SV-220648r539671_rule
V-220648
SRG-NET-000131-L2S-000014
CISC-L2-000010
CAT II
10
Disable the following services if enabled as shown in the example below:
SW2(config)#no boot network
SW2(config)#no ip boot server
SW2(config)#no ip bootp server
SW2(config)#no ip dns server
SW2(config)#no ip identd
SW2(config)#no ip finger
SW2(config)#no ip http server
SW2(config)#no ip rcmd rcp-enable
SW2(config)#no ip rcmd rsh-enable
SW2(config)#no service config
SW2(config)#no service finger
SW2(config)#no service tcp-small-servers
SW2(config)#no service udp-small-servers
SW2(config)#no service pad
Review the switch configuration to verify that the switch does not have any unnecessary or non-secure services enabled. For example, the following commands should not be in the configuration:
boot network
ip boot server
ip bootp server
ip dns server
ip identd
ip finger
ip http server
ip rcmd rcp-enable
ip rcmd rsh-enable
service config
service finger
service tcp-small-servers
service udp-small-servers
service pad
Note: ip http server can be enabled provided that the "ip http active-session-modules none" command is configured for scenarios such as ISE sending URL redirects to the switch.
If any unnecessary services are enabled, this is a finding.
V-220648
False
CISC-L2-000010
Review the switch configuration to verify that the switch does not have any unnecessary or non-secure services enabled. For example, the following commands should not be in the configuration:
boot network
ip boot server
ip bootp server
ip dns server
ip identd
ip finger
ip http server
ip rcmd rcp-enable
ip rcmd rsh-enable
service config
service finger
service tcp-small-servers
service udp-small-servers
service pad
Note: ip http server can be enabled provided that the "ip http active-session-modules none" command is configured for scenarios such as ISE sending URL redirects to the switch.
If any unnecessary services are enabled, this is a finding.
M
4071