Check: SQL4-00-034200
MS SQL Server 2014 Instance STIG:
SQL4-00-034200
(in versions v2 r3 through v1 r4)
Title
SQL Server must disable communication protocols not required for operation. (Cat II impact)
Discussion
Having unnecessary protocols enabled exposes the system to avoidable threats. In a typical installation, only TCP/IP will be required.
Check Content
Review the system security plan to determine the communication protocols used by the SQL Server instance. Open SQL Server Configuration Manager from the Windows Start menu or by entering "SQLServerManager12.msc" in a Command Prompt window or in the Run dialog box. Select SQL Server Network Configuration >> Protocols for <instance name>. Review the list of protocols. If any that are not required are shown as enabled, this is a finding.
Fix Text
In SQL Server Configuration Manager, right-click on each enabled protocol that is not required. Select Disabled. Close SQL Server Configuration Manager. Restart SQL Server.
Additional Identifiers
Rule ID: SV-213875r855547_rule
Vulnerability ID: V-213875
Group Title: SRG-APP-000383-DB-000364
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001762 |
The organization disables organization-defined functions, ports, protocols, and services within the information system deemed to be unnecessary and/or nonsecure. |
Controls
Number | Title |
---|---|
CM-7 (1) |
Periodic Review |