Hide Instance
Job details
Name: |
Hide Instance |
Platform: |
Sqlserver |
Category: |
Security |
Premium package: |
Security and compliance package |
Description: |
Checks if the instance is hidden (not exposed by SQL Browser). |
Long description: |
Checks if the instance is hidden (not exposed by SQL Browser). If the instance is hidden then connections will need to specify the server and port in order to connect. By default, SQL Server instances are not hidden. |
Version: |
1.2 |
Default schedule: |
13 1 1 * |
Requires engine install: |
Yes |
Compatibility tag: |
.[type=‘instance’ & databasetype=‘sqlserver’]/instance[maj_version > ‘2005′ & hasengine=‘YES’ & eng_inst_priv = 0 & (engine_edition = ‘Microsoft SQL Server’ |
engine_edition = ‘Azure SQL Managed Instance’)] |
Parameters
Name |
Default value |
Description |
return status |
1 |
Return status value (ALARM – 2, WARNING – 1, or OK – 0) if the instance is exposed by SQL Browser (for Non-clustered SQL Server instances). |
return status if cluster |
0 |
Return status value (ALARM – 2, WARNING – 1, or OK – 0) if the instance is a clustered SQL Server instance (Always On availability groups are enabled). |
enable HideInstance |
NO |
If set to “YES“ the alert will enable “HideInstance” by running master.sys.xp_instance_regwrite stored procedure. |
history threshold |
365 |
The maximum number of days to keep statistics for in the historic tables. |
Job Summary
- “Purpose”: This monitoring job is designed to check whether the SQL Server instance is hidden from visibility by the SQL Browser. Hiding the instance enhances security by requiring explicit server and port details for connections.
- “Why”: It is crucial to ensure that instances are not easily discoverable via standard enumeration techniques, which can be the initial step for unauthorized access. If an instance is not hidden, it might be more susceptible to attacks.
- “Manual checking”: You can check the instance visibility status manually by interrogating the SQL Server registry using the following SQL Server command:
EXEC master.sys.xp_instance_regread @rootkey = N'HKEY_LOCAL_MACHINE', @key = N'SOFTWARE\Microsoft\Microsoft SQL Server\MSSQLServer\SuperSocketNetLib', @value_name = N'HideInstance'
Key Elements of the Job
Implementation
- This job assesses the “HideInstance“ registry value to determine if the instance is exposed.
- If needed, it can alter this setting to hide the SQL Server instance using the master.sys.xp_instance_regwrite stored procedure.
Dependencies
The job implementation depends on various stored procedures and tables that:
- Mainly involve checking and potentially modifying the “HideInstance“ status.
- Managing historical records of instance visibility status (insertions in historical records and deletions from status info tables).
Job Scheduling and Execution
- The job is set to run on a default schedule as defined with a cron-like expression which implies its execution is periodically automated.
- Supports acknowledgment which means it requires confirmation of being checked and handled.
Tables and Procedures Used
Object Type |
Name |
Description |
Stored Procedure |
dbw_hide_instance_proc |
Main procedure that either checks or alters the “HideInstance“ status. |
Table |
dbw_hide_instance_status_info |
Maintains the current status. |
Table |
dbw_hide_instance_status_histr |
Keeps a history log of the instance status checks. |
Data Handling
- Extracts the current “HideInstance“ setting.
- Conditionally modifies this setting based on parameters.
- Records this data into history and status tables for record-keeping and future audits.
Monitoring and Reporting
- Reports on parameter configurations and alterations.
- Presents data in both tabular and graphical formats, focusing on parameter configurations’ current settings, historical changes, and aggregated statistics.
- Collects data until the history threshold specified in parameters is reached.
Security and Compliance
- Central to ensuring that the SQL Server instance is complying with organizational policies regarding visibility and exposure.
- Tracks and logs every check and change for audit purposes and compliance with data security regulations.
By integrating this job into the dbWatch monitoring suite, organizations can assure better control over their database instances, making them less visible to unauthorized entities, thus adding a layer of security.