The DNS implementation must terminate the connection associated with a communications session at the end of the session or after an organization defined time period of inactivity.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34163 | SRG-NET-000213-DNS-000127 | SV-44616r1_rule | Medium |
| Description |
|---|
| Terminating network connections associated with communications sessions include, de-allocating associated TCP/IP address/port pairs at the operating system level, or de-allocating networking assignments at the application level if multiple application sessions are using a single, operating system level network connection. If sessions are not terminated when a transaction has completed, the session has the potential to be hijacked by an adversary. The time period of inactivity may, as the organization deems necessary, be a set of time periods by type of network access or for specific accesses. |
| STIG | Date |
|---|---|
| Domain Name System (DNS) Security Requirements Guide | 2012-10-24 |
Details
| Check Text ( C-42123r1_chk ) |
|---|
| Review DNS system configuration and vendor documentation to verify network connections are terminated when a DNS communication session/transaction has ended or after an organization defined period of inactivity. If communication session is not terminated, this is a finding. |
| Fix Text (F-38073r1_fix) |
|---|
| Configure the DNS system to terminate communication sessions when the transaction has ended or after an organization defined period of time. |