1 Installation, Updates and Patches
Ensure Latest SQL Server Service Packs and Hotfixes are Installed
SELECT SERVERPROPERTY('ProductLevel') as SP_installed, SERVERPROPERTY('ProductVersion') as Version;
2. Ensure Single-Function Member Servers are Used
Ensure that no other roles are enabled for the underlying operating system and that no excess tooling is installed, per enterprise policy.
3.Surface Area Reduction
Ensure 'Ad Hoc Distributed Queries' Server Configuration Option is set to '0'
SELECT name, CAST(value as int) as value_configured, CAST(value_in_use as int) as value_in_use FROM sys.configurations WHERE name = 'Ad Hoc Distributed Queries';
EXECUTE sp_configure 'show advanced options', 1;
RECONFIGURE; EXECUTE sp_configure 'Ad Hoc Distributed Queries', 0;
RECONFIGURE;
GO
EXECUTE sp_configure 'show advanced options', 0; RECONFIGURE;
4 Ensure 'CLR Enabled' Server Configuration Option is set to '0'
SELECT name, CAST(value as int) as value_configured, CAST(value_in_use as int) as value_in_use FROM sys.configurations WHERE name = 'clr enabled';
EXECUTE sp_configure 'clr enabled', 0; RECONFIGURE;
Ensure Latest SQL Server Service Packs and Hotfixes are Installed
SELECT SERVERPROPERTY('ProductLevel') as SP_installed, SERVERPROPERTY('ProductVersion') as Version;
2. Ensure Single-Function Member Servers are Used
Ensure that no other roles are enabled for the underlying operating system and that no excess tooling is installed, per enterprise policy.
3.Surface Area Reduction
Ensure 'Ad Hoc Distributed Queries' Server Configuration Option is set to '0'
SELECT name, CAST(value as int) as value_configured, CAST(value_in_use as int) as value_in_use FROM sys.configurations WHERE name = 'Ad Hoc Distributed Queries';
EXECUTE sp_configure 'show advanced options', 1;
RECONFIGURE; EXECUTE sp_configure 'Ad Hoc Distributed Queries', 0;
RECONFIGURE;
GO
EXECUTE sp_configure 'show advanced options', 0; RECONFIGURE;
4 Ensure 'CLR Enabled' Server Configuration Option is set to '0'
SELECT name, CAST(value as int) as value_configured, CAST(value_in_use as int) as value_in_use FROM sys.configurations WHERE name = 'clr enabled';
EXECUTE sp_configure 'clr enabled', 0; RECONFIGURE;
No comments:
Post a Comment