Skip to content
Log In

Infoblox 8.x DNS Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000185-DNS-000021

    Group
    Show

  • The Infoblox system must employ strong authenticators in the establishment of non-local maintenance and diagnostic sessions.

    If maintenance tools are used by unauthorized personnel, they may accidentally or intentionally damage or compromise the system. The act of managing systems and applications includes the ability to...
    Rule Medium Severity
    Show

  • SRG-APP-000514-DNS-000075

    Group
    Show

  • The Infoblox DNS server must implement NIST FIPS-validated cryptography for provisioning digital signatures, generating cryptographic hashes, and protecting unclassified information requiring confidentiality.

    Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. The application must implement cryptographic modules adhering to the higher standards appr...
    Rule High Severity
    Show

  • SRG-APP-000213-DNS-000024

    Group
    Show

  • The Infoblox system must provide additional data origin artifacts along with the authoritative data the system returns in response to external name/address resolution queries.

    The underlying feature in the major threat associated with DNS query/response (i.e., forged response or response failure) is the integrity of DNS data returned in the response. The security objecti...
    Rule Medium Severity
    Show

  • SRG-APP-000422-DNS-000055

    Group
    Show

  • The Infoblox DNS Server must provide additional integrity artifacts along with the authoritative name resolution data the system returns in response to external name/address resolution queries.

    The major threat associated with DNS forged responses or failures is the integrity of the DNS data returned in the response. The principle of DNSSEC is to mitigate this threat by providing data ori...
    Rule Medium Severity
    Show

  • SRG-APP-000214-DNS-000025

    Group
    Show

  • Infoblox DNS servers must protect the authenticity of communications sessions for zone transfers when communicating with external DNS servers.

    DNS is a fundamental network service that is prone to various attacks, such as cache poisoning and man-in-the middle attacks. Communication sessions between different DNS systems should employ pr...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules