The DNS implementation must enforce password encryption for transmission.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34112 | SRG-NET-000161-DNS-000100 | SV-44565r1_rule | Medium |
| Description |
|---|
| Passwords need to be protected at all times and encryption is the standard method for protecting passwords during transmission. If passwords are not encrypted in transit, the traffic can be intercepted and used by unauthorized personnel to gain administrative access to DNS elements. It is imperative to encrypt passwords before transmitting during any authentication process. |
| STIG | Date |
|---|---|
| Domain Name System (DNS) Security Requirements Guide | 2012-10-24 |
Details
| Check Text ( C-42072r1_chk ) |
|---|
| Review the DNS account management configuration and settings for encrypting passwords during authentication events across the network. If passwords are not encrypted in transit, this is a finding. The account management functions will be performed by the name server application if the capability exists. If the capability does not exist the underlying platform's account management system may be used. |
| Fix Text (F-38022r1_fix) |
|---|
| Configure the DNS implementation to enforce password encryption for transmission. |