|Description||Protect DNS (Domain Name System) Servers Against Compromise: Service Providers and Network Operators should protect against DNS server compromise by implementing protection such as physical security, removing all unnecessary platform services, monitoring industry alert channels for vulnerability exposures, scanning DNS platforms for known vulnerabilities and security breaches, implementing intrusion detection on DNS home segments, not running the name server as root user/minimizing privileges where possible, and blocking the file system from being compromised by protecting the named directory.|
|Industry Role(s)||Service Provider; Network Operator|
|Keyword(s)||Cyber Security;Intrusion Detection;Network Design;Network Elements;Network Operations;|
|Reference/Comments||RFC-2870 ISO/IED 15408 ISO 17799 US-CERT "Securing an Internet Name Server"
NIST SP 800-81 & SP 800-81 R1 Secure Domain Name System(DNS) Deployment Guide.