Best practices

SQL Server instance with ‘remote access’ flag enabled

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

We have found that {GcpSQLInstance} has 'remote access' flag enabled. The remote access option controls the execution of stored procedures from local or remote servers on which instances of SQL Server are running. This default value for this option is 1. This grants permission to run local stored procedures from remote servers or remote stored procedures from the local server. To prevent local stored procedures from being run from a remote server or remote stored procedures from being run on the local server, this must be disabled. The Remote Access option controls the execution of local stored procedures on remote servers or remote stored procedures on local server. 'Remote access' functionality can be abused to launch a Denial-of-Service (DoS) attack on remote servers by off-loading query processing to a target, hence this should be disabled.
  • Recommended Mitigation

    Make sure 'remote access' flag is set to 'off'