The network element must deny network traffic and audit internal addresses posing a threat to external information systems.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34154 | SRG-NET-000204-DNS-NA | SV-44607r1_rule | Medium |
| Description |
|---|
| The firewall will build a state to allow return traffic for all initiated traffic that was allowed outbound. Monitoring and filtering the outbound traffic adds a layer of protection to the enclave, in addition to being a good Internet citizen by preventing the network from being used as an attack base. Boundary protection is not a function of DNS. |
| STIG | Date |
|---|---|
| Domain Name System (DNS) Security Requirements Guide | 2012-10-24 |
Details
| Check Text ( C-42114r1_chk ) |
|---|
| This is not a function of DNS. |
| Fix Text (F-38064r1_fix) |
|---|
| This requirement is NA for DNS. No fix required. |