1.2.3 Ensure HTTP and Telnet options are disabled for the management interface


HTTP and Telnet options should not be enabled for device management.


Management access over cleartext services such as HTTP or Telnet could result in a compromise of administrator credentials and other sensitive information related to device management. Theft of either administrative credentials or session data is easily accomplished with a 'Man in the Middle' attack.


Navigate to Device > Setup > Interfaces > Management.
Set the HTTP and Telnet boxes to unchecked.

Default Value:

Not set. (HTTP and Telnet are disabled by default)

See Also