Information
Permit only the necessary IP addresses to be used to manage the device.
Rationale:
Management access to the device should be restricted to the IP addresses or subnets used by firewall administrators. Permitting management access from other IP addresses increases the risk of unauthorized access through password guessing, stolen credentials, or other means.
Solution
Navigate to Device > Setup > Interfaces > Management.
Set Permitted IP Addresses to only those necessary for device management for the SSH and HTTPS protocols. If no profile exists, create one that has these addresses set.
Default Value:
Not enabled (all addresses that can reach the interface are permitted)
Item Details
Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT
References: 800-53|AC-2(1), 800-53|AC-3, 800-53|AC-18, 800-53|AC-18(1), 800-53|AC-18(3), 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, CSCv7|11.6, CSCv7|11.7
Control ID: a74bca1ebd096e0db92463e62e41a6b40a9ba99fa4563ba376e901f27daeab09