Default demonstration and sample database objects and applications should be removed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15609 | DG0014-SQLServer9 | SV-24129r2_rule | DCFA-1 | Medium |
| Description |
|---|
| Demonstration and sample database objects and applications present publicly known attack points for malicious users. These demonstration and sample objects are meant to provide simple examples of coding specific functions and are not developed to prevent vulnerabilities from being introduced to the DBMS and host system. |
| STIG | Date |
|---|---|
| Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-06-16 |
Details
| Check Text ( C-23476r2_chk ) |
|---|
| Review the list of databases defined for the instance: From the query prompt: SELECT name FROM [master].sys.databases WHERE name IN ('Northwind', 'Pubs', 'AdventureWorks', 'AdventureWorksDW', 'AdventureWorksAS', 'DataEncryptDemo') If any results are displayed, this is a Finding. |
| Fix Text (F-24673r1_fix) |
|---|
| Drop sample or demonstration databases from production instances. Verify that no production objects have been stored in demonstration or sample databases prior to dropping. DROP DATABASE [database name] |