000033344 - Hardening SQL Server – which extended stored procedures (xp) are safe to disable in RSA NetWitness Endpoint?

Document created by RSA Customer Support Employee on Aug 4, 2016Last modified by RSA Customer Support on Jun 9, 2019
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000033344
Applies ToRSA Product Set: NetWitness Endpoint
RSA Product/Service Type: NetWitness Endpoint
RSA Version/Condition: 4.4.x
Platform: Windows
Platform (Other): MSSQL Server
Product Name: RSA NetWitness Endpoint
IssueIn certain environments, it is requested that any extended stored procedures should be disabled.

Web link resources for more information:

Extended stored procedures should not be enabled as good practice. In Centre for Internet Security (CIS) Benchmark for SQL Server 2008r2 and 2012, for the extended stored procedures listed, the recommendation is for those stored procedures to be disabled.
Source: https://labs.portcullis.co.uk/blog/ms-sql-server-audit-extended-stored-procedures-table-privileges/

An extended stored procedure (xp) is a dynamic link library that runs directly in the address space of SQL Server. You can run extended stored procedures as normal stored procedures. Extended stored procedures are used to extend the capabilities of SQL Server. You can take advantage of the many extended stored procedures that come with SQL Server, or you can write your own.
Source: http://www.sswug.org/alexanderchigrik/sql-server/undocumented-sql-server-2012-extended-stored-procedures-part-2/

A specific question regarding the stored procedure called:

xp_cmdshell extended


There are two types of stored procedures:

  1. Extended Stored Procedures: https://technet.microsoft.com/en-us/library/ms175200(v=sql.105).aspx
  2. CRL integration

RSA NetWitness Endpoint does not use the former, however, it does use CRL integration, which should not be disabled.

So, the former can be disabled (including the xp_cmdshell extended store procedure) without any effect on RSA NetWitness Endpoint.