Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-5616 | NET0726 | SV-5616r3_rule | Low |
Description |
---|
Identification support allows one to query a TCP port for identification. This feature enables an unsecured protocol to report the identity of a client initiating a TCP connection and a host responding to the connection. Identification support can connect a TCP port on a host, issue a simple text string to request information, and receive a simple text-string reply. This is another mechanism to learn the router vendor, model number, and software version being run. |
STIG | Date |
---|---|
Perimeter L3 Switch Security Technical Implementation Guide - Cisco | 2018-02-27 |
Check Text ( C-3562r5_chk ) |
---|
Review the device configuration to verify that identification support is not enabled via "ip identd" global command. It is disabled by default. If identifications support is enabled, this is a finding. |
Fix Text (F-5527r5_fix) |
---|
Configure the device to disable identification support. |