Details

Sets the privilege level for the user.

Rationale:

Default device configuration does not require strong user authentication potentially enabling unfettered access to an attacker that is able to reach the device. Creating a local account with privilege level 1 permissions only allows the local user to access the device with EXEC-level permissions and will be unable to modify the device without using the enable password. In addition, require the use of an encrypted password as well (see Section 1.1.4.4 – Require Encrypted User Passwords).

Impact:

Organizations should create policies requiring all local accounts with ‘privilege level 1’ with encrypted passwords to reduce the risk of unauthorized access. Default configuration settings do not provide strong user authentication to the device.

Solution

Set the local user to privilege level 1.

hostname(config)#username privilege 1

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/3160https://workbench.cisecurity.org/files/3160

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Cisco.

References

• 800-53|CM-6
• CSCv6|5.1
• CSCv7|5.1

Source

• Tenable.com/audits