BIND-9X-001002 – The platform on which the name server software is hosted must only run processes and services needed to support the BIND 9.x implementation.

Details

Hosts that run the name server software should not provide any other services. Unnecessary services running on the DNS server can introduce additional attack vectors leading to the compromise of an organization’s DNS architecture.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Disable or uninstall all non-DNS related applications from the BIND 9.x server.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_BIND_9-x_V2R2_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

800-53|CM-6b.
CAT|II
CCI|CCI-000366
Rule-ID|SV-207534r612253_rule
STIG-ID|BIND-9X-001002
STIG-Legacy|SV-86991
STIG-Legacy|V-72367
Vuln-ID|V-207534

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles