The DNS implementation must employ automated mechanisms to alert security personnel of any organization defined inappropriate or unusual activities with security implications.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34033 | SRG-NET-000092-DNS-000049 | SV-44486r1_rule | Medium |
| Description |
|---|
| Applications will typically utilize logging mechanisms for maintaining a historical log of activity that occurs within the application. Without this information diagnostics and forensics are virtually impossible. While it is important to log events identified as being critical and relevant to security, it is equally important to notify the appropriate personnel in a timely manner so they are able to respond to events as they occur. Applications must employ automated mechanisms to alert security personnel of inappropriate or unusual activities that have security implications. Logging the actions of specific events provides a means to investigate an attack, recognize resource utilization or capacity thresholds, or to simply identify an improperly configured DNS element. |
| STIG | Date |
|---|---|
| Domain Name System (DNS) Security Requirements Guide | 2012-10-24 |
Details
| Check Text ( C-42001r1_chk ) |
|---|
| Review the DNS system configuration to determine whether security personnel are alerted automatically when organization defined unusual activities with security implications occur. If security personnel are not alerted, this is a finding. This includes the automatic notification upon the occurrence of DNS messages with "critical" severity. Additionally there should be a Host Intrusion Detection (HIDS) system employed in accordance with the OS SRG. |
| Fix Text (F-37949r1_fix) |
|---|
| Configure the DNS system to employ automated mechanisms to alert security personnel of any organization defined inappropriate or unusual activities with security implications. |