Skip to content

Configure Hide Instance

Description

The Microsoft SQL Server Browser Service is used to discover the ports associated with instances of SQL Server, and helps clients distinguish between multiple instances of the Database Engine on the same computer.

The Browser Service is also used by attackers to locate server instances which are not running on the default port. For more information, see Hide an Instance of SQL Server Database Engine.

Rationale

To keep attackers from discovering server instances which are not running on the default port, set the HideInstance option to 1.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine sqlserver

Default Rule

const { checkServerSetting } = module
/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if the database instance is hidden
 */
function validate(databaseSettings) {
    const success = checkServerSetting(databaseSettings, 'hideinstance', "1")

    return {
        success,
    }
}

validate(databaseSettings)