UCF STIG Viewer Logo

Network devices must have identification support disabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-5616 NET0726 SV-5616r3_rule Low
Description
Identification support allows one to query a TCP port for identification. This feature enables an unsecured protocol to report the identity of a client initiating a TCP connection and a host responding to the connection. Identification support can connect a TCP port on a host, issue a simple text string to request information, and receive a simple text-string reply. This is another mechanism to learn the router vendor, model number, and software version being run.
STIG Date
Infrastructure L3 Switch - Cisco Security Technical Implementation Guide 2017-09-28

Details

Check Text ( C-3562r5_chk )
Review the device configuration to verify that identification support is not enabled via "ip identd" global command. It is disabled by default.

If identifications support is enabled, this is a finding.
Fix Text (F-5527r5_fix)
Configure the device to disable identification support.