Title

WINS lookups is not prohibited on a Windows 2000 DNS server. (Cat I impact)

Discussion

Integration of WINS and Windows 2000 DNS leaves Windows 2000 DNS open to all the vulnerabilities of WINS, including the ability to update records without authentication.

Check Content

The reviewer will validate the "Use WINS forward lookup" is not checked on the “WINS” tab on the properties dialog of each zone. If WINS is integrated on a Windows 2000 DNS server, then this is a finding.

Fix Text

The SA should disable any integration between DNS and WINS as soon as it feasible to do so. If WINS is required for legacy applications, then DNS clients will need to be reconfigured to use WINS rather than DNS for NetBIOS name resolution. The SA should uncheck Use WINS forward lookup on the WINS tab on the properties dialog of each zone.

Additional Identifiers

Rule ID: SV-4505r1_rule

Vulnerability ID: V-4505

Group Title: WINS lookups is not prohibited on W2K server.

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.