Network devices must have the Finger service disabled.
The Finger service supports the UNIX Finger protocol, which is used for querying a host about the users that are logged on. This service is not necessary for generic users. If an attacker were to find out who is using the network, they may use social engineering practices to try to elicit classified DoD information.
Configure the device to disable the Finger service.
Review the device configuration to determine if Finger has been implemented. If the Finger service is enabled, this is a finding.
Information Assurance Officer