SQL Server must limit the number of concurrent sessions for each system account to an organization-defined number of sessions.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-41311 | SQL2-00-000100 | SV-53793r1_rule | Medium |
| Description |
|---|
| A variety of technologies exist to limit or, in some cases, eliminate the effects of DoS attacks. For example, boundary protection devices can filter certain types of packets to protect devices on an organization’s internal network from being directly affected by DoS attacks. Employing increased capacity and bandwidth, combined with service redundancy, may reduce the susceptibility to some DoS attacks. One way SQL Server can limit exposure of DoS attacks is through limiting the number of connections that can be opened by a single user. SQL Server supports this through the use of logon triggers. |
| STIG | Date |
|---|---|
| Microsoft SQL Server 2012 Database Instance Security Technical Implementation Guide | 2014-01-17 |
Details
| Check Text ( C-47880r2_chk ) |
|---|
| Determine if a logon trigger exists. This trigger will be in the master database. If a trigger exists, determine if the trigger will deny logon if a maximum number of concurrent sessions for a given account is exceeded. For each user within SQL Server, ensure that the logon trigger has been applied. If a logon trigger to limit concurrent sessions by a single account hasn’t been applied to system users, this is a finding. |
| Fix Text (F-46702r2_fix) |
|---|
| Implement logon triggers to restrict users from logging on multiple times. |