Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-15187 | DM6155-SQLServer9 | SV-25494r1_rule | DCFA-1 | Medium |
Description |
---|
Ad hoc access allows undefined access to remote systems. Access to remote systems should be controlled to prevent untrusted data to be executed or uploaded to the local server. |
STIG | Date |
---|---|
Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-06-16 |
Check Text ( C-13817r1_chk ) |
---|
From the SQL Server Management Studio GUI: 1. Expand Database 2. Expand Server Objects 3. Expand Linked Servers 4. Expand Providers 5. For each Provider listed: a. Right click on Provider name b. Click Properties c. View Provider options If "Disallow adhoc access" is not enabled (checked) for all Providers, this is a Finding. |
Fix Text (F-14837r1_fix) |
---|
Enable Disallow adhoc access for all linked servers. From the SQL Server Management Studio GUI: 1. Expand Database 2. Expand Server Objects 3. Expand Linked Servers 4. Expand Providers 5. For each Provider listed: a. Right click on Provider name b. Select Properties c. Click on the Enable check box for Name = Disallow adhoc access d. Click OK button Note: The procedure described above will disallow adhoc access for all linked servers that use the providers.. |