1.2.3 Ensure HTTP and Telnet options are disabled for the management interface

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


HTTP and Telnet options should not be enabled for device management.


Management access over cleartext services such as HTTP or Telnet could result in a compromise of administrator credentials and other sensitive information related to device management. Theft of either administrative credentials or session data is easily accomplished with a 'Man in the Middle' attack.


Navigate to Device > Setup > Interfaces > Management.
Set the HTTP and Telnet boxes to unchecked.

Default Value:

Not set. (HTTP and Telnet are disabled by default)

See Also