UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Access to the DBMS should be restricted to static, default network ports.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15648 DG0151-SQLServer9 SV-21459r1_rule DCPP-1 Medium
Description
Use of static, default ports helps management of enterprise network device security controls. Use of non-default ports makes tracking and protection of published vulnerabilities to services and protocols more difficult to track and block. and may result in the exposure of the database to unintended network segments and users.
STIG Date
Microsoft SQL Server 2005 Instance Security Technical Implementation Guide 2015-06-16

Details

Check Text ( C-23634r1_chk )
From the SQL Server Management Studio GUI:

1. Connect to the Analysis Services instance
2. Right click on the Analysis Services instance
3. Select Properties
4. View the value listed for Port

If the value = 0, this is a Finding (Dynamic port assignment in use).

If the value = 2383, this is Not a Finding.

The Port value may also be viewed in the Analysis Services configuration file, msmdsrv.ini under XML tag:

[Port]

The configuration file may be found in the [install dir] \ MSSQL.[#] \ OLAP \ Config directory.

If a different port is assigned, verify that the port reassignment requirement is documented and approved in the System Security Plan and AIS Functional Architecture documentation.
Fix Text (F-20147r1_fix)
Use static, default network ports.

From the SQL Server Management Studio GUI:

1. Connect to the Analysis Services instance
2. Right click on the Analysis Services instance
3. Select Properties
4. View the value listed for Port
5. Set value = 2383 or IAO-approved value
6. Click OK