【文件属性】:
文件名称:CIS_ISC_BIND_DNS_Server_9.9_Benchmark_v3.0.1.pdf
文件大小:624KB
文件格式:PDF
更新时间:2022-10-01 03:32:42
DNS BIND Benchmark
BIND9 安全加固。
Table of Contents
Overview ...................................................................................................................................................................... 4
Intended Audience .............................................................................................................................................. 4
Consensus Guidance ........................................................................................................................................... 5
Typographical Conventions ............................................................................................................................ 6
Scoring Information ............................................................................................................................................ 6
Profile Definitions ................................................................................................................................................ 7
Acknowledgements ............................................................................................................................................. 8
Recommendations .................................................................................................................................................... 9
1 Planning and Architecture ........................................................................................................................... 9
1.1 Use a Split-Horizon Architecture (Not Scored) ..................................................................... 9
1.2 Do Not Install a Multi-Use System (Not Scored) ................................................................ 11
1.3 Dedicated Name Server Role (Scored) ................................................................................... 13
1.4 Use Secure Upstream Caching DNS Servers (Not Scored) ............................................. 15
1.5 Installing ISC BIND 9 (Scored) ................................................................................................... 17
2 Restricting Permissions and Ownership ............................................................................................. 19
2.1 Run BIND as a non-root User (Scored) .................................................................................. 19
2.2 Give the BIND User Account an Invalid Shell (Scored) ................................................... 21
2.3 Lock the BIND User Account (Scored) .................................................................................... 22
2.4 Set root Ownership of BIND Directories (Scored) ............................................................ 23
2.5 Set root Ownership of BIND Configuration Files (Scored) ............................................ 25
2.6 Set Group named or root for BIND Directories and Files (Scored) ............................ 27
2.7 Set Group and Other Permissions Read-Only for BIND Non-Runtime Directories
(Scored) ....................................................................................................................................................... 29
2.8 Set Group and Other Permissions Read-Only for All BIND Files (Scored) .............. 31
2.9 Isolate BIND with chroot'ed Subdirectory (Scored) ........................................................ 33
3 Restricting Queries ....................................................................................................................................... 35
3.1 Ignore Erroneous or Unwanted Queries (Scored) ............................................................ 35
3.2 Restrict Recursive Queries (Scored) ....................................................................................... 37
3.3 Restrict Query Origins (Not Scored) ....................................................................................... 39