DoD STIGs – V-32519

Overview:

Title: The application must perform data origin authentication and data integrity verification on the name/address resolution responses the system receives from authoritative sources when requested by client systems.

Vulnerability ID: V-32519

STIG ID:

IA Controls: None

Severity: medium

Description: A recursive resolving or caching Domain Name System (DNS) server is an example of an information system providing name/address resolution service for local clients.

Authoritative DNS servers are examples of authoritative sources. Information systems using technologies other than the DNS to map between host/service names and network addresses provide other means to enable clients to verify the authenticity and integrity of response data.

This requirement is specific to application providing DNS services. This is NA for databases.

Check Text: This check is NA for databases.

Fix Text: This fix is NA for databases.

[divider]

Interpreting V-32519:

Alias setup screen shot

The SQL 2014 alias configuration screen

As noted in the description, this is not specific to a RDBMS system, like SQL Server.

There is an option in the SQL Server Configuration Manager to set aliases under the SQL Native Client Configuration. An alias is an alternate name that can be used to make a connection to SQL Server, or other servers. The alias encapsulates the required elements of a connection string, and exposes them with a name chosen by the user. Aliases can be used by any client application. By creating server aliases, your client computer can connect to multiple servers using different network protocols, without having to specify the protocol and connection details for each one. You should check these values on a regular basis to ensure there isn’t any incorrect or malicious redirection of SQL Server connections.

Return to the DoD STIGs – Database Security Requirements Guide

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.