The router must be configured so inactive router interfaces are disabled.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000019-RTR-000007	SRG-NET-000019-RTR-000007	SRG-NET-000019-RTR-000007_rule		Medium

Description
An inactive interface is rarely monitored or controlled and may expose a network to an undetected attack on those interfaces. Disgruntled or unsatisfied employees are an inside threat, launching against DoD computer systems within the network. Unauthorized personnel with access to the communication facility could gain administrative access to a router by connecting to a configured interface that is not in use. If unauthorized personnel gain access to the router through an unsecured router interface, they could obtain administrative privileges and cause disruptions, disable links, or create denial of service conditions.

Description

An inactive interface is rarely monitored or controlled and may expose a network to an undetected attack on those interfaces. Disgruntled or unsatisfied employees are an inside threat, launching against DoD computer systems within the network. Unauthorized personnel with access to the communication facility could gain administrative access to a router by connecting to a configured interface that is not in use. If unauthorized personnel gain access to the router through an unsecured router interface, they could obtain administrative privileges and cause disruptions, disable links, or create denial of service conditions.

STIG	Date
Router Security Requirements Guide	2013-07-30

Details

Check Text ( C-SRG-NET-000019-RTR-000007_chk )
Verify inactive interfaces on the router or multilayer switch are disabled. If there are any inactive interfaces enabled on the router or multilayer switch, this is a finding.

Fix Text (F-SRG-NET-000019-RTR-000007_fix)
Remove subinterfaces and disable any inactive ports on the router or multilayer switch.