Download   Report
  1. technology and computing
  2. software
  3. databases

CIS Microsoft SQL Server 2008 R2 Database v1.0.0 Level 1 OS

CIS Microsoft SQL Server
2008 R2 Database v1.0.0
Level 1 OS
October 30, 2014 at 7:51pm EDT
SC Researcher [SC_Researcher]
RESEARCH
Confidential: The following report contains confidential information. Do not distribute,
email, fax, or transfer via any electronic mechanism unless it has been approved by the
recipient company's security policy. All copies and backups of this document should be
saved on protected storage at all times. Do not share any of the information contained
within this report with anyone unless they are authorized to view the information. Violating
any of the previous instructions is grounds for termination.
Table of Contents
About This Report
................................................................................................................................................................................................
1
Chapter 2
2
Chapter 6
6
..........................................................................................................................................................................................................................
2.11 - Data CIS_Microsoft_SQL_Server_2008_R2_Database_v1_0_0_Level_1_OS .................................................................................................. 2
2.12 - Data CIS_Microsoft_SQL_Server_2008_R2_Database_v1_0_0_Level_1_OS ................................................................................................. 4
..........................................................................................................................................................................................................................
6.1 - Data CIS_Microsoft_SQL_Server_2008_R2_Database_v1_0_0_Level_1_OS ....................................................................................................6
Table of Contents
CIS Microsoft SQL Server 2008
R2 Database v1.0.0 Level 1 OS
i
About This Report
This report is a template used for reporting on the results from CIS compliance scans with the
CIS_Microsoft_SQL_Server_2008_R2_Database_v1_0_0_Level_1_OS audit file. The Center for Internet
Security is an organization that works with end users, vendors, and auditors to develop a set of 'best practice'
security standards for configuring operating systems and applications. These 'best practices' are known as
'CIS Benchmarks'.
Tenable Network Security is a CIS member and has submitted several audit
policies for certification against specific benchmarks. The policies included in
CIS_Microsoft_SQL_Server_2008_R2_Database_v1_0_0_Level_1_OS have been approved and have
been certified by CIS staff members. Tenable has submitted example positive and negative test cases for
each of the unique test criteria for CIS_Microsoft_SQL_Server_2008_R2_Database_v1_0_0_Level_1_OS
benchmarks.
The CIS_Microsoft_SQL_Server_2008_R2_Database_v1_0_0_Level_1_OS CIS audit file contains a
description of how to perform the scan. When performing managed scans with SecurityCenter, some CIS
audits require additional patch audits and vulnerability checks. Any additional requirements for completing an
audit with CIS_Microsoft_SQL_Server_2008_R2_Database_v1_0_0_Level_1_OS are included with the audit
file description text. In some cases, multiple scans may be required to be performed.
When performing audit scans with SecurityCenter, the
CIS_Microsoft_SQL_Server_2008_R2_Database_v1_0_0_Level_1_OS must first be uploaded
to SecurityCenter. Next, the appropriate credentials must be added, after which a scan policy
can be created. Finally, a scan can be scheduled. As part of the post scan jobs, the 'AutoRun Reports' can be enabled automatically, running this report on the data collected for the
CIS_Microsoft_SQL_Server_2008_R2_Database_v1_0_0_Level_1_OS.
If there are several audit scans and the auditor would like the data in a single report for
CIS_Microsoft_SQL_Server_2008_R2_Database_v1_0_0_Level_1_OS, then editing the report
template is required. When editing the report template, first go to Reports and select the
CIS_Microsoft_SQL_Server_2008_R2_Database_v1_0_0_Level_1_OS report, then click on the 'Edit' button.
Navigate to the definition, and select 'Find / Update' link in the top center of the screen.
In the top search filter, select 'Audit File' and 'is not set', then click 'Save'. The filter
will then move to just below the 'Add Filter' link. Next, under 'Update Actions', select
'Audit File' and select 'is set to'. A new box will appear with a drop-down list, select the
CIS_Microsoft_SQL_Server_2008_R2_Database_v1_0_0_Level_1_OS and click 'Save'. Note that the results
will be displayed in the windows on the bottom. Click the 'Update' button just above the results box. The
screen will update with a specified number of filters updated. Now you can close the window and submit
the report. Next, launch the report. This report sometimes can take a while depending on the length of the
CIS_Microsoft_SQL_Server_2008_R2_Database_v1_0_0_Level_1_OS and the number of systems checked.
This .audit file is written against the Center for Internet Security benchmark for Microsoft SQL
Server 2008 R2 Database, version 1.0.0. https://benchmarks.cisecurity.org/tools2/sqlserver/
CIS_Microsoft_SQL_Server_2008_R2_Database_Engine_Benchmark_v1.0.0.pdf
About This Report
CIS Microsoft SQL Server 2008
R2 Database v1.0.0 Level 1 OS
1
Chapter 2
2.11 - Data
CIS_Microsoft_SQL_Server_2008_R2_Database_v1_0_0_Level_1_OS
Section Matrix Summary
System Count
7 Days
14 Days
21 Days
28 Days
> 29 Days
Passed
Manual
Failed
1
1
0
1
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
1
Compliance By Subnet (Top 10)
Chapter 2
CIS Microsoft SQL Server 2008
R2 Database v1.0.0 Level 1 OS
2
Failed Check Summary
Plugin Name
Severity
Total
High
1
2.11 Disable Unnecessary SQL Server Protocols - 'VIA protocol is disabled'
Hosts in Repository 'LocalRep':
172.26.22.40 - MAC Address: 00:50:56:bd:65:77 DNS Name: WIN-G0ECV72RO5S NetBIOS Name: WORKGROUP\WIN-G0ECV72RO5S
Plugin Name
Severity
Total
2.11 Disable Unnecessary SQL Server Protocols - 'TCP/IP protocol is disable
d'
High
1
Hosts in Repository 'LocalRep':
172.26.22.40 - MAC Address: 00:50:56:bd:65:77 DNS Name: WIN-G0ECV72RO5S NetBIOS Name: WORKGROUP\WIN-G0ECV72RO5S
Plugin Name
Severity
Total
High
1
2.11 Disable Unnecessary SQL Server Protocols - 'Named Pipes protocol is
disabled'
Hosts in Repository 'LocalRep':
172.26.22.40 - MAC Address: 00:50:56:bd:65:77 DNS Name: WIN-G0ECV72RO5S NetBIOS Name: WORKGROUP\WIN-G0ECV72RO5S
Manual Check Required Summary
Plugin Name
Severity
Total
Info
Hosts in Repository 'Individual Scan':
Passed Checks
Plugin Name
Severity
Total
Info
1
2.11 Disable Unnecessary SQL Server Protocols - 'Shared Memory protocol
is enabled'
Hosts in Repository 'LocalRep':
172.26.22.40 - MAC Address: 00:50:56:bd:65:77 DNS Name: WIN-G0ECV72RO5S NetBIOS Name: WORKGROUP\WIN-G0ECV72RO5S
Chapter 2
CIS Microsoft SQL Server 2008
R2 Database v1.0.0 Level 1 OS
3
2.12 - Data
CIS_Microsoft_SQL_Server_2008_R2_Database_v1_0_0_Level_1_OS
Section Matrix Summary
System Count
Passed
Manual
Failed
7 Days
1
0
0
1
14 Days
0
0
0
0
21 Days
0
0
0
0
28 Days
0
0
0
0
> 29 Days
0
0
0
0
Compliance By Subnet (Top 10)
Chapter 2
CIS Microsoft SQL Server 2008
R2 Database v1.0.0 Level 1 OS
4
Failed Check Summary
Plugin Name
Severity
Total
High
1
2.12 Configure SQL Server to use non-standard ports
Hosts in Repository 'LocalRep':
172.26.22.40 - MAC Address: 00:50:56:bd:65:77 DNS Name: WIN-G0ECV72RO5S NetBIOS Name: WORKGROUP\WIN-G0ECV72RO5S
Manual Check Required Summary
Plugin Name
Severity
Total
Info
Hosts in Repository 'Individual Scan':
Passed Checks
Plugin Name
Severity
Total
Info
Hosts in Repository 'Individual Scan':
Chapter 2
CIS Microsoft SQL Server 2008
R2 Database v1.0.0 Level 1 OS
5
Chapter 6
6.1 - Data
CIS_Microsoft_SQL_Server_2008_R2_Database_v1_0_0_Level_1_OS
Section Matrix Summary
System Count
7 Days
14 Days
21 Days
28 Days
> 29 Days
Passed
Manual
Failed
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Compliance By Subnet (Top 10)
Chapter 6
CIS Microsoft SQL Server 2008
R2 Database v1.0.0 Level 1 OS
6
Failed Check Summary
Plugin Name
Severity
Total
Info
Hosts in Repository 'Individual Scan':
Manual Check Required Summary
Plugin Name
Severity
Total
Info
Hosts in Repository 'Individual Scan':
Passed Checks
Plugin Name
Severity
Total
Info
1
6.1 Set the 'Maximum number of error log files' setting to 12
Hosts in Repository 'LocalRep':
172.26.22.40 - MAC Address: 00:50:56:bd:65:77 DNS Name: WIN-G0ECV72RO5S NetBIOS Name: WORKGROUP\WIN-G0ECV72RO5S
Chapter 6
CIS Microsoft SQL Server 2008
R2 Database v1.0.0 Level 1 OS
7
Tayyib Oladoja PERSONAL STATEMENT

Tayyib Oladoja PERSONAL STATEMENT

Software Engineer

Software Engineer

Susan Grayson, MCITP

Susan Grayson, MCITP

How to connect to the Procare SQL Express database using... Step 1: Click on New

How to connect to the Procare SQL Express database using... Step 1: Click on New

Document 388498

Document 388498

Title of the course Code Semester Theory

Title of the course Code Semester Theory

Bernd Schneider Technical Solution Professional - BI Microsoft Schweiz

Bernd Schneider Technical Solution Professional - BI Microsoft Schweiz

S R AMPLE ESUME

S R AMPLE ESUME

Document 387051

Document 387051

AuditWizard™ V7 How to Share the AuditWizard™ Database and Access it Remotely

AuditWizard™ V7 How to Share the AuditWizard™ Database and Access it Remotely

abcdocz.com

© Copyright 2024