HTTP and Telnet options should not be enabled for device management. Rationale: Management access over cleartext services such as HTTP or Telnet could result in a compromise of administrator credentials and other sensitive information related to device management. Theft of either administrative credentials or session data is easily accomplished with a 'Man in the Middle' attack.
Navigate to Device > Setup > Interfaces > Management. Set the HTTP and Telnet boxes to unchecked. Default Value: Not set. (HTTP and Telnet are disabled by default)