Details

SQL Server supports Shared Memory, Named Pipes, TCP/IP and VIA protocols. However, SQL Server should be configured to use the bare minimum required based on the organization’s needs.

Rationale:

Using fewer protocols minimizes the attack surface of SQL Server and, in some cases, can protect it from remote attacks.

Solution

Open SQL Server Configuration Manager; go to the SQL Server Network Configuration. Ensure that only required protocols are enabled. Disable protocols not necessary.

Impact:

The Database Engine must be stopped and restarted for the change to take effect.

Default Value:

By default, TCP/IP and Shared Memory protocols are enabled on all commercial editions.

References:

http://msdn.microsoft.com/en-us/library/ms191294(v=sql.105).aspx

http://msdn.microsoft.com/en-us/library/ms191294(v=sql.100).aspx

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/2834

This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Windows.

References

• 800-53|SI-4
• CSCv6|9.1
• CSCv7|9.2

Source

• Tenable.com/audits