2.6 Ensure 'Remote Access' Server Configuration Option is set to '0'

Information

The remote access option controls the execution of local stored procedures on remote servers or remote stored procedures on local server.

Rationale:

Functionality can be abused to launch a Denial-of-Service (DoS) attack on remote servers by off-loading query processing to a target.

Impact:

Per Microsoft: This feature will be removed in the next version of Microsoft SQL Server. Do not use this feature in new development work, and modify applications that currently use this feature as soon as possible. Use sp_addlinkedserver instead.

Solution

For AWS RDS Instances, please refer to the documentation for using Parameter Groups here:
Working with parameter groups
Run the following T-SQL command:

EXECUTE sp_configure 'show advanced options', 1;
RECONFIGURE;
EXECUTE sp_configure 'remote access', 0;
RECONFIGURE;
GO
EXECUTE sp_configure 'show advanced options', 0;
RECONFIGURE;

Restart the Database Engine.

Default Value:

By default, this option is enabled (1).

See Also

https://workbench.cisecurity.org/benchmarks/7201

Item Details

Category: SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CA-9, 800-53|SC-7, 800-53|SC-7(5), CSCv7|9.2

Plugin: MS_SQLDB

Control ID: 9c4b1500d1d44db775107b80ba161a321fa51e3fab28c01c12f192836e8e1b8d