Details

HTTP and Telnet options should not be enabled for device management.

Rationale:

Management access over cleartext services such as HTTP or Telnet could result in a compromise of administrator credentials and other sensitive information related to device management. Theft of either administrative credentials or session data is easily accomplished with a “Man in the Middle” attack.

Solution

Navigate to Device > Setup > Interfaces > Management.
Set the HTTP and Telnet boxes to unchecked.
Default Value:
Not set. (HTTP and Telnet are disabled by default)

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/2104

This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication, System and Communications Protection.This control applies to the following type of system Palo_Alto.

References

• 800-53|IA-2(1)
• 800-53|IA-5
• 800-53|SC-8
• CSCv6|3.4
• CSCv6|14.2
• CSCv6|16.13
• CSCv7|4.5
• CSCv7|14.4
• CSCv7|16.5

Source

• Tenable.com/audits