4.3.1 Enable Botnet C&C Domain Blocking DNS Filter

Information

Enable Botnet C&C domain blocking to block botnet access at the DNS name resolving stage.

Rationale:

Blocking botnet website access at the DNS resolution stage provides an additional layer of defense.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

On GUI:

1. Go to Security Profiles > DNS Filter.
2. On the relevant security profile name, double click. Enable 'Redirect botnet C&C requests to Block Portal'.
2. Ensure that firewall policies that have DNS traffic have a DNS Filter security profile applied with that option enabled.

Default Value:

'Redirect botnet C&C requests to Block Portal' is enabled on default profile.

See Also

https://workbench.cisecurity.org/benchmarks/12961

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-8, CSCv7|8.6, CSCv7|8.7

Plugin: FortiGate

Control ID: 4182e83ade1a92d2e187b053839c69a8a05e77358e274273949bb0b8c7915f9b