SQL Server Profiler must be protected from unauthorized access, modification, or removal.

SQL Server Profiler must be protected from unauthorized access, modification, or removal.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-67797	SQL4-00-013910	SV-82287r1_rule		Medium

Description
Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. SQL Server Profiler is one such tool. If an attacker were to gain access to audit tools, he could analyze audit logs for system weaknesses or weaknesses in the auditing itself. An attacker could also manipulate logs to hide evidence of malicious activity.

STIG	Date
MS SQL Server 2014 Instance Security Technical Implementation Guide	2017-07-19

Details

Check Text ( C-68365r1_chk )
In Windows Explorer, navigate to :\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn. Right-click on the file PROFILER.EXE; select Properties. Click on the Security tab. Review the users and groups listed, and the permissions granted to each. If PROFILER.EXE can be executed or modified by any unauthorized users, this is a finding.

Fix Text (F-73913r1_fix)
Apply or modify permissions on PROFILER.EXE to make it accessible by authorized personnel only.