3.8 Ensure 'security-level' is set to '0' for Internet-facing interface

Information

Sets the security level of the Internet facing interface to 0

Rationale:

Where security zones are not configured, the Internet facing interface is the most untrusted interface and must have the lowest security-level that is 0. Therefore, any traffic initiated from this interface to the other interfaces of the security appliance must be checked by a specific access-control list rule in order to be permitted.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Step 1: Acquire the physical name of the Internet facing interface <interface_physical_name>

Step 2: Run the following command assigned the security-level 0

hostname(config)#interface <interface_physical_name>
hostname(config-if)#security-level 0

Default Value:

Security level is not assigned by default

See Also

https://workbench.cisecurity.org/files/3246

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-4(21)

Plugin: Cisco

Control ID: 150825567aa20641f60d7300791148659dc988cbf67b17620ddc67a728838b44