Details
Disable Cisco Discovery Protocol (CDP) service at device level.
Rationale:
The Cisco Discovery Protocol is a proprietary protocol that Cisco devices use to identify each other on a LAN segment. It is useful only in network monitoring and troubleshooting situations but is considered a security risk because of the amount of information provided from queries. In addition, there have been published denial-of-service (DoS) attacks that use CDP. CDP should be completely disabled unless necessary.
Impact:
To reduce the risk of unauthorized access, organizations should implement a security policy restricting network protocols and explicitly require disabling all insecure or unnecessary protocols.
Solution
Disable Cisco Discovery Protocol (CDP) service globally.
hostname(config)#no cdp run
Default Value:
Enabled on all platforms except the Cisco 10000 Series Edge Services Router
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Cisco.