Page History

IDERA SQL Secure provides the following new features and fixed issues.

...

3.

...

0 New features

Improved Name Matches selection of rule filter properties

IDERA SQL Secure 2.9 simplifies the process for selecting a named variable when setting filter properties. Click Any in the Name Matches column of the Filter Properties dialog box, and SQL Secure displays a dialog box that allows you to see a list of available elements and a list of selected elements, and easily move the databases, tables, views, or functions between the two lists.

The list is populated based on the row where you click Any, i.e. if you click to select items from the Tables where row, the list displays only tables. To select more than one element at a time, press and hold the Shift key to click the first and last element in a series or press Ctrl and then click each element not in a series. Click Add to move elements form the Available list to the Selected list. Click Remove to move elements from the Selected list to the Available list. Search functionality also is available in this dialog box. Note that you can use wildcards when entering a search string. For more information about using Filter Properties, see Edit filter settings.

Enhanced reporting

Expanded some reports to show users within groups

The User Permissions, All User Permissions, and Database Roles reports now provide an option to view access at the user level within a group.The new Level field in the report filter allows you to select Member to display access results at the group (member) level or select User to display access results that show individual user account names within the group as well as whether the account is enabled. For more information about using reports within SQL Secure, see Report on SQL Server Security.

Additional enhancements to the All User Permissions report

While the All User Permissions report now includes user-level information, it also includes updates that allow you to run the report for one or more specific databases. The All User Permissions report displays user permissions at the object level. SQL Secure 2.9 includes a new Database field and corresponding All Databases check box that allows you to enter specific databases to include in the report, or check the box to include all databases within the selected SQL Server.

Clear the All Databases check box to enable selection of one or more databases in the displayed list. To select more than one database at a time, press and hold the Shift key to click the first and last databases in a series or press Ctrl and then click each database not in a series. For more information about using reports within SQL Secure, see Report on SQL Server Security.

Supports SQL Server 2016

IDERA SQL Secure 2.9 and later support SQL Server 2016 for the repository and audited instances. For more information about supported platforms, see Product requirements.

Enumerates group members in a one-way trust

SQL Secure 2.9 now can enumerate users within a group when the target server is in an environment when SQL Secure is across domains configured as a one-way trust.

Updates Guest User Enabled Access functionality

The Guest User Enabled Access check now includes msdb, master, and tempdb in the Approved user access list for all default templates.

Added SQL Server file import

Users now can import a .csv file containing the SQL Servers they want to import for registration in SQL Secure. This is an important feature for environments having more than a few SQL Servers as it allows you to bulk import data into SQL Secure. For more information about this feature, see Import SQL Server instances.

Added tags for easier server management

SQL Secure now features server group tags to allow you to more easily manage your SQL Server instance snapshots. You can select tags when registering a SQL Server or simply add a tag to your existing instances. Tags allow you to select a specific group of SQL Servers rather than selecting servers one by one. For more information about server group tags, see Manage server group tags.

Added suspect SQL Server logins report

The new Suspect SQL Logins report displays all of the suspect SQL Server Accounts that do not have any assigned permissions, i.e. databases, objects, or server files. For more information about reporting, see Report on SQL Server Security.

Expanded Risk Assessment reporting

IDERA SQL Secure 3.0 includes multiple additions and modifications to the existing Security Checks in the Risk Assessment report. These new checks include:

• Access
  
  • Files on Drive Using Not Using NTFS. Updated to support ReFS for SQL Server 2016.
  • Supported Operating Systems. Removed support for Microsoft Windows 2003 and added support for Windows 2012, Windows 2012 R2, and Windows 2016.
  • SQL Jobs and Agent. Updated to flag any case where a proxy account is not in use.
  • Encryption Methods. Updated to flag any case where unsupported encryption methods are in use. Note that beginning with SQL Server 2016, all algorithms other than AES_128, AES_192, and AES_256 are deprecated.
  • Certificate private keys were never exported. Verifies that Certificate private keys are exported.
    
• Configuration
  • Linked Server. Checks to see if there are linked servers, and then checks to see if the linked server is running as a member of the sysadmin group. Linked servers can lead to performance issues and running them using sysadmin privileges can leave a database vulnerable to corruption.
  • SQL Server Version. Checks to make sure a supported version of SQL Server is in use. Flags any case where an unsupported SQL Server version is in use.
  • Full Text Search Service Running. Checks to make sure that this service is running on the selected instance.
  • Unauthorized Accounts Check. Updated to include checks for roles beyond sysadmin, including the Separation of Duties roles in SQL Server 2014 and the roles surrounding encryption for SQL Server 2016.
  • Other General Domain Accounts Check. Update to include checks for general domain accounts such as domain Users, Everyone, and Authenticated Users added to the selected instance.
• Surface
  • SQL Server Available for Browsing. Updated the name of this check to SQL Server Browser Running.

For more information about using reports within SQL Secure, see Report on SQL Server Security.

3.0

...

Fixed issues

The following issues are fixed in IDERA SQL Secure:

• Anchor
  SQLSECU-727

• SQL Secure 2.9 fixes an issue causing SQL Secure to incorrectly report some servers as failing the Login Audit Level security check.

• SQLSECU-727

  Resolved an issue that occurred when trying to register a SQL Server instance, which is clustered and using AlwaysOn Availability Groups. The system tried to register the Cluster Server Name instead of the SQL Server Instance Name.

• Anchor
  SQLSECU-728 SQLSECU-728

  Resolved an issue that caused SQL Server administrator accounts to show sysadmin accounts for other servers in the Server Security Report Card.

• Anchor
  SQLSECU-719 SQLSECU-719

  SQL Secure no longer incorrectly pulls database role information from SQL Server 2000 databases.

• Anchor
  SQLSECU-1173 SQLSECU-1173

  Users no longer receive false warning messages when running a snapshot.

• Anchor
  SQLSECU-725 SQLSECU-725

  Resolved an issue that caused the system to display authorized accounts as unauthorized when a wildcard was included in the list of authorized accounts in Unauthorized Accounts Are SysadminsAn issue that triggered an email notification after data collection that stated that suspect windows were encountered no longer occurs.