CISC-RT-000190 – The Cisco switch must be configured to have Internet Control Message Protocol (ICMP) redirect messages disabled on all external interfaces.

Details

The ICMP supports IP traffic by relaying information about paths, routes, and network conditions. Switches automatically send ICMP messages under a wide variety of conditions. Redirect ICMP messages are commonly used by attackers for network mapping and diagnosis.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Disable ICMP redirects on all external interfaces as shown in the example below:

SW1(config)#int g0/1
SW1(config-if)#no ip redirects

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Cisco_IOS_Switch_Y21M07_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Cisco.

References

800-53|SC-5
CAT|II
CCI|CCI-002385
Rule-ID|SV-220435r622190_rule
STIG-ID|CISC-RT-000190
STIG-Legacy|SV-110717
STIG-Legacy|V-101613
Vuln-ID|V-220435

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles