Skip to content

Disable Remote Admin Connections

Description

Microsoft SQL Server provides a dedicated administrator connection (DAC), which allows the admin to execute diagnostic commands even when the server is otherwise not accessible. By default, this facility is only available to the system which hosts the SQL Server via a port listening on the loopback address (127.0.0.1).

For more information, see remote admin connections Server Configuration Option

Rationale

If the remote admin connection facility is available across the network, it could lead to a severe compromise of the system.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine sqlserver

Default Rule

const { checkServerSetting } = module
/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if 'remote admin connections' is set to 0
 */
function validate(databaseSettings) {
    var success
    if (checkServerSetting(databaseSettings, "IsClustered", "0")) {
        success = (checkServerSetting(databaseSettings, "remote admin connections", "0"))
    } else {
        success = true
    }

    return {
        success,
    }
}

validate(databaseSettings)