1.2.3 Ensure HTTP and Telnet options are disabled for the management interface

Information

HTTP and Telnet options should not be enabled for device management.
Rationale:
Management access over cleartext services such as HTTP or Telnet could result in a compromise of administrator credentials and other sensitive information related to device management. Theft of either administrative credentials or session data is easily accomplished with a "Man in the Middle" attack.

Solution

Navigate to Device > Setup > Interfaces > Management.
Set the HTTP and Telnet boxes to unchecked.
Default Value:
Not set. (HTTP and Telnet are disabled by default)

See Also

https://workbench.cisecurity.org/files/2104

Item Details

Category: IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|IA-2(1), 800-53|IA-5, 800-53|SC-8, CSCv6|3.4, CSCv6|14.2, CSCv6|16.13, CSCv7|4.5, CSCv7|14.4, CSCv7|16.5

Plugin: Palo_Alto

Control ID: 53d602edb701eb4ea6c9a3cbe91230622eac7ad2c909e783b09312da3e3631fa