Details
An inactive interface is rarely monitored or controlled and may expose a network to an undetected attack on that interface. Unauthorized personnel with access to the communication facility could gain access to a router by connecting to a configured interface that is not in use.
If an interface is no longer used, the configuration must be deleted and the interface disabled. For sub-interfaces, delete sub-interfaces that are on inactive interfaces and delete sub-interfaces that are themselves inactive. If the sub-interface is no longer necessary for authorized communications, it must be deleted.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Disable all inactive interfaces as shown below:
R4(config)#interface GigabitEthernet3
R4(config-if)#shutdown
R4(config)#interface GigabitEthernet4
R4(config-if)#shutdown
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Cisco.
References
- 800-53|AC-4
- CAT|III
- CCI|CCI-001414
- Rule-ID|SV-216646r531086_rule
- STIG-ID|CISC-RT-000060
- STIG-Legacy|SV-106003
- STIG-Legacy|V-96865
- Vuln-ID|V-216646