8.7: Enable DNS Query Logging
Enable Domain Name System (DNS) query logging to detect hostname lookups for known malicious domains.
Asset Type |
Security Function |
Implementation Groups |
|---|---|---|
Network |
Detect |
2, 3 |
Dependencies
Sub-control 2.5: Integrate Software and Hardware Asset Inventories
Sub-control 5.1: Establish Secure Configurations
Inputs
The list of internal DNS servers
The organization’s DNS configuration policy
Assumption
The organization maintains its own internal DNS server
Operations
For each internal DNS server (Input 1), compare the server’s DNS configuration with the organization’s DNS configuration policy
Measures
M1 = Count of internal DNS servers
M2 = Count of internal DNS servers matching the organization’s configuration policy
M3 = List of compliant DNS servers
M4 = List of non-compliant DNS servers
Metrics
DNS Configuration Coverage
Metric |
The ratio of internal DNS servers matching the approved configuration to the
total number of internal DNS servers.
|
Calculation |
|