UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DNS implementation must enforce the organization defined limit of consecutive invalid access attempts by a user during the organization defined time period.


Overview

Finding ID Version Rule ID IA Controls Severity
V-33931 SRG-NET-000038-DNS-000019 SV-44384r1_rule Medium
Description
One of the most prevalent ways an attacker tries to gain access to a system is by repeatedly trying to access an account and guessing a password. To reduce the risk of malicious access attempts being successful, the DNS implementation must define and limit the number of times a user account may consecutively fail a login attempt within a defined time period. By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute force attack, is reduced.
STIG Date
Domain Name System (DNS) Security Requirements Guide 2012-10-24

Details

Check Text ( C-41940r1_chk )
Review the DNS system configuration to determine if there is a defined limit on invalid account access requests within a specified time period. If the system is not configured to enforce the organization defined limit, this is a finding.
Fix Text (F-37844r1_fix)
Configure the DNS system to limit the number of invalid access attempts within a specified time period.

The account management functions will be performed by the DNS application if the capability exists. If the capability does not exist the underlying platform's account management system may be used.