An error occurred:

Check: IDNS-7X-000660

Infoblox 7.x DNS STIG: IDNS-7X-000660 (in versions v2 r1 through v1 r2)

Title

The DNS server implementation must log the event and notify the system administrator when anomalies in the operation of the signed zone transfers are discovered. (Cat II impact)

Discussion

Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters. Notifications provided by information systems include messages to local computer consoles, and/or hardware indications, such as lights. If anomalies are not acted upon, security functions may fail to secure the system. The DNS server does not have the capability of shutting down or restarting the information system. The DNS server can be configured to generate audit records when anomalies are discovered, and the OS/NDM can then trigger notification messages to the system administrator based on the presence of those audit records.

Check Content

Infoblox systems are capable of providing notifications via remote SYSLOG, SNMP, and SMTP. Navigate to the "Grid" tab and select "Grid Properties". Toggle Advanced mode, and review "Monitoring", "SNMP", "SNMP Threshold", "Email", and "Notifications" tabs. When complete, click "Cancel" to exit the "Properties" screen. If no external notifications are enabled, this is a finding.

Fix Text

Navigate to "Grid" tab and edit "Grid Properties". Toggle Advanced mode, and review "Monitoring", "SNMP", "SNMP Threshold", "Email" and "Notifications" tab. Configure remote SYSLOG, Email, or SNMP notifications. When complete, click "Save & Close" to save the changes and exit the "Properties" screen. Perform a service restart if necessary.

Additional Identifiers

Rule ID: SV-214200r612370_rule

Vulnerability ID: V-214200

Group Title: SRG-APP-000474-DNS-000073

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-002702

The information system shuts the information system down, restarts the information system, and/or initiates organization-defined alternative action(s) when anomalies in the operation of the organization-defined security functions are discovered.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SI-6

Security Function Verification