STIGQter STIGQter: STIG Summary: HP FlexFabric Switch L2S Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020:

The HP FlexFabric Switch must be configured to disable non-essential capabilities.

DISA Rule

SV-80451r1_rule

Vulnerability Number

V-65961

Group Title

SRG-NET-000131-L2S-000014

Rule Version

HFFS-L2-000001

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Remove unneeded services and functions from the HP FlexFabric Switch. Removal is recommended since the service or function may be inadvertently enabled otherwise. However, if removal is not possible, disable the service or function.

Disable unsecure protocols and services on the HP FlexFabric Switch:

[HP] undo ftp server enable
[HP] undo telnet server enable

Note: By default, both FTP and Telnet services are disabled.

Check Contents

Review the HP FlexFabric Switch configuration to determine if services or functions not required for operation, or not related to switch functionality, are enabled.

If unnecessary services and functions are enabled on the HP FlexFabric Switch, this is a finding.

[HP] display ftp-server
FTP is not configured.

[HP] display current-configuration | include telnet

Note: When Telnet server is enabled, the output for this command is telnet server enable.

Vulnerability Number

V-65961

Documentable

False

Rule Version

HFFS-L2-000001

Severity Override Guidance

Review the HP FlexFabric Switch configuration to determine if services or functions not required for operation, or not related to switch functionality, are enabled.

If unnecessary services and functions are enabled on the HP FlexFabric Switch, this is a finding.

[HP] display ftp-server
FTP is not configured.

[HP] display current-configuration | include telnet

Note: When Telnet server is enabled, the output for this command is telnet server enable.

Check Content Reference

M

Target Key

2977

Comments