Skip to content

Enforce TLS Connections

Description

The network protocol between a Microsoft SQL Server and the client is not secure unless a properly configured X.509 certificate is installed and the server is then configured to only allow TLS connections from clients.

Rationale

The original authentication method used was based on outdated, flawed cryptography. An attacker who can intercept traffic between a client and the server can obtain the password used. In order to prevent this, a correctly configured TLS session must be used.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine sqlserver

Default Rule

const { checkServerSetting } = module
/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if 'force encryption enabled' is set to 1
 */
function validate(databaseSettings) {
    const success = checkServerSetting(databaseSettings, 'forceencryption', "1")

    return {
        success,
    }
}

validate(databaseSettings)