Detections
Analytics

SQL6-D0-011900 - SQL Server must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.

Information

Use of nonsecure network functions, ports, protocols, and services exposes the system to avoidable threats.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Assign the approved TCP/IP port number to the SQL Server Database Engine.
1. In SQL Server Configuration Manager, in the console pane, expand SQL Server Network Configuration, expand Protocols for <instance name>, and then double-click 'TCP/IP'.
2. In the 'TCP/IP Properties' dialog box, on the 'IP Addresses' tab, several IP addresses appear in the format IP1, IP2, up to IPAll. One of these is for the IP address of the loopback adapter, 127.0.0.1. Additional IP addresses appear for each IP Address on the computer. (You will probably see both IP version 4 and IP version 6 addresses.) Right-click each address, and then click 'Properties' to identify the IP address that you want to configure.
3. If the 'TCP Dynamic Ports' dialog box contains '0', indicating the Database Engine is listening on dynamic ports, delete the '0'.
4. In the 'IPn Properties area' box, in the 'TCP Port' box, type the port number you want this IP address to listen on, and then click 'OK'.
5. In the console pane, click 'SQL Server Services'.
6. In the details pane, right-click 'SQL Server (<instance name>)' and then click 'Restart', to stop and restart SQL Server.

To disable a server network protocol for an instance:
1. In SQL Server Configuration Manager, in the console pane, expand SQL Server Network Configuration.
2. In the console pane, click 'Protocols' for <instance name>.
3. In the details pane, right-click the protocol you want to change, and then click 'Enable' or 'Disable'.
4. In the console pane, click 'SQL Server Services'.
5. In the details pane, right-click 'SQL Server (<instance name>)', and then click 'Restart', to stop and restart the SQL Server service.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_SQL_Server_2016_Y26M01_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7(1)(b), CAT|II, CCI|CCI-001762, Rule-ID|SV-213990r961470_rule, STIG-ID|SQL6-D0-011900, STIG-Legacy|SV-93947, STIG-Legacy|V-79241, Vuln-ID|V-213990

Plugin: MS_SQLDB

Control ID: 2ad8d0fd8eeaae121f46f5caabd3145a4eada79906068572cdb7d0dc1f7a7a13