Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-96923 | CISC-RT-000370 | SV-106061r1_rule | Low |
Description |
---|
CDP is a Cisco proprietary neighbor discovery protocol used to advertise device capabilities, configuration information, and device identity. CDP is media-and-protocol-independent as it runs over layer 2; therefore, two network nodes that support different layer 3 protocols can still learn about each other. Allowing CDP messages to reach external network nodes provides an attacker a method to obtain information of the network infrastructure that can be useful to plan an attack. |
STIG | Date |
---|---|
Cisco IOS XE Router RTR Security Technical Implementation Guide | 2020-06-30 |
Check Text ( C-95759r1_chk ) |
---|
This requirement is not applicable for the DODIN Backbone. Step 1: Verify if CDP is enabled globally as shown below: cdp run By default, CDP is not enabled globally or on any interface. If CDP is enabled globally, proceed to step 2. Step 2: Verify CDP is not enabled on any external interface as shown in the example below: interface GigabitEthernet2 ip address z.1.24.4 255.255.255.252 … … … cdp enable If CDP is enabled on any external interface, this is a finding. |
Fix Text (F-102603r1_fix) |
---|
This requirement is not applicable for the DODIN Backbone. Disable CDP on all external interfaces via no cdp enable command or disable CDP globally via no cdp run command. |