Details

Disables the unused interfaces

Rationale:

Shutting down the unused interfaces is a complement to physical security. In fact, an attacker connecting physically to an unused port of the security appliance can use the interface to gain access to the device if the relevant interface has not been disabled and the source restriction to management access is not enabled.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Step 1: Identify the physical name of the unused interfaces that are not disabled

Step 2: For each of the identified interfaces, run the following command

Hostname(config)#interface
Hostname(config-if)#shutdown

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/3246

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Cisco.

References

• 800-53|CM-2
• CSCv7|11.1

Source

• Tenable.com/audits