Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-41309 | SQL2-00-001300 | SV-53791r1_rule | Medium |
Description |
---|
Remote access is any access to an organizational information system by a user (or an information system) communicating through an external, non-organization-controlled network (e.g., the Internet). The session data traversing the remote connection could be intercepted and compromised. Cryptography provides a means to secure the remote connection to prevent unauthorized access to the data traversing the remote access connection, thereby providing a degree of confidentiality. The encryption strength of mechanism is selected based on the security categorization of the information traversing the remote connection. Databases that accept remote connections must use approved cryptography to prevent disclosure of data being passed via an unsecure network. If approved cryptography is not used, data can be intercepted or compromised. |
STIG | Date |
---|---|
Microsoft SQL Server 2012 Database Instance Security Technical Implementation Guide | 2014-06-23 |
Check Text ( C-47878r2_chk ) |
---|
From a Command Prompt, open SQL Server Configuration Manager by typing sqlservermanager11.msc, and pressing [ENTER]. Navigate to SQL Server Configuration Manager >> SQL Server Network Configuration. Right click on Protocols for [NAME OF INSTANCE], where [NAME OF INSTANCE] is a placeholder for the SQL Server instance name, and click on Properties. On the Flags tab, if Force Encryption is set to YES, examine the certificate used on the Certificate tab. If it is a DoD Certificate, this is not a finding. If Force Encryption is set to NO, or a DoD Certificate is not utilized, this is a finding. |
Fix Text (F-46700r2_fix) |
---|
Configure SQL Server to encrypt data passing over remote connections. From a Command Prompt, open SQL Server Configuration Manager by typing sqlservermanager11.msc, and pressing [ENTER]. Navigate to SQL Server Configuration Manager >> SQL Server Network Configuration. Right click on Protocols for [NAME OF INSTANCE], where [NAME OF INSTANCE] is a placeholder for the SQL Server instance name, and click on Properties. On the Flags tab, set Force Encryption to YES, and provide a DoD certificate on the Certificate tab. |