Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-4478 | DNS0435 | SV-4478r2_rule | ECSC-1 | Medium |
Description |
---|
Static IP addresses permit a machine to offer Internet services like web, ftp, DNS, and email. Because a specific, known address is associated with your connection, other machines on the Internet know where to send traffic destined for your server. Required ACL restrictions at the router and or firewall are required to protect the DNS server from unauthorized access. Such ACLS require a static IP address to be effective. |
STIG | Date |
---|---|
BIND DNS STIG | 2015-01-05 |
Check Text ( C-3522r1_chk ) |
---|
UNIX Instruction: In the presence of the reviewer, the SA should enter the following command to verify the IP address is not obtained by DHCP, hme0 is used as an example, please confirm the interface: ifconfig hme0 auto_dhcp status If “Ifconfig: hme0: interface is not under DHCP control,” is not displayed, then this is a finding. Please note this above mentioned command does not work on every version of UNIX, if this command does not work, please use the below instruction. In the presence of the reviewer, the SA enters the following command while in the /etc directory: The reviewer should ensure the file /etc/dhpc.hme0 is not located on the server. ls -l If the file dhcp.hme0 is listed (interface designation may different), then this is a finding. Windows Instruction: In the presence of the reviewer, the SA should select Start | Run, this will bring up the “Run” dialog box. Type cmd at the command line, this will bring up the command screen. Enter the following command: ipconfig /all If “DHCP Enabled” is not set to “No,” then this is a finding. |
Fix Text (F-4363r1_fix) |
---|
The SA should configure the name server with an IP address that is statically defined. |