3.10 Ensure SharePoint database servers are segregated from application server and placed in a secure zone.

Information

Segregating the SharePoint database server from the application server provides a layered defense architecture.
Rationale:
A layered defense architecture provides additional security and reduces the attack vector of an environment. When the SharePoint database server is segregated from the application server only specific ports can be opened from the application server to the database server reducing the attack vector and access to the critical data stored on the SharePoint database.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Review the SharePoint server architecture and move the SharePoint database server in a secure network zone. Only open the specific ports required from the application server to the database server.
Impact:
A malicious actor could gain access to the SharePoint database server and extract the sensitive information stored in the database.

See Also

https://workbench.cisecurity.org/files/2031