The IDPS must disable use of organizationally defined networking protocols.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000067-IDPS-000016	SRG-NET-000067-IDPS-000016	SRG-NET-000067-IDPS-000016_rule		Medium

Description
Some networking protocols that allow remote access may not meet security requirements to protect data and components. The organization can either make a determination as to the relative security of the networking protocol or management console the security decision on the assessment of other entities. Unsecure protocols such as TELNET and FTP must be turned off at the device level or the IDPS components may be using these protocols. These protocols are often enabled by default, so the system administrator must ensure an explicit command to disable the disallowed protocols may be required.

Description

Some networking protocols that allow remote access may not meet security requirements to protect data and components. The organization can either make a determination as to the relative security of the networking protocol or management console the security decision on the assessment of other entities. Unsecure protocols such as TELNET and FTP must be turned off at the device level or the IDPS components may be using these protocols. These protocols are often enabled by default, so the system administrator must ensure an explicit command to disable the disallowed protocols may be required.

STIG	Date
IDPS Security Requirements Guide (SRG)	2012-03-08

Details

Check Text ( C-43129_chk )
Verify networking protocols which are not allowed in accordance with organizationally defined policies (e.g., FTP and TELNET) are disabled. If networking protocols which are not allowed in accordance with organizationally defined policies (e.g., FTP and TELNET) are not disabled, this is a finding.

Fix Text (F-43129_fix)
In the device configuration, disable protocols which are disallowed based on organizationally defined policy.