STIGQter STIGQter: STIG Summary: Infoblox 7.x DNS Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The Infoblox system must be configured to employ strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions.

DISA Rule

SV-214167r612370_rule

Vulnerability Number

V-214167

Group Title

SRG-APP-000185-DNS-000021

Rule Version

IDNS-7X-000200

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Navigate to Administration >> Authentication Server Groups.

Configure at least one remote authentication group (OCSP, TACACS+, RADIUS, LDAP, or Active Directory).

Navigate to Administration >> Administrators >> Authentication Policy.

Configure the remote authentication source as primary by placing it at the top of the list.
If necessary, move the Local User Database entry to the bottom of the list so it is utilized last.
When complete, click "Save & Close" to save the changes and exit the "Properties" screen.

Perform a service restart if necessary.

Check Contents

Review the configuration of external authentication methods to validate multi-factor authentication is enabled.

Navigate to Administration >> Administrators >> Authentication Policy.

Ensure multi factor authentication is enabled by validation that the multiple authentication methods are enabled and that local database is the last entry in the list.

When complete, click "Cancel" to exit the "Properties" screen.

If the aggregate authentication policy does not provide two or more factors, this is a finding.

Vulnerability Number

V-214167

Documentable

False

Rule Version

IDNS-7X-000200

Severity Override Guidance

Review the configuration of external authentication methods to validate multi-factor authentication is enabled.

Navigate to Administration >> Administrators >> Authentication Policy.

Ensure multi factor authentication is enabled by validation that the multiple authentication methods are enabled and that local database is the last entry in the list.

When complete, click "Cancel" to exit the "Properties" screen.

If the aggregate authentication policy does not provide two or more factors, this is a finding.

Check Content Reference

M

Target Key

3995

Comments