DBMS service identification should be unique and clearly identifies the service.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15622 | DG0104-SQLServer9 | SV-24267r1_rule | DCFA-1 | Low |
| Description |
|---|
| Local or network services that do not employ unique or clearly identifiable targets can lead to inadvertent or unauthorized connections. |
| STIG | Date |
|---|---|
| Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-06-16 |
Details
| Check Text ( C-13825r1_chk ) |
|---|
| Review the SQL Server database names on the DBMS host: Go to Start / Administrative Tools / Services View service names that begin with "SQL Server". The database name is in parenthesis (NAME). If database names as listed do not clearly identify the use of the database or clearly differentiate individual databases, this is a Finding. An example of database naming that meets the requirement: prdinv01 (Production Inventory Database #1) dvsales02 (Development Sales Database #2) msfindb1 (Microsoft Financials Database #1) Examples of instance naming that do not meet the requirement: database1, MyDatabase, SQL7 Interview the DBA to get an understanding of the naming scheme used to determine if the names are clear differentiations. |
| Fix Text (F-20093r1_fix) |
|---|
| Follow instructions for renaming a database instance: Review the sp_dropserver and sp_addserver procedures Set the value so that it does not identify the SQL Server version and clearly identifies its purpose. |