An error occurred:

Check: DNS0920

CISCO CSS DNS: DNS0920 (in version v4 r1.18)

Title

The CSS DNS does not transmit APP session data over an out-of-band network if one is available. (Cat III impact)

Discussion

One can also limit APP communication to an out of band network, which would make it considerably more difficult for adversaries to spoof the addresses of peers or hijack APP sessions.

Check Content

In the presence of the reviewer, the CSS DNS administrator should enter the following command while in global configuration mode: show app session Instruction: Ensure Application Peering Protocol (APP) session data is not sent over an out-of-band network. If APP session data is sent over an out-of-band network, then this is a finding.

Fix Text

The CSS DNS administrator should use the following command while in global configuration mode; app session 1.2.3.4 (sample IP address), to configure CSS to only transmit session data over an out-of-band network, if one is available.

Additional Identifiers

Rule ID: SV-4509r1_rule

Vulnerability ID: V-4509

Group Title: The CSS DNS does not transmit APP session OOB.

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check