1.2.3 Ensure HTTP and Telnet options are disabled for the management interface

Information

HTTP and Telnet options should not be enabled for device management.

Rationale:

Management access over cleartext services such as HTTP or Telnet could result in a compromise of administrator credentials and other sensitive information related to device management. Theft of either administrative credentials or session data is easily accomplished with a 'Man in the Middle' attack.

Solution

Navigate to Device > Setup > Interfaces > Management.
Set the HTTP and Telnet boxes to unchecked.

Default Value:

Not set. (HTTP and Telnet are disabled by default)

See Also

https://workbench.cisecurity.org/benchmarks/8826