An error occurred:

Check: TANS-DB-000005

Tanium 7.x STIG: TANS-DB-000005 (in versions v2 r3 through v1 r1)

Title

Firewall rules must be configured on the Tanium Server for server-to-database communications. (Cat II impact)

Discussion

The Tanium Server can use either a SQL Server relational database management system (RDBMS) installed locally to the same device as the Tanium Server application or a remote dedicated or shared SQL Server instance. Using a local SQL Server database typically requires no changes to network firewall rules since all communication remains on the Tanium application server device. To access database resources installed to a remote device, however, the Tanium Server service communicates over the port reserved for SQL, by default port 1433, to the database. Port Needed: Tanium Server to Remote SQL Server over TCP port 1433. Network firewall rules: Allow TCP traffic on port 1433 from the Tanium Server device to the remote device hosting the SQL Server RDBMS.

Check Content

Consult with the Tanium system administrator to verify which firewall is being used as a host-based firewall on the Tanium Server. 1. Access the Tanium Server. 2. Log on to the server with an account that has administrative privileges. 3. Access the host-based firewall configuration on the Tanium Server. 4. Validate a rule exists for the following: Port Needed: Tanium Server to Remote SQL Server over TCP port 1433. If a host-based firewall rule does not exist to allow Tanium Server to Remote SQL Server over TCP port 1433, this is a finding. Consult with the network firewall administrator and validate rules exist for the following: Allow traffic from Tanium Server to Remote SQL Server over TCP port 1433. If a network firewall rule does not exist to allow traffic from Tanium Server to Remote SQL Server over TCP port 1433, this is a finding.

Fix Text

1. Configure host-based firewall rules on the Tanium Server to include the following required traffic: Allow TCP traffic on port 1433 from the Tanium Server to the Remote SQL Server. 2. Configure the network firewall to allow the above traffic.

Additional Identifiers

Rule ID: SV-253836r1099950_rule

Vulnerability ID: V-253836

Group Title: SRG-APP-000383

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001762

Disable or remove organization-defined functions, ports, protocols, software, and services within the system deemed to be unnecessary and/or nonsecure.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-7(1)

Periodic Review