UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DNS implementation must terminate the connection associated with a communications session at the end of the session or after an organization defined time period of inactivity.


Overview

Finding ID Version Rule ID IA Controls Severity
V-34163 SRG-NET-000213-DNS-000127 SV-44616r1_rule Medium
Description
Terminating network connections associated with communications sessions include, de-allocating associated TCP/IP address/port pairs at the operating system level, or de-allocating networking assignments at the application level if multiple application sessions are using a single, operating system level network connection. If sessions are not terminated when a transaction has completed, the session has the potential to be hijacked by an adversary. The time period of inactivity may, as the organization deems necessary, be a set of time periods by type of network access or for specific accesses.
STIG Date
Domain Name System (DNS) Security Requirements Guide 2012-10-24

Details

Check Text ( C-42123r1_chk )
Review DNS system configuration and vendor documentation to verify network connections are terminated when a DNS communication session/transaction has ended or after an organization defined period of inactivity. If communication session is not terminated, this is a finding.
Fix Text (F-38073r1_fix)
Configure the DNS system to terminate communication sessions when the transaction has ended or after an organization defined period of time.