V-214034

Discussion

Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organizational operations (e.g., key missions, functions). It is detrimental for applications to provide, or install by default, functionality exceeding requirements or mission objectives. Applications must adhere to the principles of least functionality by providing only essential capabilities. The most significant potential for attacking an instance is through the use of features that expose an external interface or ad hoc execution capability. FILESTREAM integrates the SQL Server Database Engine with an NTFS file system by storing varbinary(max) binary large object (BLOB) data as files on the file system. Transact-SQL statements can insert, update, query, search, and back up FILESTREAM data.

Check Content

Review the system documentation to see if FileStream is in use.  If in use authorized, this is not a finding.   

If FileStream is not documented as being authorized, execute the following query.
EXEC sp_configure 'filestream access level'

If "run_value" is greater than "0", this is a finding.



This rule checks that Filestream SQL specific option is disabled.

SELECT CASE 
        WHEN EXISTS (SELECT * 
                     FROM sys.configurations 
                     WHERE Name = 'filestream access level' 
                            AND Cast(value AS INT) = 0) THEN 'No' 
        ELSE 'Yes'
      END AS TSQLFileStreamAccess;

If the above query returns "Yes" in the "FileStreamEnabled" field, this is a finding.