sp_check: SQL Server Database Checks

Linked server

What's the issue?

One or more linked servers has been detected on your SQL Server instance.

Why is this a problem?

Depending on the permission used by the linked server, users may have elevated permissions. If a linked server is set up using the sa login then we will classify it as level 1, "High - action required" since this means any user able to access the linked server will have permissions to do anything on the linked server - and you probably don't want that.

However, since there is no easy way to check permissions on a linked server, we generally classify this finding as level 3, "Potential- review recommended" since linked servers may still be set up to connect using a different login with elevated permissions.

What should you do about this?

Review any linked server to determine if the permissions are appropriately assigned.

Read more...

SQL Server Security Best Practices for Linked Servers – SQL Server Consulting – Straight Path Solutions (straightpathsql.com)

Create linked servers – SQL Server | Microsoft Learn

Vulnerability

3 - Potential (Review Recommended)

Category

SQL Server Security

Tool(s)

sp_CheckSecurity - Check Your SQL Server Security

What do the Vulnerability Levels mean?

0 - Information only. This is stuff you should know about your instances like version and service account used, but if you don't know it…well, now you do.

1 - High vulnerability requiring action. These are the issues that could most likely lead to your company being front page news for all the wrong reasons. If your instances have any results at this level then we recommend cancelling that 3-martini lunch and instead huddling with your team to figure out when to address these issues.

2 - High vulnerability to review. These include settings and assigned permissions you should review soon, if not immediately. These findings may not necessarily indicate a clear vulnerability, but we've found unexpected vulnerabilities in these categories at many, many clients.

3 - Potential vulnerability to review. These are configurations or assigned permissions you may be using that could lead to problems for users. Or maybe they're just required for your applications. Either way, we recommend reviewing these to make sure these are correct.

4 – Low vulnerability with recommended action. These are typically security inconsistencies that should be addressed. They aren't likely to cause problems, but you should clean up the mess.