Access to the DBMS should be restricted to static, default network ports.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15648 | DG0151-SQLServer9 | SV-21459r1_rule | DCPP-1 | Medium |
| Description |
|---|
| Use of static, default ports helps management of enterprise network device security controls. Use of non-default ports makes tracking and protection of published vulnerabilities to services and protocols more difficult to track and block. and may result in the exposure of the database to unintended network segments and users. |
| STIG | Date |
|---|---|
| Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-06-16 |
Details
| Check Text ( C-23634r1_chk ) |
|---|
| From the SQL Server Management Studio GUI: 1. Connect to the Analysis Services instance 2. Right click on the Analysis Services instance 3. Select Properties 4. View the value listed for Port If the value = 0, this is a Finding (Dynamic port assignment in use). If the value = 2383, this is Not a Finding. The Port value may also be viewed in the Analysis Services configuration file, msmdsrv.ini under XML tag: [Port] The configuration file may be found in the [install dir] \ MSSQL.[#] \ OLAP \ Config directory. If a different port is assigned, verify that the port reassignment requirement is documented and approved in the System Security Plan and AIS Functional Architecture documentation. |
| Fix Text (F-20147r1_fix) |
|---|
| Use static, default network ports. From the SQL Server Management Studio GUI: 1. Connect to the Analysis Services instance 2. Right click on the Analysis Services instance 3. Select Properties 4. View the value listed for Port 5. Set value = 2383 or IAO-approved value 6. Click OK |