Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-15206 | DM6126-SQLServer9 | SV-23856r1_rule | DCFA-1 | Medium |
Description |
---|
XML Web Service endpoints expose the database its data to web service access. Where not carefully designed and implemented, web services can unnecessarily expose the database to additional exploit that compromises data confidentiality and integrity. Removing web service endpoints helps to protect the database from unauthorized web service access. |
STIG | Date |
---|---|
Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-04-03 |
Check Text ( None ) |
---|
None |
Fix Text (F-14831r1_fix) |
---|
Authorized and document XML web service endpoints in the System Security Plan and AIS Functional Architecture documentation. Where not authorized, drop XML web service endpoints. From the query prompt: DROP ENDPOINT [endpoint name] Where documented and authorized, set each endpoint to use the appropriate authentication protocol, SSL if required and disable anonymous access if not authorized. If a clear port is also required and authorized, ensure the value for clear_port is set to a known value (i.e. HTTP port 80 or other IAO authorized port value). |