2.1.3 Set 'no ip bootp server'

Information

Disable the Bootstrap Protocol (BOOTP) service on your routing device.

Rationale:

BootP allows a router to issue IP addresses. This should be disabled unless there is a specific requirement.

Impact:

To reduce the risk of unauthorized access, organizations should implement a security policy restricting network protocols and explicitly require disabling all insecure or unnecessary protocols such as 'ip bootp server'.

Solution

Disable the bootp server.

hostname(config)#ip dhcp bootp ignore

Default Value:

Enabled

See Also

https://workbench.cisecurity.org/files/3801

Item Details

Category: SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CA-9, 800-53|SC-7, 800-53|SC-7(5), CSCv7|9.2

Plugin: Cisco

Control ID: 7e100d76a3d89a84107aee0b9f77e5555d15a873bb71811377073025d9ae1a3f