Back

Configure the "bind service" setting to organizational standards.


CONTROL ID
04930
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Disable all unnecessary services unless otherwise noted in a policy exception., CC ID: 00880

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Is the system configured to filter Berkeley Internet Name Daemon? (Table Row VI.5, OECD / World Bank Technology Risk Checklist, Version 7.3)
  • Is the system configured to filter Berkeley Internet Name Daemon? (App Table Active Content Filtering Row 2, OECD / World Bank Technology Risk Checklist, Version 7.3)
  • Has the Berkeley Internet Name Daemon name daemon (called "named") on all systems that are not authorized to be Domain Name Server servers been disabled? (App Table Active Content Filtering Row 2.a, OECD / World Bank Technology Risk Checklist, Version 7.3)
  • Does the system run berkeley internet name daemon as a non-privileged user for protection? (App Table Active Content Filtering Row 2.c, OECD / World Bank Technology Risk Checklist, Version 7.3)
  • Is Berkeley Internet Name Daemon configured to change the User ID after binding to the port? (App Table Active Content Filtering Row 2.c, OECD / World Bank Technology Risk Checklist, Version 7.3)
  • Does the system run Berkeley Internet Name Daemon in a root directory structure? (App Table Active Content Filtering Row 2.e, OECD / World Bank Technology Risk Checklist, Version 7.3)
  • For HP-UX, the organization must configure the system to minimize the bind service. (Table F-7, CMS Business Partners Systems Security Manual, Rev. 10)
  • The bind service should be enabled or disabled as appropriate. Technical Mechanisms: via RC scripts Parameters: enabled/disabled References: 10.8.10.5.4.1.1 (2) (CCE-4934-6, Common Configuration Enumeration List, Combined XML: AIX 5.3, 5.20130214)
  • The bind service should be enabled or disabled as appropriate. Technical Mechanisms: via inetd via inetd.conf Parameters: enabled/disabled References: 10.8.10.5.4.1.1 (2) (CCE-5994-9, Common Configuration Enumeration List, Combined XML: HP-UX 11.23, 5.20130214)
  • The bind service should be enabled or disabled as appropriate. Technical Mechanisms: via xinetd Parameters: enabled/disabled References: 10.8.10.5.4.1.1 (2) (CCE-6507-8, Common Configuration Enumeration List, Combined XML: Red Hat Enterprise Linux 4, 5.20130214)
  • The bind package should be installed or uninstalled as appropriate. Technical Mechanisms: via yum Parameters: installed / uninstalled References: Section: 3.14.1, Value: uninstalled (CCE-4219-2, Common Configuration Enumeration List, Combined XML: Red Hat Enterprise Linux 5, 5.20130214)
  • The bind service should be enabled or disabled as appropriate. Technical Mechanisms: via inetd via inetd.conf Parameters: enabled/disabled References: 10.8.10.5.4.1.1 (2) (CCE-6484-0, Common Configuration Enumeration List, Combined XML: Sun Solaris 8, 5.20130214)
  • The bind service should be enabled or disabled as appropriate. Technical Mechanisms: via inetd via inetd.conf Parameters: enabled/disabled References: 10.8.10.5.4.1.1 (2) (CCE-6603-5, Common Configuration Enumeration List, Combined XML: Sun Solaris 9, 5.20130214)