Free DISA STIG and SRG Library | Vaulted

V-65965

The HP FlexFabric Switch must be configured so inactive HP FlexFabric Switch interfaces are disabled.

Finding ID
HFFS-RT-000001
Rule ID
SV-80455r1_rule
Severity
Cat II
CCE
(None)
Group Title
SRG-NET-000019-RTR-000007
CCI
CCI-001414
Target Key
(None)
Documentable
No
Discussion

An inactive interface is rarely monitored or controlled and may expose a network to an undetected attack on that interface. unauthorized personnel with access to the communication facility could gain access to a router by connecting to a configured interface that is not in use.

Fix Text

Disable inactive the HP FlexFabric Switch interface: [HP-GigabitEthernet0/1] shutdown

Check Content

Review the network topology diagram and determine which HP FlexFabric Switch interfaces should be inactive. If there are inactive HP FlexFabric Switch interfaces that are enabled, this is a finding. [HP]display current-configuration interface interface GigabitEthernet0/1 port link-mode route pim sm ip address 192.168.10.1 255.255.255.0 packet-filter 3010 inbound