The network element must route all management traffic through a dedicated management interface for purposes of access control and auditing.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34147 | SRG-NET-000198-DNS-NA | SV-44600r1_rule | Medium |
| Description |
|---|
| From an architectural perspective, implementing out of band management (OOBM) for network elements is a best practice and the first step in the deployment of a management network. OOBM networks isolate network users from communication channels dedicated to network management; thereby providing traffic separation that will increase security for all network management activities. The management network should have a direct connection to the managed network elements. Where this is not possible, the OOBM traffic can traverse over a transient IP backbone via private encrypted tunnel. Regardless of transport, all management traffic received by the managed network element must be received by a dedicated management interface connected to the OOBM network. Routing traffic is not a function of DNS. |
| STIG | Date |
|---|---|
| Domain Name System (DNS) Security Requirements Guide | 2012-10-24 |
Details
| Check Text ( C-42107r1_chk ) |
|---|
| This is not a function of DNS. |
| Fix Text (F-38057r1_fix) |
|---|
| This requirement is NA for DNS. No fix required. |