1.2.10 Set 'transport input none' for 'line aux 0'

Information

When you want to allow only an outgoing connection on a line, use the no exec command.

Rationale:

Unused ports should be disabled, if not required, since they provide a potential access path for attackers. Some devices include both an auxiliary and console port that can be used to locally connect to and configure the device. The console port is normally the primary port used to configure the device; even when remote, backup administration is required via console server or Keyboard, Video, Mouse (KVM) hardware. The auxiliary port is primarily used for dial-up administration via an external modem; instead, use other available methods.

Impact:

Organizations should prevent all unauthorized access of auxiliary ports by disabling all protocols using the 'transport input none' command.

Solution

Disable the inbound connections on the auxiliary port.

hostname(config)#line aux 0
hostname(config-line)#transport input none

See Also

https://workbench.cisecurity.org/files/3801

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2(5), 800-53|AC-11, CSCv7|16.11

Plugin: Cisco

Control ID: fd16a99c5bc4e01a9df5e6669915096f117aa115385f3c1e13c13939a1ff3493