Page History

This build of IDERA SQL Secure includes many fixed issues, including the following previous updates.

3.1.200 New features

Allows reference to decommissioned server instance snapshots

IDERA SQL Secure 3.1.200 now allows you to reference snapshots of decommissioned instances. Previously, IDERA SQL Secure removed permissions data for a server when it is removed from auditing. The only way to save the permissions and snapshot information for that instance was to back up the repository before decommissioning. 

Supports TLS 1.2

IDERA SQL Secure 3.1.200 includes support for Transport Layer Security (TLS) version 1.2. The TLS protocol provides encryption, authentication, and data privacy and integrity when transferring information over a network, including VPN, VOIP, and instant messaging.

Includes new product versioning (x.x.x.x)

For internal tracking reasons, this release of IDERA SQL Secure includes an updated product versioning format from three to four parts. For example, the previous version of SQL Secure was version 3.1.0 (x.x.x) and this release is 3.1.200.x (x.x.x.x).

3.1.200 Fixed issues

• This release fixes an issue causing the SQL Secure Risk Assessment Comparison Report to show changes between snapshots when no changes actually occurred.
• Users now can remove a server instance without first removing it from an assessment or draft. If any assessment data exists, the user is asked whether they want to remove the server from all active assessments as well. If Yes, the assessment is kept intact while the instance is deleted. If No, the server is removed from the assessment as well.
• The SQL Server SYSADMIN Accounts security check now reports an accurate status instead of always reporting OK and not displaying any accounts. This metric did and continues to report correctly in a snapshot.
• Resolved an issue that caused the following error while processing a security check when Database roles and members is enabled: "Error 515 encountered on line xxxx: Cannot insert the value NULL into column 'usertype', table '@DatabaseRoleUsers'; column does not allow nulls. INSERT fails."
• This release fixes an error regarding SQL Server 2014 and SQL Server 2016 accounts in the Unauthorized Account security check. Previously, the Unauthorized Account security check for SQL Server 2014 initially reported, "No issues found." Then, when a SQL Server 2016 server was added, it listed the unauthorized accounts in the result. However, when going back to the SQL Server 2014 server, it displayed the same unauthorized accounts results that the SQL Server 2016 server revealed.
• Resolved an issue causing the error message,"Cannot insert duplicate key in object 'dbo.<servername>'. The duplicate key value is (1281, 327). The statement has been terminated." when attempting to create a snapshot.
• Changed the Unauthorized Account Check wording from, "Specify the unauthorized accounts," to "Specify the authorized accounts," in the description for the Criteria entry on the Policy Properties page and on the edit Values for Security Check window.
• When a user registers a virtual server that is part of a failover cluster, the name now correctly resolves to the cluster name.
• Resolved an issue with the Database roles and members and the Server roles and members security checks that caused metrics to provide details from other instances/databases.
• The GUI on the final screen of the SQL Secure Setup Wizard was updated to resolve the cut-off content of the descriptive text.
• The Launch SQL Secure Console is now enabled after a new installation or upgrade.
• The uninstallation wizard is updated to no longer show an incorrect final window.
• The copyright year is now correct throughout the product.
• The descriptive text within the Row-Level Security check is changed from, "... is configured for specific databases ..." to, "... is configured for specific tables ...".
• The descriptive text within the Dynamic Data Masking security check is changed from, "... is configured for specific databases ..." to, "... is configured for specific columns ...".

3.1 New features

Supports auditing of Azure SQL Database and SQL Server running in Azure virtual machines

IDERA SQL Secure 3.1 offers Cloud-specific capabilities for Azure-hosted SQL Server databases, including:

• Azure SQL Database and SQL Server running on Azure Virtual Machines (VMs).
• Security audits on Azure SQL Database instances and Azure Active Directory.
• Connecting to fully-qualified domain names for Azure VMs and Azure SQL Database instances as registered servers.

Expands installation options

IDERA SQL Secure 3.1 includes expanded installation options to support hybrid cloud environments.

Expands Security Check coverage

This release expands Security Check coverage for data protection, encryption, and firewall rules for the SQL Server platform, including Always Encrypted and Transparent Data Encryption.

Moved to the Windows .NET 4.6 framework

IDERA SQL Secure 3.1 supports Microsoft Windows operating systems using .NET 4.6. For more information about requirements, see Product requirements.

3.1 Fixed issues

There are no fixed issues in this release.

3.0 New features

Added SQL Server file import

...

• IDERA SQL Secure now supports SQL Server 2014
• IDERA SQL Secure now supports Always On Availability Groups
• IDERA SQL Secure now allows you to install the SQL Secure Repository on a failover cluster. The installer provides an option to select Cluster installation and specify a cluster node.
• Policy Templates have been updated to use the latest versions of SQL Server and OS:

• • Updated to policy templates:
    
    • CIS v 2.0 for SQL Server 2005 (from version 1.2)
    • PCI-DSS v 3.0 Guidelines for SQL Server (from version 2.0)
    • HIPAA Guidelines for SQL Server - update security checks as needed e.g. Operating System Version
  • Added templates for:
    • CIS v1.1.0 for SQL Server 2008
    • CIS v1.0.0 for SQL Server 2012
    • MS Best Practices Analyzer for 2008
    • MS Best Practices Analyzer for 2012
• This version had updated to a granular process for Exporting and Importing policies, so that authorized SQL Logins can be excluded from exporting, and when imported the active settings for those checks remain unmodified.
• The process for registering new SQL Server instances with IDERA SQL Secure now allows to define folders for file system permissions checks.
• IDERA SQL Secure now supports Sequence Objects for SQL Server 2012.
• IDERA SQL Secure supports users in contained databases for SQL Server 2012 and 2014.
• IDERA SQL Secure now provides the following new Security Checks:
  • Security Check for SQL Server Integration Services (SSIS) to verify if any public or other unauthorized principals have been granted permissions to use SSIS stored procedures.
  • Security Check added to level 1 and level 2 policy templates that shows risk on systems where permissions have been granted to the public role on objects outside the sys schema in user databases.
  • Security Check: Unacceptable Database Ownership detects if a database is found with an unacceptable owner
  • The Risk Assessment Report has been updated with new nine security checks.

2.8 Fixed issues

Phase out IDERA SQL Secure Itanium support

IDERA is beginning to phase out all Itanium support in IDERA SQL Secure 2.6 and all subsequent 2.x versions. While 2.8 will continue to operate with Itanium and support is available, IDERA SQL Secure 3.0 will not support the Itanium processor architecture. For more information, see the product requirements.

SQL Secure Repository requires SQL Server 2005 or later

When upgrading, migrating, or deploying the SQL Secure Repository for the first time, ensure you select an instance running SQL Server 2005 or later for your target location. SQL Secure no longer supports SQL Server 2000 platform for the SQL Secure Repository.

If you are upgrading from SQL Secure version 2.0 or earlier , you will need to migrate the Repository to a SQL Server 2005 or later instance. For more information, see IDERA Solution 00002617 ("How do I migrate SQL Secure from one server to another?").

Microsoft Reporting Services 2000 is no longer supported

If you are upgrading reports from Microsoft Reporting Services 2000 , then upgrade to Microsoft Reporting Services 2005 before installing the new reports in SQL Secure 2.8 to ensure the upgrade is successful.

New credentials may be necessary when upgrading

SQL Secure no longer uses the default credentials of your SQL Server Agent to collect Operating System and SQL Server security information. If, in a previously installed version, SQL Secure was configured to use the default SQL Agent credentials to collect security information, a window will open when you first open SQL Secure 2.8, prompting you for new credentials.

Blank password not accepted when registering a SQL Server instance

When registering a new SQL Server instance, blank passwords are not accepted for SQL logins due to the extreme security risk this poses.

SQL Secure can now audit the same cluster node on which it is installed

The SQL Secure now allows you to audit security data from SQL Server instances hosted on the same cluster node that hosts the SQL Secure Collector.

Support for contained database authentication security

SQL Secure now displays information and report on the security settings of database principals used for contained database authentication and connections. Contained databases are a new security feature available in SQL Server 2012.

SQL Secure now collects security data for AlwaysOn Availability Groups

When you take snapshots of the SQL Server 2012 instances you audit, SQL Secure now collects properties or security data for the AlwaysOn Availability Groups feature. AlwaysOn can be enabled only on instances running SQL Server 2012 & 2014 Enterprise Edition.