The DNS implementation must implement host based boundary protection mechanisms.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34145	SRG-NET-000196-DNS-000121	SV-44598r1_rule		Medium

Description
A host-based boundary protection mechanism is, for example, a host based firewall. Host-based boundary protection mechanisms are employed on devices to protect the asset where the data resides and to inspect data that has been decrypted. Host based firewalls also allow for finer granularity when determining which ports, protocols, and services need to be enabled on a system by system bases. Without a host based protection mechanism, the DNS system may not have adequate protection against attacks that may not be configurable at the perimeter firewall.

Description

A host-based boundary protection mechanism is, for example, a host based firewall. Host-based boundary protection mechanisms are employed on devices to protect the asset where the data resides and to inspect data that has been decrypted. Host based firewalls also allow for finer granularity when determining which ports, protocols, and services need to be enabled on a system by system bases. Without a host based protection mechanism, the DNS system may not have adequate protection against attacks that may not be configurable at the perimeter firewall.

STIG	Date
Domain Name System (DNS) Security Requirements Guide	2012-10-24

Details

Check Text ( C-42105r1_chk )
Review the DNS implementation and configuration to determine if a host based protection mechanism (e.g., HBSS) is employed. If a host based protection tool is not employed, this is a finding.

Fix Text (F-38055r1_fix)
Employ a host based protection tool (e.g., HBSS) on the DNS server.