Free DISA STIG and SRG Library | Vaulted
  1. Security Guide Library
  2. Infrastructure L3 Switch Security Technical Implementation Guide
  3. V-14717

V-14717

The network device must not allow SSH Version 1 to be used for administrative access.

Finding ID
NET1647
Rule ID
SV-15459r4_rule
Severity
Cat II
CCE
(None)
Group Title
The network element must not allow SSH Version 1.
CCI
(None)
Target Key
(None)
Documentable
No
Discussion

SSH Version 1 is a protocol that has never been defined in a standard. Since SSH-1 has inherent design flaws which make it vulnerable to attacks, e.g., man-in-the-middle attacks, it is now generally considered obsolete and should be avoided by explicitly disabling fallback to SSH-1.

Fix Text

Configure the network device to use SSH version 2.

Check Content

Review the configuration and verify SSH Version 1 is not being used for administrative access. If the device is using an SSHv1 session, this is a finding.

Responsibility

Information Assurance Officer

Vaulted is more than a library.

SIGN UP FOR FREE