Ensure ‘SCP protocol’ is set to Enable for files transfers
Details Enables Secure Copy protocol Rationale: FTP and TFTP are protocols that transfer data in clear text across the network...
- Home
- Security Hardening
- CIS Cisco Firewall V8.x L1 V4 2.0
CIS Cisco Firewall V8.x L1 V4 2.0
Ensure ‘SSH session timeout’ is less than or equal to ‘5’ minutes
Details Sets the idle timeout for an SSH session before the security appliance terminates it. Rationale: Limiting session timeout prevents...Ensure ‘SSH source restriction’ is set to an authorized IP address
Details Determines the client IP addresses that are allowed to connect to the security appliance through SSH Rationale: One key...Ensure ‘SSH version 2’ is enabled
Details Sets the SSH version to 2 Rationale: SSH is an application running on top of a reliable transport layer,...Ensure ‘SSL AES 256 encryption’ is set for HTTPS access
Details Sets the SSL encryption algorithm to AES 256 Rationale: Given that the network may be prone to sniffing, the...Ensure ‘TACACS+/RADIUS’ is configured correctly – protocol
Details Specifies the AAA server-group and each individual server using the TACACS+ or RADIUS protocol Rationale: Authentication, authorization and accounting...Ensure ‘TACACS+/RADIUS’ is configured correctly – server
Details Specifies the AAA server-group and each individual server using the TACACS+ or RADIUS protocol Rationale: Authentication, authorization and accounting...Ensure ‘Telnet’ is disabled
Details Disables the telnet access to the security appliance in the case it has been configured Rationale: Telnet is an...Ensure ‘TLS 1.2’ is set for HTTPS access
Details Enable SSL server version to TLS 1.2 Rationale: Given that the network may be prone to sniffing, the HTTP...Ensure ‘Unused Interfaces’ is disable
Details Disables the unused interfaces Rationale: Shutting down the unused interfaces is a complement to physical security. In fact, an...