Versions Compared

Old Version 11

changes.mady.by.user Nadja Pollard

Saved on

compared with

New Version 12

changes.mady.by.user Nadja Pollard

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This build of IDERA SQL Secure includes many fixed issues, including the following previous updates.

3.0 New features

Added SQL Server file import

Users now can import a .csv file containing the SQL Servers they want to import for registration in IDERA SQL Secure. This is an important feature for environments having more than a few SQL Servers as it allows you to bulk import data into IDERA SQL Secure. For more information about this feature, see Import SQL Server instances.

Added tags for easier server management

IDERA SQL Secure now features server group tags to allow you to more easily manage your SQL Server instance snapshots. You can select tags when registering a SQL Server or simply add a tag to your existing instances. Tags allow you to select a specific group of SQL Servers rather than selecting servers one by one. For more information about server group tags, see Manage server group tags.

Added suspect SQL Server logins report

The new Suspect SQL Logins report displays all of the suspect SQL Server Accounts that do not have any assigned permissions, i.e. databases, objects, or server files. For more information about reporting, see Report on SQL Server Security.

Expanded Risk Assessment reporting

IDERA SQL Secure 3.0 includes multiple additions and modifications to the existing Security Checks in the Risk Assessment report. These new checks include:

  • Access
    • Files on Drive Using Not Using NTFS. Updated to support ReFS for SQL Server 2016.
    • Supported Operating Systems. Removed support for Microsoft Windows 2003 and added support for Windows 2012, Windows 2012 R2, and Windows 2016.
    • SQL Jobs and Agent. Updated to flag any case where a proxy account is not in use.
    • Encryption Methods. Updated to flag any case where unsupported encryption methods are in use. Note that beginning with SQL Server 2016, all algorithms other than AES_128, AES_192, and AES_256 are deprecated.
    • Certificate private keys were never exported. Verifies that Certificate private keys are exported.
  • Configuration
    • Linked Server. Checks to see if there are linked servers, and then checks to see if the linked server is running as a member of the sysadmin group. Linked servers can lead to performance issues and running them using sysadmin privileges can leave a database vulnerable to corruption.
    • SQL Server Version. Checks to make sure a supported version of SQL Server is in use. Flags any case where an unsupported SQL Server version is in use.
    • Full Text Search Service Running. Checks to make sure that this service is running on the selected instance.
    • Unauthorized Accounts Check. Updated to include checks for roles beyond sysadmin, including the Separation of Duties roles in SQL Server 2014 and the roles surrounding encryption for SQL Server 2016.
    • Other General Domain Accounts Check. Update to include checks for general domain accounts such as domain Users, Everyone, and Authenticated Users added to the selected instance.
  • Surface
    • SQL Server Available for Browsing. Updated the name of this check to SQL Server Browser Running.

For more information about using reports within IDERA SQL Secure, see Report on SQL Server Security.

3.0 Fixed issues

The following issues are fixed in IDERA SQL Secure:

  • Resolved an issue that occurred when trying to register a SQL Server instance, which is clustered and using AlwaysOn Availability Groups. The system tried to register the Cluster Server Name instead of the SQL Server Instance Name.
  • Resolved an issue that caused SQL Server administrator accounts to show sysadmin accounts for other servers in the Server Security Report Card.
  • IDERA SQL Secure no longer incorrectly pulls database role information from SQL Server 2000 databases.
  • Users no longer receive false warning messages when running a snapshot.
  • Resolved an issue that caused the system to display authorized accounts as unauthorized when a wildcard was included in the list of authorized accounts in Unauthorized Accounts Are Sysadmins.

2.9 New features

Improved Name Matches selection of rule filter properties

...

    • Updated to policy templates:
      • CIS v 2.0 for SQL Server 2005 (from version 1.2)
      • PCI-DSS v 3.0 Guidelines for SQL Server (from version 2.0)
      • HIPAA Guidelines for SQL Server - update security checks as needed e.g. Operating System Version
    • Added templates for:
      • CIS v1.1.0 for SQL Server 2008
      • CIS v1.0.0 for SQL Server 2012
      • MS Best Practices Analyzer for 2008
      • MS Best Practices Analyzer for 2012
  • This version had updated to a granular process for Exporting and Importing policies, so that authorized SQL Logins can be excluded from exporting, and when imported the active settings for those checks remain unmodified.
  • The process for registering new SQL Server instances with IDERA SQL Secure now allows to define folders for file system permissions checks.
  • IDERA SQL Secure now supports Sequence Objects for SQL Server 2012.
  • IDERA SQL Secure supports users in contained databases for SQL Server 2012 and 2014.
  • IDERA SQL Secure now provides the following new Security Checks:
    • Security Check for SQL Server Integration Services (SSIS) to verify if any public or other unauthorized principals have been granted permissions to use SSIS stored procedures.
    • Security Check added to level 1 and level 2 policy templates that shows risk on systems where permissions have been granted to the public role on objects outside the sys schema in user databases.
    • Security Check: Unacceptable Database Ownership detects if a database is found with an unacceptable owner
    • The Risk Assessment Report has been updated with new nine security checks.

2.8 Fixed issues

Phase out IDERA SQL Secure Itanium support

IDERA is beginning to phase out all Itanium support in IDERA SQL Secure 2.6 and all subsequent 2.x versions. While 2.8 will continue to operate with Itanium and support is available, IDERA SQL Secure 3.0 will not support the Itanium processor architecture. For more information, see the product requirements.

SQL Secure Repository requires SQL Server 2005 or later

When upgrading, migrating, or deploying the SQL Secure Repository for the first time, ensure you select an instance running SQL Server 2005 or later for your target location. SQL Secure no longer supports SQL Server 2000 platform for the SQL Secure Repository.

If you are upgrading from SQL Secure version 2.0 or earlier , you will need to migrate the Repository to a SQL Server 2005 or later instance. For more information, see IDERA Solution 00002617 ("How do I migrate SQL Secure from one server to another?").

Microsoft Reporting Services 2000 is no longer supported

If you are upgrading reports from Microsoft Reporting Services 2000 , then upgrade to Microsoft Reporting Services 2005 before installing the new reports in SQL Secure 2.8 to ensure the upgrade is successful.

New credentials may be necessary when upgrading

SQL Secure no longer uses the default credentials of your SQL Server Agent to collect Operating System and SQL Server security information. If, in a previously installed version, SQL Secure was configured to use the default SQL Agent credentials to collect security information, a window will open when you first open SQL Secure 2.8, prompting you for new credentials.

Blank password not accepted when registering a SQL Server instance

When registering a new SQL Server instance, blank passwords are not accepted for SQL logins due to the extreme security risk this poses.

SQL Secure can now audit the same cluster node on which it is installed

The SQL Secure now allows you to audit security data from SQL Server instances hosted on the same cluster node that hosts the SQL Secure Collector.

Support for contained database authentication security

SQL Secure now displays information and report on the security settings of database principals used for contained database authentication and connections. Contained databases are a new security feature available in SQL Server 2012.

SQL Secure now collects security data for AlwaysOn Availability Groups

When you take snapshots of the SQL Server 2012 instances you audit, SQL Secure now collects properties or security data for the AlwaysOn Availability Groups feature. AlwaysOn can be enabled only on instances running SQL Server 2012 & 2014 Enterprise Edition.

2.7 New features

New policy templates for PCI and HIPAA

The SQL Secure policy templates now address security standards for the Payment Card Industry (PCI) and the Health Insurance Portability and Accountability Act (HIPAA), allowing you to immediately begin accessing your SQL Server environment against these regulations.

New weak password detection

SQL Secure now detects and analyses the password health of SQL logins on your audited SQL Server instances, reporting when passwords are blank or weak.

New security checks

SQL Secure now provides these additional security checks to help you further harden the security of your SQL Server instances:

  • Weak Passwords
  • Public Role Has Permissions on Database User Objects
  • Integration Services Roles Have Dangerous Security Principals
  • Integration Services Permissions Not Acceptable
  • These security checks are enabled in the IDERA Level 3 policy template.

New FIPS support

SQL Secure now supports auditing and assessing the security of SQL Server instances located in environments that require FIPS compliance.

New SQL Server 2012 support

SQL Secure now offers full support of SQL Server 2012 RTM.

2.7 Fixed issues

  • When changing server connection credentials, SQL Secure now identifies other audited SQL Server instances that use the same account and then lets you change their connection credentials as well.
  • SQL Secure now correctly processes local account information for SQL Server instances operating in clustered environments.
  • Snapshots that have been marked as baselines are no longer deleted from the SQL Secure Repository database during grooming.
  • The SQL Secure Collector now correctly gets file permissions for service executable files when the file name is specified in upper case.
  • The SQL Secure Collector now correctly gets permissions data for system databases that are not located on the local drive of the target SQL Server instance.
  • SQL Secure now successfully displays the Server Security Report Card and generates the Risk Assessment report when the audited SQL Server instance and the instance hosting the SQL Secure Repository have been assigned different collations.
  • When scheduling monthly snapshots, SQL Secure now correctly applies the "3rd," "4th," and "Last" options for specific days of the month.

...


IDERA Website | Products | Buy | Support | Community | About Us | Resources | Legal