Does your organization have a system in place to monitor DNS, BGP, and other critical network services for suspicious or malicious activities?
Explanation
Monitoring network services like DNS (Domain Name System) and BGP (Border Gateway Protocol) is crucial for detecting potential security threats such as DNS hijacking, BGP route hijacking, or other network-based attacks. These services are fundamental to internet connectivity and can be exploited to redirect traffic, perform man-in-the-middle attacks, or cause service disruptions if compromised.
Evidence of compliance could include documentation of monitoring tools deployed (such as DNS query logs, BGP route analyzers, or network traffic anomaly detection systems), alert configurations, incident response procedures specific to network service anomalies, and recent monitoring reports showing detection capabilities.
Implementation Example
Monitor DNS, BGP, and other network services for adverse events
ID: DE.CM-01.271
Context
- Function
- DE: DETECT
- Category
- DE.CM: Continuous Monitoring
- Sub-Category
- Networks and network services are monitored to find potentially adverse events
Related questions
- Does your organization implement network monitoring controls to detect and alert on unauthorized endpoint connections to both wired and wireless networks?
- Does your organization have a process to regularly monitor facilities for unauthorized or rogue wireless networks?
- Does your organization regularly compare actual network traffic flows against established baselines to detect and investigate deviations?
- Does your organization continuously monitor network communications to detect changes in security postures as part of a zero trust architecture?
- Does your organization monitor physical access control logs for unusual patterns and failed access attempts?
- Does your organization regularly review and monitor physical access records to track visitor and personnel entry to facilities?

