The network element must have identification support disabled.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-5616	NET0726	SV-5616r2_rule	ECSC-1	Low

Description
Identification support allows one to query a TCP port for identification. This feature enables an unsecured protocol to report the identity of a client initiating a TCP connection and a host responding to the connection. Identification support can connect a TCP port on a host, issue a simple text string to request information, and receive a simple text-string reply. This is another mechanism to learn the router vendor, model number, and software version being run.

Description

Identification support allows one to query a TCP port for identification. This feature enables an unsecured protocol to report the identity of a client initiating a TCP connection and a host responding to the connection. Identification support can connect a TCP port on a host, issue a simple text string to request information, and receive a simple text-string reply. This is another mechanism to learn the router vendor, model number, and software version being run.

STIG	Date
Infrastructure L3 Switch Secure Technical Implementation Guide - Cisco	2013-10-08

Details

Check Text ( C-3562r4_chk )
IOS Procedure: Review the device configuration to verify that identification support is not enabled via "ip identd" global command. It is disabled by default.

Fix Text (F-5527r4_fix)
IOS Procedure: Disable identification support by configuring the global "no ip identd" command.