SQL Server must disable communication protocols not required for operation.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-213875	SQL4-00-034200	SV-213875r855547_rule		Medium

Description
Having unnecessary protocols enabled exposes the system to avoidable threats. In a typical installation, only TCP/IP will be required.

STIG	Date
MS SQL Server 2014 Instance Security Technical Implementation Guide	2022-09-12

Details

Check Text ( C-15094r312976_chk )
Review the system security plan to determine the communication protocols used by the SQL Server instance. Open SQL Server Configuration Manager from the Windows Start menu or by entering "SQLServerManager12.msc" in a Command Prompt window or in the Run dialog box. Select SQL Server Network Configuration >> Protocols for . Review the list of protocols. If any that are not required are shown as enabled, this is a finding.

Check Text ( C-15094r312976_chk )

Review the system security plan to determine the communication protocols used by the SQL Server instance.

Open SQL Server Configuration Manager from the Windows Start menu or by entering "SQLServerManager12.msc" in a Command Prompt window or in the Run dialog box. Select SQL Server Network Configuration >> Protocols for . Review the list of protocols.

If any that are not required are shown as enabled, this is a finding.

Fix Text (F-15092r312977_fix)
In SQL Server Configuration Manager, right-click on each enabled protocol that is not required. Select Disabled. Close SQL Server Configuration Manager. Restart SQL Server.