Details
The risk of an attack increases with more services enabled on the firewall, since the firewall will listen for these services. If non-firewall services (e.g., DNS servers, e-mail client servers, ftp servers, web servers, etc.) are part of the standard firewall suite and are not necessary for administration of the firewall, they will be uninstalled or disabled.
NOTE: This check requires a manual review. Verify all non-essential features are removed from the firewall.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
The Firewall Administrator will only utilize services related to the operation of the firewall. Any unnecessary services, even if they are part of the firewall standard suite, must be uninstalled or disabled.
Supportive Information
The following resource is also helpful.
This control applies to the following type of system Cisco.
References
- CAT|II
- Rule-ID|SV-3054r3_rule
- STIG-ID|NET0377
- Vuln-ID|V-3054