Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 SQL Server 2008 Forums
 SQL Server Administration (2008)
 security risk

Author  Topic 

laddu
Constraint Violating Yak Guru

332 Posts

Posted - 2011-06-09 : 10:33:29
We have got below security risk for our production server during the DB scan. Please let me know whether this fix will effect the application? Thank you.
Encryption of DBMS sensitive data in transit
Summary: Data served by the DBMS and transmitted across the network in clear text is vulnerable to unauthorized capture and review.
Overview: Data served by the DBMS and transmitted across the network in clear text is vulnerable to unauthorized capture and review. This
can be prevented by enforcing the encryption of communication using SQL Server settings.
When the ForceEncryption option for the Database Engine is set to Yes, all client/server communication is encrypted. In cases when clients
cannot support encryption, they will be denied access.
When the ForceEncryption option for the Database Engine is set to No, encryption can be requested by the client application but is not required.
NOTE: Review the system security plan to determine if any encryption is needed for network transmission of DBMS data. If found that
encryption is needed then DISA-STIG rates this as High Risk Level.
Fix / Recommendations: To configure encryption, use SQL Server Configuration Manager:
1) Expand SQL Server Network Configuration,
2) Right-click on Protocols for needed MSSQL Instance ("Protocols for <instance name>")
3) Select the Flags tab
4) Select Yes for ForceEncryption from the pull-down options.
SQL Server must be restarted after you change the ForceEncryption
   

- Advertisement -