor
    SQLSECU-27662811
    SQLSECU-2766
    The Risk Assessment Report no longer reports the sa login account incorrectly
    2811
    Collation settings no longer cause a conflict between the audited server and what it is expecting to match.
  • Anchor
    SQLSECU-27932820
    SQLSECU-2793
    SQL Secure no longer has issues with bulk email notification settings
    2820
    "Backups compliance with RTO and RPO requirements" security check includes non-system databases that never had a backup, excluding system databases.
  • Anchor
    SQLSECU-27722823
    SQLSECU-27722823
    Latest SQL Secure version no longer supports SQL Server 2000 and SQL Server 2005, a workaround is to install Secure on a SQL instance with a different collationRenaming the sa login in a SQL Server instance no longer generates a false warning risk level in the 'sa account is not disabled' check.
  • Anchor
    SQLSECU-27742764
    SQLSECU-2774
    SQL Secure enhanced the SQL Job Permission security check.

...

  • 2764
    Database Roles report now shows results in Alphabetical order.
  • Anchor
    SQLSECU-27592821
    SQLSECU-27592821
    The Database Roles report now allows a filter on active and inactive AD accountsThe time to keep snapshots before letting them be groomed is no longer set by default to one day when importing files in CSV format.
  • Anchor
    SQLSECU-27582798
    SQLSECU-2758
    The User Permission report is no longer showing errors in the db_role information.
    2798
    SQL Secure correctly reports "SQL Server Database Level Encryption" security check for Azure SQL Databases.

4.1 New features

  • Anchor
    SQLSECU-27572639
    SQLSECU-27572639
    The Configuration Security Checks  now allows you to configure your Backups compliance more freely with the Backups compliance with RTO and RPO requirements check . Now, you can set up the backup frequency and select the databases to backup.

4.1 Fixed issues

  • Anchor
    SQLSECU-2664
    SQLSECU-2664
    When exporting a Policy, SQL Secure no longer checks all the checkboxes by default. It only keeps the enabled ones of the exported policy The User Permissions report shows all schema-level permissions data. The Object Type filter is no longer generating blank spaces after any object type name. AnchorSQLSECU-2744SQLSECU-2744 You can access registry key information and the SQL Server install folder with Local Administrador and Sysadmin permissions. The Snapshot collection is no longer displaying warning messages caused by permissions on the SQL Server instance.
  • Anchor
    SQLSECU-27352760
    SQLSECU-27352760
    The results of the snapshot show the 'Weak Passwords' security check identifying the new SQL Login a user created with the password set to one of the passwords from the list of Default Weak Passwords, and flags that as a finding"Orphaned Users" security check is no longer identifying users without matching logins as orphan users.
  • Anchor
    SQLSECU-
    2678
    2772
    SQLSECU-
    2678
    2772
    When the sa login is renamed and disabled, SQL Secure reports a Warning level risk finding    The All User Permissions report now allows you to expand or collapse results upon report execution. When the report has many permission results, displaying the results collapsed will allow the report to complete execution faster while permissions can be expanded and explored for each audited database.
  • Anchor
    SQLSECU-
    2676
    2782
    SQLSECU-
    2676
    2782
    SQL Secure no longer displays Orphaned Users check findings when database users are mapped to certificates    Generating the Database Roles report is no longer causing a "maximum recursion" error message.
  • Anchor
    SQLSECU-
    2608
    2771
    SQLSECU-
    2608
    2771
     SQL Secure fixed the "Is the SQL Server sa account enabled" security check to have a passed status when the finding is "The sa account is not enabled".

3.4 New features

  • Now the Risk Assessment Report correctly reports the sa account status when it is disabled.
  • Anchor
    SQLSECU-2773
    SQLSECU-2773
    The Risk Assessment Report correctly reports when the sa account does not exist on the server     AnchorSQLSECU-2687SQLSECU-2687SQL Secure adds a DISA-NIST STIG policy and security check templates for SQL Server 2016, with 11 security checks enabled by default.
  • Anchor
    SQLSECU-
    2557
    2801
    SQLSECU-
    2557 An additional policy field filtering option was implemented in the Assessment Comparison report.

...

  • 2801
    Now SQL Secure Grooming Job runs correctly and as expected.

4.0 New features

  • Anchor
    SQLSECU-26792783
    SQLSECU-26792783
    The error message where "SQL Secure was unable to acquire a valid key" is no longer displayed while trying to take snapshots after decommissioning some serversData Collector Job Keys allow you to manage snapshot collection jobs. Use this option to throttle the collector jobs so that they do not overload the SQL Server instance.
  • Anchor
    SQLSECU-26882763
    SQLSECU-26882763
    The SQL Mail or Database Mail Enabled security check now is working as expected.SQL Secure supports TLS 1.2 to send email requests to SMTP.

4.0 Fixed issues

  • Anchor
    SQLSECU-26892704
    SQLSECU-26892704
    SQL Secure enhanced the assessment's loading time; they no longer take several minutes to display informationAddressed several areas causing poor performance and usability in the user permissions report with significant success.
  • Anchor
    SQLSECU-27112778
    SQLSECU-2711
    Streamlined workflow for the snapshot data collection operation.

...

  • 2778
    Snapshot collection on Availability Group Nodes no longer generates a file permissions warning message.
  • Anchor
    SQLSECU-27022779
    SQLSECU-2702
    Anchor
    2779
    Snapshot collection completes successfully for a log-shipped database.
  • SQLSECU-2703SQLSECU-2703
    Anchor
    SQLSECU-26452716
    SQLSECU-26452716
     The number of Stored Procedures in the Stored Procedures Encrypted details of the security check no longer differs from the number of Stored Procedures in SSMS.
  • Anchor
    SQLSECU-26852777
    SQLSECU-26852777
    SQL Secure no longer displays timeout errors while generating the Database Roles Reports.
  • Anchor
    SQLSECU-26772781
    SQLSECU-2677
    SQL Secure now supports Windows Server 2019 and SQL Server 2019.
  • Install, upgrade, uninstall SQL Secure using SQL Server 2019 based repository.
  • Monitor SQL Server 2019 based instances where SQL Secure repository uses SQL Server 2019 or previous versions.
  • Monitor SQL Server 2019 and previous versions from environments where SQL Secure repository uses SQL Server 2019.
  • Register SQL Server 2019 on Azure VM and Azure SQL Database, generates all available reports.
    • Register SQL Server 2019 on Amazon EC2 and Amazon RDS for SQL Server, generates all available reports
    2781
    Renaming and disabling sa login account no longer shows a "sa Account Not Disabled" security check.
  • Anchor
    SQLSECU-2780
    SQLSECU-2780
    "Public Server Role only granted default Microsoft permissions" security check shows the correct information related to Server Roles
  • Anchor
    SQLSECU-2589
    SQLSECU-2589
    The Snapshot Comparison Report no longer displays server changes when no changes have been made.
  • Anchor
    SQLSECU-2774
    SQLSECU-2774
    The User Permission Report works correctly with different collations sets.
  • Anchor
    SQLSECU-26862762
    SQLSECU-26862762
    SQL Secure adds policy templates: CIS for SQL Server 2017 and SQL Server 2019.

3.3.2 Fixed issues

  • imports hidden instances using CSV files.
  • Anchor
    SQLSECU-25442788
    SQLSECU-2544
    The CIS for SQL Server 2016 policy lists all the corresponding security checks.
    2788
    Anchor
    SQLSECU-24862766
    SQLSECU-24862766
    Snapshot comparison report doesn't show server role changeThe Snapshot collection process completes successfully for imported instances using CSV files.
  • Anchor
    SQLSECU-7232771
    SQLSECU-723
    Exporting the User Permission Report is working as expected.

3.3.1 Fixed issues

  • 2771
    Anchor
    SQLSECU-2766
    Anchor
    SQLSECU-2649
    SQLSECU-26492766
    The Operating System Security Check Risk Assessment Report no longer generates risks when the Operating system matches the detailsreports the sa login account incorrectly.
  • Anchor
    SQLSECU-26482793
    SQLSECU-2648
    Unauthorized Account Security Check is no longer displaying inconsistent results and details
    2793
    SQL Secure no longer has issues with bulk email notification settings.
  • Anchor
    SQLSECU-26222772
    SQLSECU-26222772
    Renaming the sa login in a SQL Server instance no longer generates a false warning risk level in the 'sa account is not disabled' check.
  • Anchor
    SQLSECU-26562774
    SQLSECU-26562774
    SQL Secure improved its performance significantly decreasing report generation times.enhanced the SQL Job Permission security check.

3.4.1 Fixed issues

  • Anchor
    SQLSECU-24862759
    SQLSECU-24862759
    The time to keep snapshots before letting them be groomed is no longer set by default to one day when importing files in CSV format.
  • Anchor
    SQLSECU-20662758
    SQLSECU-2066
    Snapshot Comparison Report displays the correct Server Role when a difference is generated between snapshots.

3.3 New features

  • Adds audit support for Amazon RDS and Amazon EC2.
  • Supports installing SQL Secure on Azure VM and Amazon EC2.
  • Adds new security checks to support GDPR and provide a GDPR policy template.
  • Updates Idera Level 1 - 3 policy templates.
  • Enhances the Import/Export Policy.
  • Provides an option to make bulk changes to email notification settings.
  • Allows users to archive snapshots for decommissioned servers.

3.3 Fixed issues

  • 2758
    The User Permission report is no longer showing errors in the db_role information.
  • Anchor
    SQLSECU-2757
    SQLSECU-2757
     The User Permissions report shows all schema-level permissions data. The Object Type filter is no longer generating blank spaces after any object type name.
  • Anchor
    SQLSECU-2744
    SQLSECU-2744
     You can access registry key information and the SQL Server install folder with Local Administrador and Sysadmin permissions. The Snapshot collection is no longer displaying warning messages caused by permissions on the SQL Server instance.
  • Anchor
    SQLSECU-2735
    SQLSECU-2735
    "Orphaned Users" security check is no longer identifying users without matching logins as orphan users AnchorSQLSECU-2309SQLSECU-2309SQL Secure is no longer having issues with expired Licenses.
  • Anchor
    SQLSECU-22692678
    SQLSECU-2269
    SQL Secure Grooming Job is no longer failing while classifying errors from warnings
    2678
    The All User Permissions report now allows you to expand or collapse results upon report execution. When the report has many permission results, displaying the results collapsed will allow the report to complete execution faster while permissions can be expanded and explored for each audited database.
  • Anchor
    SQLSECU-22442676
    SQLSECU-2244
    The Unauthorized Account Check security check is not returning findings on SQL Server 2008 R2, it works with SQL Server 2016 and above
    2676
    Generating the Database Roles report is no longer causing a "maximum recursion" error message.
  • Anchor
    SQLSECU-22232608
    SQLSECU-2223
    The explanation notes functionality is working for all security checks. AnchorSQLSECU-2151SQLSECU-2151 The uninstallation process completes removing all SQL Secure files.
    2608
    SQL Secure fixed the "Is the SQL Server sa account enabled" security check to have a passed status when the finding is "The sa account is not enabled".

3.4 New features

  • Anchor
    SQLSECU-20892687
    SQLSECU-20892687
    SQL Secure reports show Snapshot missing data when all Sequence Objects are included in the filter. AnchorSQLSECU-2083SQLSECU-2083The Snapshot Data Collection process for Windows Server 2016 is no longer showing incorrect warningsadds a DISA-NIST STIG policy and security check templates for SQL Server 2016, with 11 security checks enabled by default.
  • Anchor
    SQLSECU-
    2074
    2557
    SQLSECU-
    2074 TracerX-Viewer.application no longer requires to upgrade the .NET version.
    2557
    An additional policy field filtering option was implemented in the Assessment Comparison report.

3.4 Fixed issues

  • Anchor
    SQLSECU-20642679
    SQLSECU-20642679
    SQL Secure includes the option to add new servers to Server Group TagsThe error message where "SQL Secure was unable to acquire a valid key" is no longer displayed while trying to take snapshots after decommissioning some servers.
  • Anchor
    SQLSECU-20372688
    SQLSECU-2037
    The Risk Assessment Report includes the Show Risk Only option
    2688
    The SQL Mail or Database Mail Enabled security check now is working as expected.
  • Anchor
    SQLSECU-2122689
    SQLSECU-212
    HIPAA policy now includes msdb database as default in the criteria
    2689
    Addressed several areas causing poor performance and usability in the user permissions report with significant success.
  • Anchor
    SQLSECU-20862711
    SQLSECU-2086
    SQL Secure installer includes the Visual C++ 2015 Redistributable.
    2711
    Streamlined workflow for the snapshot data collection operation.

3.3.2 New features

  • Anchor
    SQLSECU-

...

  • 2702
    SQLSECU-

...

  • 2702
    Anchor
    SQLSECU-2703
    SQLSECU-2703
    Anchor
    SQLSECU-2645
    SQLSECU-2645
    Anchor
    SQLSECU-2685
    SQLSECU-2685
    Anchor
    SQLSECU-2677
    SQLSECU-2677
    SQL Secure now supports Windows Server 2019 and SQL Server 2019.
    • Install, upgrade, uninstall SQL Secure using SQL Server 2019 based repository.
    • Monitor SQL Server 2019 based instances where SQL Secure repository uses SQL Server 2019 or previous versions.
    • Monitor SQL Server 2019 and previous versions from environments where SQL Secure repository uses SQL Server 2019.
    • Register SQL Server 2019 on Azure VM and Azure SQL Database, generates all available reports.
    • Register SQL Server 2019 on Amazon EC2 and Amazon RDS for SQL Server, generates all available reports

IDERA SQL Secure 3.2 includes the following New Security Templates:

  • Center for Internet Security (CIS) for SQL Server 2008 R2, 2014, and 2016.

  • Defense Information Systems Agency (DISA) & National Institute of Standards and Technology (NIST) for SQL Server 2012 and 2014.

  • Sarbanes-Oxley Act, Section 404 (SOX 404).
  • North American Electric Reliability Corporation (NERC)
    • .
  • Anchor
    SQLSECU-

...

  • 2686
    SQLSECU-

...

On this release IDERA SQL Secure updates the following Security templates:

...

Center for Internet Security (CIS) in 2008 and 2012.

  • 2686
    SQL Secure adds policy templates: CIS for SQL Server 2017 and SQL Server 2019.

3.3.2 Fixed issues

...

  • Anchor
    SQLSECU-

...

  • 2544
    SQLSECU-

...

  • 2544
    The CIS for SQL Server 2016 policy lists all the corresponding security checks.
  • Anchor
    SQLSECU-2486
    SQLSECU-2486
    Snapshot comparison report doesn't show server role change.

IDERA SQL Secure 3.2 adds the following configuration checks:

  • Hidden Instance Option is Set

  • Auto Close Set for Contained Databases

  • Max Number of Concurrent Sessions

  • Backups Must Be in Compliance with RTO and RPO Requirements

  • Shutdown SQL Server on Trace Failure

  • Ad Hoc Distributed Queries Enabled
  • Anchor
    SQLSECU-

...

  • 723
    SQLSECU-

...

IDERA SQL Secure 3.2 adds the following access checks:

  • Asymmetric Key Size
  • Database Master Key Encrypted by Service Master Key
  • SQL Server Database Level Encryption
  • Appropriate Cryptographic Modules Have Been Used to Encrypt Data
  • Database Master Keys Encrypted by Password
  • Symmetric Keys Not Encrypted with a Certificate
  • Implement Cell Level Encryption

...

IDERA SQL Secure 3.2 adds the following auditing checks:

  • SQL Server Audit is Configured for Logins
  • DISA Audit Configuration

  • Implement Change Data Capture

...

IDERA SQL Secure 3.2 adds the following login checks:

  • SQL Logins Not Using Must Change

...

IDERA SQL Secure 3.2 adds the following permissions checks:

  • Limit propagation of access rights

  • Direct access permissions

...

IDERA SQL Secure 3.2 now supports the repository and a monitored server of SQL Server 2017 on Windows.

3.2 Fixed issues

...

3.1.200 New features

...

IDERA SQL Secure 3.1.200 now allows you to reference snapshots of decommissioned instances. Previously, IDERA SQL Secure removed permissions data for a server when it is removed from auditing. The only way to save the permissions and snapshot information for that instance was to back up the repository before decommissioning.

...

IDERA SQL Secure 3.1.200 includes support for Transport Layer Security (TLS) version 1.2. The TLS protocol provides encryption, authentication, and data privacy and integrity when transferring information over a network, including VPN, VOIP, and instant messaging.

...

For internal tracking reasons, this release of IDERA SQL Secure includes an updated product versioning format from three to four parts. For example, the previous version of SQL Secure was version 3.1.0 (x.x.x) and this release is 3.1.200.x (x.x.x.x).

3.1.200 Fixed issues

...

  • 723
    Exporting the User Permission Report is working as expected.

3.3.1 Fixed issues

  • Anchor
    SQLSECU-2649
    SQLSECU-2649
    The Operating System Security Check no longer generates risks when the Operating system matches the details.
  • Anchor
    SQLSECU-2648
    SQLSECU-2648
    Unauthorized Account Security Check is no longer displaying inconsistent results and details.
  • Anchor
    SQLSECU-2622
    SQLSECU-2622
    Anchor
    SQLSECU-2656
    SQLSECU-2656
    SQL Secure improved its performance significantly decreasing report generation times.
  • Anchor
    SQLSECU-2486
    SQLSECU-2486
    Anchor
    SQLSECU-2066
    SQLSECU-2066
    Snapshot Comparison Report displays the correct Server Role when a difference is generated between snapshots.

3.3 New features

  • Adds audit support for Amazon RDS and Amazon EC2.
  • Supports installing SQL Secure on Azure VM and Amazon EC2.
  • Adds new security checks to support GDPR and provide a GDPR policy template.
  • Updates Idera Level 1 - 3 policy templates.
  • Enhances the Import/Export Policy.
  • Provides an option to make bulk changes to email notification settings.
  • Allows users to archive snapshots for decommissioned servers.

3.3 Fixed issues

  • Anchor
    SQLSECU-2309
    SQLSECU-2309
    SQL Secure is no longer having issues with expired Licenses.

  • Anchor
    SQLSECU-2269
    SQLSECU-2269
    SQL Secure Grooming Job is no longer failing while classifying errors from warnings.
  • Anchor
    SQLSECU-2244
    SQLSECU-2244
    The Unauthorized Account Check security check is not returning findings on SQL Server 2008 R2, it works with SQL Server 2016 and above.
  • Anchor
    SQLSECU-2223
    SQLSECU-2223
    The explanation notes functionality is working for all security checks.
  • Anchor
    SQLSECU-2151
    SQLSECU-2151
    The uninstallation process completes removing all SQL Secure files.
  • Anchor
    SQLSECU-2089
    SQLSECU-2089
    SQL Secure reports show Snapshot missing data when all Sequence Objects are included in the filter.
  • Anchor
    SQLSECU-2083
    SQLSECU-2083
    The Snapshot Data Collection process for Windows Server 2016 is no longer showing incorrect warnings.
  • Anchor
    SQLSECU-2074
    SQLSECU-2074
    TracerX-Viewer.application no longer requires to upgrade the .NET version.
  • Anchor
    SQLSECU-2064
    SQLSECU-2064
    SQL Secure includes the option to add new servers to Server Group Tags.
  • Anchor
    SQLSECU-2037
    SQLSECU-2037
    The Risk Assessment Report includes the Show Risk Only option.
  • Anchor
    SQLSECU-212
    SQLSECU-212
    HIPAA policy now includes msdb database as default in the criteria.
  • Anchor
    SQLSECU-2086
    SQLSECU-2086
    SQL Secure installer includes the Visual C++ 2015 Redistributable.

3.2 New features

Anchor
SQLSECU-Req
SQLSECU-Req
New Security Templates

IDERA SQL Secure 3.2 includes the following New Security Templates:

  • Center for Internet Security (CIS) for SQL Server 2008 R2, 2014, and 2016.

  • Defense Information Systems Agency (DISA) & National Institute of Standards and Technology (NIST) for SQL Server 2012 and 2014.

  • Sarbanes-Oxley Act, Section 404 (SOX 404).
  • North American Electric Reliability Corporation (NERC).

Anchor
SQLSECU-Req
SQLSECU-Req
Security Templates Updates

On this release IDERA SQL Secure updates the following Security templates:

  • Center for Internet Security (CIS) in 2008 and 2012.

  • Payment Card Industry Data Security Standard (PCI-DSS).

Anchor
SQLSECU-Req
SQLSECU-Req
New Configuration Checks

IDERA SQL Secure 3.2 adds the following configuration checks:

  • Hidden Instance Option is Set

  • Auto Close Set for Contained Databases

  • Max Number of Concurrent Sessions

  • Backups Must Be in Compliance with RTO and RPO Requirements

  • Shutdown SQL Server on Trace Failure

  • Ad Hoc Distributed Queries Enabled

Anchor
SQLSECU-Req
SQLSECU-Req
New Access Checks

IDERA SQL Secure 3.2 adds the following access checks:

  • Asymmetric Key Size
  • Database Master Key Encrypted by Service Master Key
  • SQL Server Database Level Encryption
  • Appropriate Cryptographic Modules Have Been Used to Encrypt Data
  • Database Master Keys Encrypted by Password
  • Symmetric Keys Not Encrypted with a Certificate
  • Implement Cell Level Encryption

Anchor
SQLSECU-Req
SQLSECU-Req
New Auditing Checks

IDERA SQL Secure 3.2 adds the following auditing checks:

  • SQL Server Audit is Configured for Logins
  • DISA Audit Configuration

  • Implement Change Data Capture

Anchor
SQLSECU-Req
SQLSECU-Req
New Login Checks

IDERA SQL Secure 3.2 adds the following login checks:

  • SQL Logins Not Using Must Change

Anchor
SQLSECU-Req
SQLSECU-Req
New Permissions Checks

IDERA SQL Secure 3.2 adds the following permissions checks:

  • Limit propagation of access rights

  • Direct access permissions

Anchor
SQLSECU-Req
SQLSECU-Req
Supports SQL Server 2017

IDERA SQL Secure 3.2 now supports the repository and a monitored server of SQL Server 2017 on Windows.

3.2 Fixed issues

  • Anchor
    SQLSECU-720
    SQLSECU-720
    This version of SQL Secure improves the execution time of the Snapshot Comparison Report, making it able to display large datasets.
  • Anchor
    SQLSECU-745
    SQLSECU-745
    Time out error is no longer displayed on the User Permissions Report when the report was running for 80+ databases. In addition, users can export the report to CSV format.
  • Anchor
    SQLSECU-1503
    SQLSECU-1503
    Users now are able to filter for specific databases in the Database Roles Report.
  • Anchor
    SQLSECU-1177
    SQLSECU-1177
    Increased Excel Report Export capability to support reports with more than 65,000 rows of data.
  • Anchor
    SQLSECU-750
    SQLSECU-750
    This release improves Risk Assessment performance, which now is able to process policy information.
  • Anchor
    SQLSECU-1216
    SQLSECU-1216
    This release updates the console installation to use the existing repository.
  • Anchor
    SQLSECU-1329
    SQLSECU-1329
    Users can configure STMP for SQL Secure mail server.
  • Anchor
    SQLSECU-1501
    SQLSECU-1501
    Users can choose to monitor Always On Availability Group by registering the listener or individual nodes. Take into account there may be some gaps if you register using the listener.
  • Anchor
    SQLSECU-1522
    SQLSECU-1522
    Under Security Report Card users are able to see Logins Information with Windows Accounts Details for the Suspect Logins Security Check.
  • Anchor
    SQLSECU-2055
    SQLSECU-2055
    The Integration Services Running security check now is updated depending on the integration service status.
  • Anchor
    SQLSECU-2053
    SQLSECU-2053
    The Details Reports for SQL Server 2000 show database roles and members, it was previously not available for this version.
  • Anchor
    SQLSECU-1542
    SQLSECU-1542
    Updated SQL Secure version for the deployed report target folder for SSRS reports.
  • Anchor
    SQLSECU-1765
    SQLSECU-1765
    Users need to restart the application to update the SQL Secure Repository Connection Status after adding a new license in the SQL Secure Manage License section.

  • Anchor
    SQLSECU-2022
    SQLSECU-2022
    SQL Secure now supports international date time format.

  • Anchor
    SQLSECU-2056
    SQLSECU-2056
    The Integration Services Login Account Not Acceptable Security Check is no longer showing incorrect data for azure databases.
    Anchor
    SQLSECU-2056
    SQLSECU-2056

...

3.1 New features

Supports auditing of Azure SQL Database and SQL Server running in Azure virtual machines

IDERA SQL Secure 3.1 offers cloud-specific capabilities for Azure-hosted SQL Server databases, including:

  • Azure SQL Database and SQL Server running on Azure Virtual Machines (VMs).
  • Security audits on Azure SQL Database instances and Azure Active Directory.
  • Connecting to fully-qualified domain names for Azure VMs and Azure SQL Database instances as registered servers.

Expands installation options

IDERA SQL Secure 3.1 includes expanded installation options to support hybrid cloud environments.

Expands Security Check coverage

This release expands Security Check coverage for data protection, encryption, and firewall rules for the SQL Server platform, including Always Encrypted and Transparent Data Encryption.

Moved to the Windows .NET 4.6 framework

IDERA SQL Secure 3.1 supports Microsoft Windows operating systems using .NET 4.6. For more information about requirements, see Product requirements.

3.1 Fixed issues

There are no fixed issues in this release.

3.0 New features

Added SQL Server file import

Users now can import a .csv file containing the SQL Servers they want to import for registration in IDERA SQL Secure. This is an important feature for environments having more than a few SQL Servers as it allows you to bulk import data into IDERA SQL Secure. For more information about this feature, see Import SQL Server instances.

Added tags for easier server management

IDERA SQL Secure now features server group tags to allow you to more easily manage your SQL Server instance snapshots. You can select tags when registering a SQL Server or simply add a tag to your existing instances. Tags allow you to select a specific group of SQL Servers rather than selecting servers one by one. For more information about server group tags, see Manage server group tags.

Added suspect SQL Server logins report

The new Suspect SQL Logins report displays all of the suspect SQL Server Accounts that do not have any assigned permissions, i.e. databases, objects, or server files. For more information about reporting, see Report on SQL Server Security.

Expanded Risk Assessment reporting

IDERA SQL Secure 3.0 includes multiple additions and modifications to the existing Security Checks in the Risk Assessment report. These new checks include:

  • Access
    • Files on Drive Using Not Using NTFS. Updated to support ReFS for SQL Server 2016.
    • Supported Operating Systems. Removed support for Microsoft Windows 2003 and added support for Windows 2012, Windows 2012 R2, and Windows 2016.
    • SQL Jobs and Agent. Updated to flag any case where a proxy account is not in use.
    • Encryption Methods. Updated to flag any case where unsupported encryption methods are in use. Note that beginning with SQL Server 2016, all algorithms other than AES_128, AES_192, and AES_256 are deprecated.
    • Certificate private keys were never exported. Verifies that Certificate private keys are exported.
  • Configuration
    • Linked Server. Checks to see if there are linked servers, and then checks to see if the linked server is running as a member of the sysadmin group. Linked servers can lead to performance issues and running them using sysadmin privileges can leave a database vulnerable to corruption.
    • SQL Server Version. Checks to make sure a supported version of SQL Server is in use. Flags any case where an unsupported SQL Server version is in use.
    • Full-Text Search Service Running. Checks to make sure that this service is running on the selected instance.
    • Unauthorized Accounts Check. Updated to include checks for roles beyond sysadmin, including the Separation of Duties roles in SQL Server 2014 and the roles surrounding encryption for SQL Server 2016.
    • Other General Domain Accounts Check. Update to include checks for general domain accounts such as domain Users, Everyone, and Authenticated Users added to the selected instance.
  • Surface
    • SQL Server Available for Browsing. Updated the name of this check to SQL Server Browser Running.

For more information about using reports within IDERA SQL Secure, see Report on SQL Server Security.

3.0 Fixed issues

The following issues are fixed in IDERA SQL Secure:

  • Resolved an issue that occurred when trying to register a SQL Server instance, which is clustered and using AlwaysOn Availability Groups. The system tried to register the Cluster Server Name instead of the SQL Server Instance Name.Resolved an issue that caused SQL Server administrator accounts to show sysadmin accounts for other servers in the Server Security Report Card.IDERA SQL Secure no longer incorrectly pulls database role information from SQL Server 2000 databases.Users no longer receive false warning messages when running a snapshot.Resolved an issue that caused the system to display authorized accounts as unauthorized when a wildcard was included in the list of authorized accounts in Unauthorized Accounts Are Sysadmins.

Scroll pdf ignore
Excerpt
Newtabfooter
aliasIDERA
urlhttp://www.idera.com
|
Newtabfooter
aliasProducts
urlhttps://www.idera.com/productssolutions/sqlserver
|
Newtabfooter
aliasPurchase
urlhttps://www.idera.com/buynow/onlinestore
|
Newtabfooter
aliasSupport
urlhttps://idera.secure.force.com/
|
Newtabfooter
aliasCommunity
urlhttp://community.idera.com
 |
Newtabfooter
aliasResources
urlhttp://www.idera.com/resourcecentral
|
Newtabfooter
aliasAbout Us
urlhttp://www.idera.com/about/aboutus
 |
Newtabfooter
aliasLegal
urlhttps://www.idera.com/legal/termsofuse

...