The DNS implementation must notify the user of the number of unsuccessful login attempts to the system occurring during organization defined time period.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-33940 | SRG-NET-000051-DNS-000028 | SV-44393r1_rule | Low |
| Description |
|---|
| As most "users" of a DNS platform are administrators, they need to be very vigilant in maintaining situational awareness of activity that occurs regarding their accounts. Providing them with information regarding the number of unsuccessful login attempts during a specified period of time allows them to determine if any unauthorized activity has occurred, provides them an opportunity to notify appropriate security personnel if necessary, and ensure other systems have not been affected. |
| STIG | Date |
|---|---|
| Domain Name System (DNS) Security Requirements Guide | 2012-10-24 |
Details
| Check Text ( C-41949r1_chk ) |
|---|
| Review the DNS system configuration to determine if the number of unsuccessful logon attempts during a specified period of time is displayed to the user. Request the system administrator perform a login to the system with invalid credentials followed by a successful login for verification of the configuration. If the number of unsuccessful attempts during a specified time period, is not displayed, this is a finding. |
| Fix Text (F-37853r1_fix) |
|---|
| Configure the DNS system to display, to the user, the number of unsuccessful login attempts during the specified period of time. |