Details
An inactive interface is rarely monitored or controlled and may expose a network to an undetected attack on that interface. Unauthorized personnel with access to the communication facility could gain access to a switch by connecting to a configured interface that is not in use.
If an interface is no longer used, the configuration must be deleted and the interface disabled. For sub-interfaces, delete sub-interfaces that are on inactive interfaces and delete sub-interfaces that are inactive. If the sub-interface is no longer necessary for authorized communications, it must be deleted.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Disable all inactive interfaces as shown below:
SW1(config)#interface GigabitEthernet3
SW1(config-if)#shutdown
SW1(config)#interface GigabitEthernet4
SW1(config-if)#shutdown
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Cisco.
References
- 800-53|AC-4
- CAT|III
- CCI|CCI-001414
- Rule-ID|SV-220424r622190_rule
- STIG-ID|CISC-RT-000060
- STIG-Legacy|SV-110695
- STIG-Legacy|V-101591
- Vuln-ID|V-220424