UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DNS implementation must implement host based boundary protection mechanisms.


Overview

Finding ID Version Rule ID IA Controls Severity
V-34145 SRG-NET-000196-DNS-000121 SV-44598r1_rule Medium
Description
A host-based boundary protection mechanism is, for example, a host based firewall. Host-based boundary protection mechanisms are employed on devices to protect the asset where the data resides and to inspect data that has been decrypted. Host based firewalls also allow for finer granularity when determining which ports, protocols, and services need to be enabled on a system by system bases. Without a host based protection mechanism, the DNS system may not have adequate protection against attacks that may not be configurable at the perimeter firewall.
STIG Date
Domain Name System (DNS) Security Requirements Guide 2012-10-24

Details

Check Text ( C-42105r1_chk )
Review the DNS implementation and configuration to determine if a host based protection mechanism (e.g., HBSS) is employed. If a host based protection tool is not employed, this is a finding.
Fix Text (F-38055r1_fix)
Employ a host based protection tool (e.g., HBSS) on the DNS server.