Article Number
000001737
Applies To
RSA Product Set: NetWitness Endpoint
RSA Product/Service Type: NetWitness Endpoint
RSA Version/Condition: 4.4.x
Platform: Windows
Platform (Other): MSSQL Server
Product Name: RSA NetWitness Endpoint
Issue
In certain environments, it is requested that any extended stored procedures should be disabled.
Web link resources for more information:
Extended stored procedures should not be enabled as good practice. In Centre for Internet Security (CIS) Benchmark for SQL Server 2008r2 and 2012, for the extended stored procedures listed, the recommendation is for those stored procedures to be disabled.
Source:
https://labs.portcullis.co.uk/blog/ms-sql-server-audit-extended-stored-procedures-table-privileges/An extended stored procedure (xp) is a dynamic link library that runs directly in the address space of SQL Server. You can run extended stored procedures as normal stored procedures. Extended stored procedures are used to extend the capabilities of SQL Server. You can take advantage of the many extended stored procedures that come with SQL Server, or you can write your own.
Source:
http://www.sswug.org/alexanderchigrik/sql-server/undocumented-sql-server-2012-extended-stored-procedures-part-2/A specific question regarding the stored procedure called:
xp_cmdshell extended
Resolution
There are two types of stored procedures:
- Extended Stored Procedures: https://technet.microsoft.com/en-us/library/ms175200(v=sql.105).aspx
- CRL integration
RSA NetWitness Endpoint does not use the former, however, it does use CRL integration, which should not be disabled.
So, the former can be disabled (including the xp_cmdshell extended store procedure) without any effect on RSA NetWitness Endpoint.
