If passwords are used for authentication, SQL Server must transmit only encrypted representations of passwords.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-67865	SQL4-00-018700	SV-82355r1_rule		High

Description
Passwords need to be protected at all times and encryption is the standard method for protecting passwords during transmission. DBMS passwords sent in clear text format across the network are vulnerable to discovery by unauthorized users. Disclosure of passwords may easily lead to unauthorized access to the database.

STIG	Date
MS SQL Server 2014 Instance Security Technical Implementation Guide	2016-06-27

Details

Check Text ( C-68433r1_chk )
From a command prompt, open SQL Server Configuration Manager by typing sqlservermanager12.msc, and pressing [ENTER]. Navigate to SQL Server Configuration Manager >> SQL Server Network Configuration. Right-click on Protocols for , where is a placeholder for the SQL Server instance name, and click on Properties. On the Flags tab, if Force Encryption is set to NO, this is a finding. On the Flags tab, if Force Encryption is set to YES, examine the certificate used on the Certificate tab. If it is not a DoD certificate, or if no certificate is listed, this is a finding.

Check Text ( C-68433r1_chk )

From a command prompt, open SQL Server Configuration Manager by typing sqlservermanager12.msc, and pressing [ENTER].

Navigate to SQL Server Configuration Manager >> SQL Server Network Configuration. Right-click on Protocols for , where is a placeholder for the SQL Server instance name, and click on Properties.

On the Flags tab, if Force Encryption is set to NO, this is a finding.

On the Flags tab, if Force Encryption is set to YES, examine the certificate used on the Certificate tab.

If it is not a DoD certificate, or if no certificate is listed, this is a finding.

Fix Text (F-73981r1_fix)
Configure SQL Server to encrypt authentication data for remote connections using DoD-approved cryptography. Deploy encryption to the SQL Server Network Connections. From a command prompt, open SQL Server Configuration Manager by typing sqlservermanager12.msc, and pressing [ENTER]. Navigate to SQL Server Configuration Manager >> SQL Server Network Configuration. Right-click on Protocols for , where is a placeholder for the SQL Server instance name, and click on Properties. On the Flags tab, set Force Encryption to YES, and provide DoD certificate on the Certificate tab.

Fix Text (F-73981r1_fix)

Configure SQL Server to encrypt authentication data for remote connections using DoD-approved cryptography.

Deploy encryption to the SQL Server Network Connections.

From a command prompt, open SQL Server Configuration Manager by typing sqlservermanager12.msc, and pressing [ENTER].

Navigate to SQL Server Configuration Manager >> SQL Server Network Configuration. Right-click on Protocols for , where is a placeholder for the SQL Server instance name, and click on Properties.

On the Flags tab, set Force Encryption to YES, and provide DoD certificate on the Certificate tab.