Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-15652 | DG0158-SQLServer9 | SV-25389r1_rule | EBRP-1 | Medium |
Description |
---|
When remote administration is available, the vulnerability to attack for administrative access is increased. An audit of remote administrative access provides additional means to discover suspicious activity and to provide accountability for administrative actions completed by remote users. |
STIG | Date |
---|---|
Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-06-16 |
Check Text ( C-28408r1_chk ) |
---|
If the DBMS does not provide auditing of remote administrative actions, this check is Not a Finding. Review settings for actions taken during remote administration sessions. If auditing of remote administration sessions and actions is not enabled, this is a Finding. If audit logs do not include all actions taken by database administrators during remote sessions, this is a Finding. Actions should be tied to a specific user. |
Fix Text (F-20261r1_fix) |
---|
Develop, document and implement policy and procedures for remote administration auditing. Configure the DBMS to provide an audit trail for remote administrative sessions. Include all actions taken by database administrators during remote sessions. Actions should be tied to a specific user. |