STIGQter STIGQter: STIG Summary: Layer 2 Switch Security Technical Implementation Guide - Cisco Version: 8 Release: 27 Benchmark Date: 25 Jan 2019: Network devices must have TCP and UDP small servers disabled.

DISA Rule

SV-3078r3_rule

Vulnerability Number

V-3078

Group Title

TCP and UDP small server services are not disabled.

Rule Version

NET0720

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Change the device configuration to include the following IOS commands: no service tcp-small-servers and no service udp-small-servers for each device running an IOS version prior to 12.0. This is the default for IOS versions 12.0 and later (i.e., these commands will not appear in the running configuration.)

Check Contents

Review all Cisco device configurations to verify service udp-small-servers and service tcp-small-servers are not found.

If TCP and UDP servers are not disabled, this is a finding.

Note: The TCP and UDP small servers are enabled by default on Cisco IOS Software Version 11.2 and earlier. They are disabled by default on Cisco IOS Software Versions 11.3 and later.

Vulnerability Number

V-3078

Documentable

False

Rule Version

NET0720

Severity Override Guidance

Review all Cisco device configurations to verify service udp-small-servers and service tcp-small-servers are not found.

If TCP and UDP servers are not disabled, this is a finding.

Note: The TCP and UDP small servers are enabled by default on Cisco IOS Software Version 11.2 and earlier. They are disabled by default on Cisco IOS Software Versions 11.3 and later.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

512

Comments