DNS

Domain name resolution is required when some services are used, e.g. the web proxy. When DNS servers are compromised, attackers can then redirect traffic to fraudulent peers.

R25 | SNS | Choose controlled DNS servers
Controlled DNS resolvers should be configured in Configuration > System > Configure > Network settings.

R25 ⁃ | SNS | Change default DNS servers
DNS resolvers configured by default should be replaced with the ISP’s if there are no controlled resolvers in the IS.

An SNS firewall’s object database makes it possible to create static or dynamic objects. These objects depend on a domain name that the SNS firewall regularly resolves. There are about fifteen such domain names by default, ending in stormshieldcs.eu or stormshield.eu, part of which is represented in the image below (these names may vary depending on updates). By applying recommendation R30, such DNS requests can be blocked by default.

Using an internal mirror (recommendation R24) means that an SNS firewall does not have to contact Stormshield's update servers directly. Also, when controlled DNS servers are used (recommendation R25) addresses for Stormshield's other services (license management, etc.) no longer need to be managed.

R26 | SNS | Restrict the use of dynamic objects
Unused dynamic objects should be deleted and objects that remain in static mode should be reconfigured instead in Configuration > Objects > Network.
As dynamic objects are local objects, they cannot be deleted from an SMC server.

R26 | SMC | Restrict the use of dynamic objects
Unused dynamic objects (FQDN) should be deleted and objects that remain in static mode should be reconfigured instead in Network objects.