The DNS implementation must enforce password encryption for storage.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34111 | SRG-NET-000160-DNS-000099 | SV-44564r1_rule | Medium |
| Description |
|---|
| Passwords need to be protected at all times and encryption is the standard method for protecting passwords during storage. If passwords are not encrypted in storage and are simply text in a file on the system, anyone with access to the system has the potential to gain administrative access to DNS elements. If passwords are not encrypted, they can be plainly read and easily compromised by unauthorized users. It is imperative to encrypt passwords in storage for any authentication process. |
| STIG | Date |
|---|---|
| Domain Name System (DNS) Security Requirements Guide | 2012-10-24 |
Details
| Check Text ( C-42071r1_chk ) |
|---|
| Review the DNS account management settings, configuration, and vendor documentation to determine if passwords are encrypted in storage on the system. If passwords are not encrypted in storage, this is a finding. The account management functions will be performed by the name server application if the capability exists. If the capability does not exist the underlying platform's account management system may be used. |
| Fix Text (F-38021r1_fix) |
|---|
| Configure the DNS implementation to enforce password encryption for storage. |