1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device management

Information

Permit only the necessary IP addresses to be used to manage the device.

Rationale:

Management access to the device should be restricted to the IP addresses or subnets used by firewall administrators. Permitting management access from other IP addresses increases the risk of unauthorized access through password guessing, stolen credentials, or other means.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Navigate to Device > Setup > Interfaces > Management.
Set Permitted IP Addresses to only those necessary for device management for the SSH and HTTPS protocols. If no profile exists, create one that has these addresses set.

Default Value:

Not enabled (all addresses that can reach the interface are permitted)

See Also

https://workbench.cisecurity.org/benchmarks/17915