Infoblox 7.x DNS Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
In the event of a system failure, The Infoblox system must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes.
<VulnDiscussion>Failure to a known state can address safety or security in accordance with the mission/business needs of the organization. Fa...Rule Medium Severity -
SRG-APP-000246-DNS-000035
<GroupDescription></GroupDescription>Group -
The Infoblox system must be configured to restrict the ability of individuals to use the DNS server to launch Denial of Service (DoS) attacks against other information systems.
<VulnDiscussion>A DoS is a condition where a resource is not available for legitimate users. When this occurs, the organization either cannot...Rule Medium Severity -
SRG-APP-000247-DNS-000036
<GroupDescription></GroupDescription>Group -
The Infoblox system must be configured to manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service (DoS) attacks.
<VulnDiscussion>A DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot ...Rule Medium Severity -
SRG-APP-000268-DNS-000039
<GroupDescription></GroupDescription>Group -
The Infoblox system must be configured to activate a notification to the system administrator when a component failure is detected.
<VulnDiscussion>Predictable failure prevention requires organizational planning to address system failure issues. If components key to mainta...Rule Medium Severity -
SRG-APP-000347-DNS-000041
<GroupDescription></GroupDescription>Group -
An Infoblox DNS server must strongly bind the identity of the DNS server with the DNS information using DNSSEC.
<VulnDiscussion>Weakly bound credentials can be modified without invalidating the credential; therefore, non-repudiation can be violated. Th...Rule Medium Severity -
SRG-APP-000348-DNS-000042
<GroupDescription></GroupDescription>Group -
The Infoblox system must be configured to provide the means for authorized individuals to determine the identity of the source of the DNS server-provided information.
<VulnDiscussion>Without a means for identifying the individual that produced the information, the information cannot be relied upon. Identify...Rule Medium Severity -
SRG-APP-000349-DNS-000043
<GroupDescription></GroupDescription>Group -
The DNS server implementation must maintain the integrity of information during preparation for transmission.
<VulnDiscussion>Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, including...Rule Medium Severity -
SRG-APP-000442-DNS-000067
<GroupDescription></GroupDescription>Group -
The Infoblox system must be configured to validate the binding of the other DNS servers identity to the DNS information for a server-to-server transaction (e.g., zone transfer).
<VulnDiscussion>Validation of the binding of the information prevents the modification of information between production and review. The vali...Rule Medium Severity -
SRG-APP-000383-DNS-000047
<GroupDescription></GroupDescription>Group -
Recursion must be disabled on Infoblox DNS servers which are configured as authoritative name servers.
<VulnDiscussion>A potential vulnerability of DNS is that an attacker can poison a name server's cache by sending queries that will cause the ...Rule Medium Severity -
SRG-APP-000394-DNS-000049
<GroupDescription></GroupDescription>Group -
The Infoblox system must authenticate the other DNS server before responding to a server-to-server transaction.
<VulnDiscussion>Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. D...Rule Medium Severity -
SRG-APP-000395-DNS-000050
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.