Remote access should be disabled if not authorized.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-2485	DM2142-SQLServer9	SV-25445r1_rule	DCFA-1	Medium

Description
The remote access option determines if connections to and from other Microsoft SQL Servers are allowed. Remote connections are used to support distributed queries and other data access and command executions across and between remote database hosts. The list of remote servers determines the servers that have defined for remote connections to and from the SQL Server instance. The list of remote logins determines which users on remote servers can connect to and from other SQL Servers. Remote servers and logins that are not properly secured can be used to compromise the server.

Description

The remote access option determines if connections to and from other Microsoft SQL Servers are allowed. Remote connections are used to support distributed queries and other data access and command executions across and between remote database hosts. The list of remote servers determines the servers that have defined for remote connections to and from the SQL Server instance. The list of remote logins determines which users on remote servers can connect to and from other SQL Servers. Remote servers and logins that are not properly secured can be used to compromise the server.

STIG	Date
Microsoft SQL Server 2005 Instance Security Technical Implementation Guide	2015-06-16

Details

Check Text ( C-23658r1_chk )
From the query prompt: SELECT CAST(value AS INT) 'Config_Value' FROM [master].sys.configurations WHERE name = 'remote access' If a value of 1 is returned for Config_Value, remote access is enabled. If the use of linked servers is not documented and authorized in the System Security Plan and AIS Functional Architecture documentation, this is a Finding. If the use of linked servers is not approved by the IAO, this is a Finding. Note: See check DG0190 for authorized linked servers. If remote access is not documented in the System Security Plan and AIS Functional Architecture documentation regardless of authorization or use, this is a Finding.

Check Text ( C-23658r1_chk )

From the query prompt:

SELECT CAST(value AS INT) 'Config_Value'
FROM [master].sys.configurations
WHERE name = 'remote access'

If a value of 1 is returned for Config_Value, remote access is enabled.

If the use of linked servers is not documented and authorized in the System Security Plan and AIS Functional Architecture documentation, this is a Finding.

If the use of linked servers is not approved by the IAO, this is a Finding.

Note: See check DG0190 for authorized linked servers.

If remote access is not documented in the System Security Plan and AIS Functional Architecture documentation regardless of authorization or use, this is a Finding.

Fix Text (F-2513r1_fix)
Document remote access in the System Security Plan and AIS Functional Architecture documentation. If required and authorized, document the requirement and authorization in the System Security Plan and AIS Functional Architecture documentation. To enable remote access: From the query prompt: EXEC SP_CONFIGURE 'remote access', 1 RECONFIGURE If not required, disable remote access and document the requirement and authorization in the System Security Plan and AIS Functional Architecture documentation. To disable remote access: From the query prompt: EXEC SP_CONFIGURE 'remote access', 0 RECONFIGURE Follow procedures documented on Microsoft's website on how to configure a remote server setup. http://support.microsoft.com/kb/914277

Fix Text (F-2513r1_fix)

Document remote access in the System Security Plan and AIS Functional Architecture documentation.

If required and authorized, document the requirement and authorization in the System Security Plan and AIS Functional Architecture documentation.

To enable remote access:

From the query prompt:

EXEC SP_CONFIGURE 'remote access', 1
RECONFIGURE

If not required, disable remote access and document the requirement and authorization in the System Security Plan and AIS Functional Architecture documentation.

To disable remote access:

From the query prompt:

EXEC SP_CONFIGURE 'remote access', 0
RECONFIGURE

Follow procedures documented on Microsoft's website on how to configure a remote server setup.

http://support.microsoft.com/kb/914277