DNS servers
            424- DNS servers update other DNS servers using zone transfers.

            425- Zone transfers should be configured for authorized DNS servers only.

            426- DNS servers should listen to name resolution requests from intended interfaces only.
            427- Secure dynamic updates should be used only.

            428- Administrators should detect and remove rogue DNS servers on the network.

            429- DNS servers for web services should be placed inside a DMZ.



            File and print servers
            430- File and print servers are the most frequently used and heavily loaded servers.

            431- They  should  be  secured  with  Access  Control  Lists,  authentication  processes, and
            effective auditing and logging.

            432- If a user does not need to share a file or folder, he should not.

            433- Default  share  permissions  should  be  disabled,  and  anonymous  access  should not  be
            allowed.



            DHCP servers

            434- DHCP servers are used to automatically assign IP addresses to DHCP clients.
            435- DHCP servers maintain blocks of IP addresses in DHCP scopes.

            436- Access  to  a  DHCP  server  can  provide  information  about  an  internal  IP addressing

            scheme.
            437- DHCP  servers  must  be  secured  properly  and  kept  up  to  date  with  security patches,

            hotfixes, and service packs.

            438- Rogue DHCP servers should be detected and taken offline immediately.
            439- DHCP servers should be configured to send secure dynamic updates to DNS servers.

            440- Only authorized administrators should be permitted to manage DHCP servers.




















                   www.hrnikkhah.com                        by :  Hamid  Reza  Nikkhah                 Page 24