Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-4582 | NET1623 | SV-19270r4_rule | High |
Description |
---|
Network devices with no password for administrative access via the console provide the opportunity for anyone with physical access to the device to make configuration changes enabling them to disrupt network operations resulting in a network outage. |
STIG | Date |
---|---|
Infrastructure L3 Switch Secure Technical Implementation Guide - Cisco | 2018-11-27 |
Check Text ( C-20059r4_chk ) |
---|
Review the network device's configuration and verify authentication is required for console access. If the device is accessed via the aux port, then verify that this port also requires authentication. If it is not used, then it must be disabled. The console port and the disabled aux port should look similar to the configuration example below that references an authentication list configured as AUTH_LIST. aaa authentication login AUTH_LIST group tacacs+ local ! line con 0 login authentication AUTH_LIST exec-timeout 10 0 Or using the default method list as shown in the example below. aaa authentication login default group tacacs+ local ! line con 0 exec-timeout 10 0 |
Fix Text (F-4515r4_fix) |
---|
Configure authentication for console access on the network device. |