Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-67797 | SQL4-00-013910 | SV-82287r1_rule | Medium |
Description |
---|
Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. SQL Server Profiler is one such tool. If an attacker were to gain access to audit tools, he could analyze audit logs for system weaknesses or weaknesses in the auditing itself. An attacker could also manipulate logs to hide evidence of malicious activity. |
STIG | Date |
---|---|
MS SQL Server 2014 Instance Security Technical Implementation Guide | 2017-07-19 |
Check Text ( C-68365r1_chk ) |
---|
In Windows Explorer, navigate to If PROFILER.EXE can be executed or modified by any unauthorized users, this is a finding. |
Fix Text (F-73913r1_fix) |
---|
Apply or modify permissions on PROFILER.EXE to make it accessible by authorized personnel only. |