Details
Verify no tunnel interfaces are defined.
Rationale:
Tunnel interfaces should not exist in general. They can be used for malicious purposes. If they are necessary, the network admin’s should be well aware of them and their purpose.
Impact:
Organizations should plan and implement enterprise network security policies that disable insecure and unnecessary features that increase attack surfaces such as ‘tunnel interfaces’.
Solution
Remove any tunnel interfaces.
hostname(config)#no interface tunnel {instance}
Default Value:
No tunnel interfaces are defined
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Cisco.