|
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: Administrators
A threat from DNS spoofing can arise when authentication is performed using computer names. Host-based authentication, which means that permissions are granted on the basis of computer names or IP addresses, should be protected with one (or a combination) of the following measures:
The first configuration provides the highest security, the third provides the lowest security. The aim of these measures is to perform a mapping between IP addresses and computer names in a secure environment. If name resolution cannot be performed directly, i.e. if a temporary cache is made use of, then host-based access should never be allowed via a host name.
© Copyright
by Bundesamt für Sicherheit in der Informationstechnik |
July 1999 |