2.11 Ensure Unnecessary SQL Server Protocols are set to 'Disabled' - 'Shared Memory protocol is enabled'

Information

SQL Server supports Shared Memory, Named Pipes, TCP/IP and VIA protocols. However, SQL Server should be configured to use the bare minimum required based on the organization's needs.

Rationale:

Using fewer protocols minimizes the attack surface of SQL Server and, in some cases, can protect it from remote attacks.

Solution

Open SQL Server Configuration Manager; go to the SQL Server Network Configuration. Ensure that only required protocols are enabled. Disable protocols not necessary.

Impact:

The Database Engine must be stopped and restarted for the change to take effect.

Default Value:

By default, TCP/IP and Shared Memory protocols are enabled on all commercial editions.

References:

http://msdn.microsoft.com/en-us/library/ms191294(v=sql.105).aspx

http://msdn.microsoft.com/en-us/library/ms191294(v=sql.100).aspx

See Also

https://workbench.cisecurity.org/files/2834

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-4, CSCv6|9.1, CSCv7|9.2

Plugin: Windows

Control ID: 3e7932d7370bc3c6da8367c5e2cd4319110cdc20c4ec9dbf3593f33fba37363a