3.8 Ensure 'security-level' is set to '0' for Internet-facing interface

Information

Sets the security level of the Internet facing interface to 0

Rationale:

Where security zones are not configured, the Internet facing interface is the most untrusted interface and must have the lowest security-level that is 0. Therefore, any traffic initiated from this interface to the other interfaces of the security appliance must be checked by a specific access-control list rule in order to be permitted.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Step 1: Acquire the physical name of the Internet facing interface <interface_physical_name>

Step 2: Run the following command assigned the security-level 0

hostname(config)#interface <interface_physical_name>
hostname(config-if)#security-level 0

Default Value:

Security level is not assigned by default

See Also

https://workbench.cisecurity.org/benchmarks/7194

Item Details

Category: CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CM-6, 800-53|CM-7, 800-53|CP-6, 800-53|CP-7, 800-53|PL-8, 800-53|PM-7, 800-53|SA-8, 800-53|SC-7, 800-53|SC-23, CSCv7|11.1

Plugin: Cisco

Control ID: bb58451802870a17a4984b3cbe683be5f4a27991325bb3d8c61723a67cdbae73