1.2.3 Ensure HTTP and Telnet options are disabled for the management interface
HTTP and Telnet options should not be enabled for device management. Rationale: Management access over cleartext services such as HTTP or Telnet could result in a compromise of administrator credentials and other sensitive information related to device management. Theft of either administrative credentials or session data is easily accomplished with a "Man in the Middle" attack.
Navigate to Device > Setup > Interfaces > Management. Set the HTTP and Telnet boxes to unchecked. Default Value: Not set. (HTTP and Telnet are disabled by default)