Check: WDNS-SI-000005
Microsoft Windows 2012 Server Domain Name System STIG:
WDNS-SI-000005
(in versions v2 r6 through v1 r13)
Title
The Windows 2012 DNS Server must, when a component failure is detected, activate a notification to the system administrator. (Cat II impact)
Discussion
Predictable failure prevention requires organizational planning to address system failure issues. If components key to maintaining systems security fail to function, the system could continue operating in an insecure state. The organization must be prepared, and the application must support requirements that specify if the application must alarm for such conditions and/or automatically shut down the application or the system. This can include conducting a graceful application shutdown to avoid losing information. Automatic or manual transfer of components from standby to active mode can occur, for example, upon detection of component failures. If a component such as the DNSSEC or TSIG/SIG(0) signing capabilities were to fail, the DNS server should shut itself down to prevent continued execution without the necessary security components in place. Transactions such as zone transfers would not be able to work correctly anyway in this state.
Check Content
Notification to system administrator is not configurable in Windows DNS Server. In order for system administrators to be notified when a component fails, the system administrator would need to implement a third-party monitoring system. At a minimum, the system administrator should have a documented procedure in place to review the diagnostic logs on a routine basis every day. If a third-party monitoring system is not in place to detect and notify the system administrator upon component failures and the system administrator does not have a documented procedure in place to review the diagnostic logs on a routine basis every day, this is a finding.
Fix Text
Implement a third-party monitoring system to detect and notify the system administrator upon component failure or, at a minimum, document and implement a procedure to review the diagnostic logs on a routine basis every day.
Additional Identifiers
Rule ID: SV-215642r879657_rule
Vulnerability ID: V-215642
Group Title: SRG-APP-000268-DNS-000039
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
CCI-001328 |
The organization, if an information system component failure is detected, activates an organization-defined alarm and/or automatically shuts down the information system. |