7.4 Ensure Network Encryption is Configured and Enabled

Information

Configuring and enabling network encryption ensures traffic between the application and the database system is encrypted. This will ensure compliance to security standards such as PCI DSS, which is required if connections are through a public network.

Network encryption can be configured in SQL Server either with self-signed certificates or TLS certificates.

Rationale:

Network encryption will ensure data transmitted over the network is protected, so attackers can't ex-filtrate passwords, and confidential data. This protects against man in the middle attack, and network sniffing attacks to ex-filtrate data transmitted between the database system and applications.

Solution

Refer to Microsoft SQL Server Encryption Documentation:
https://learn.microsoft.com/en-us/sql/relational-databases/security/encryption/sql-server-encryption

See Also

https://workbench.cisecurity.org/benchmarks/7201

Item Details

Category: ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|AC-17(2), 800-53|IA-5, 800-53|IA-5(1), 800-53|SC-8, 800-53|SC-8(1), CSCv7|14.4

Plugin: MS_SQLDB

Control ID: 4c8c6183fdd3aaf15c842b2ec4c9acab6d52970c70c0cf7bb275d7bbe27cca3f