STIGQter: STIG Summary: Cisco IOS Router RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: Cisco IOS Router RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:SV-216557r531085_rule
V-216557
SRG-NET-000131-RTR-000035
CISC-RT-000070
CAT III
10
Disable the following services if enabled as shown in the example below.
R2(config)#no boot network
R2(config)#no ip boot server
R2(config)#no ip bootp server
R2(config)#no ip dns server
R2(config)#no ip identd
R2(config)#no ip finger
R2(config)#no ip http server
R2(config)#no ip rcmd rcp-enable
R2(config)#no ip rcmd rsh-enable
R2(config)#no service config
R2(config)#no service finger
R2(config)#no service tcp-small-servers
R2(config)#no service udp-small-servers
R2(config)#no service pad
Review the router configuration to verify that the router does not have any unnecessary or non-secure services enabled. For example, the following commands should not be in the configuration:
boot network
ip boot server
ip bootp server
ip dns server
ip identd
ip finger
ip http server
ip rcmd rcp-enable
ip rcmd rsh-enable
service config
service finger
service tcp-small-servers
service udp-small-servers
service pad
If any unnecessary services are enabled, this is a finding.
V-216557
False
CISC-RT-000070
Review the router configuration to verify that the router does not have any unnecessary or non-secure services enabled. For example, the following commands should not be in the configuration:
boot network
ip boot server
ip bootp server
ip dns server
ip identd
ip finger
ip http server
ip rcmd rcp-enable
ip rcmd rsh-enable
service config
service finger
service tcp-small-servers
service udp-small-servers
service pad
If any unnecessary services are enabled, this is a finding.
M
4027