1.1.6 Set 'login authentication for 'ip http' - http secure-server

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

If account management functions are not automatically enforced, an attacker could gain privileged access to a vital element of the network security architecture

Rationale:

Using AAA authentication for interactive management access to the device provides consistent, centralized control of your network. The default under AAA (local or network) is to require users to log in using a valid user name and password. This rule applies for both local and network AAA.

Impact:

Enabling Cisco AAA 'line login' is significantly disruptive as former access methods are immediately disabled. Therefore, before enabling Cisco AAA 'line login', the organization should plan and implement authentication logins and passwords, challenges and responses, and token technologies.

Solution

Configure management lines to require login using the default or a named AAA authentication list. This configuration must be set individually for all line types.

hostname#(config)ip http secure-server
hostname#(config)ip http authentication {default | _aaa\_list\_name_}

Default Value:

Login authentication is not enabled.

Uses the default set with aaa authentication login.

See Also

https://workbench.cisecurity.org/files/3801