Your browser has JavaScript turned off.
You must turn it on to proceed.










NORS -- CSRIC Best Practices Result

CSRIC Best Practices Result

Detailed Information for the Best Practice: 9-8-8046

Number 9-8-8046
Priority Critical
Description Protect DNS (Domain Name System) Servers Against Compromise: Service Providers and Network Operators should protect against DNS server compromise by implementing protection such as physical security, removing all unnecessary platform services, monitoring industry alert channels for vulnerability exposures, scanning DNS platforms for known vulnerabilities and security breaches, implementing intrusion detection on DNS home segments, not running the name server as root user/minimizing privileges where possible, and blocking the file system from being compromised by protecting the named directory.
Network Type(s) Internet/Data
Industry Role(s) Service Provider; Network Operator
Keyword(s) Cyber Security;Intrusion Detection;Network Design;Network Elements;Network Operations;
Reference/Comments RFC-2870 ISO/IED 15408 ISO 17799 US-CERT "Securing an Internet Name Server"
NIST SP 800-81 & SP 800-81 R1 Secure Domain Name System(DNS) Deployment Guide.