The CSS DNS does not transmit APP session data over an out-of-band network if one is available.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-4509 | DNS0920 | SV-4509r1_rule | ECSC-1 | Low |
| Description |
|---|
| One can also limit APP communication to an out of band network, which would make it considerably more difficult for adversaries to spoof the addresses of peers or hijack APP sessions. |
| STIG | Date |
|---|---|
| CISCO CSS DNS | 2013-04-12 |
Details
| Check Text ( C-3422r1_chk ) |
|---|
| In the presence of the reviewer, the CSS DNS administrator should enter the following command while in global configuration mode: show app session Instruction: Ensure Application Peering Protocol (APP) session data is not sent over an out-of-band network. If APP session data is sent over an out-of-band network, then this is a finding. |
| Fix Text (F-4394r1_fix) |
|---|
| The CSS DNS administrator should use the following command while in global configuration mode; app session 1.2.3.4 (sample IP address), to configure CSS to only transmit session data over an out-of-band network, if one is available. |