Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-33965 | SRG-NET-000071-DNS-NA | SV-44418r1_rule | Medium |
Description |
---|
Wireless services enable users within close proximity of access points to have access to data and services within the private network. The security boundary of a Wireless LAN extends from the client device to the network boundary where network access is controlled. This boundary represents the portion of the network most vulnerable to attack and thereby must be protected. Unless restrictions are put in place, a user connecting to the enclave via wireless access can access/perform everything he/she could access/perform as those connected via Ethernet. Monitoring will ensure unauthorized access to the enclave's resources and data will not go undetected. Use of unapproved devices to process non-publicly releasable data increases the risk to the network. Devices attached to or inserted into the end point's plug-and-play ports and slots can be a vector for the insertion of malware when used to access the network. Storage devices are portable and can be easily concealed. Requiring approval prior to use these devices heightens awareness of the threat, limits the potential use of contaminated devices, and allows for proper tracking and control. Designated Approval Authority (DAA) approval of flash memory devices is required by the United States Cyber Command (USCYBERCOM) Communications Task Order (CTO) 10-004A Removable Flash Media Device Implementation within and between Department of Defense (DoD) Networks (U/FOUO) (or latest version of this CTO). Monitoring mobile devices is not a function of DNS. |
STIG | Date |
---|---|
Domain Name System (DNS) Security Requirements Guide | 2012-10-24 |
Check Text ( C-41976r1_chk ) |
---|
This is not a function of DNS. |
Fix Text (F-37880r1_fix) |
---|
This requirement is NA for DNS. No fix required. |