6.5.11 (L1) Host SSH daemon, if enabled, must not permit tunnels

Information

Preventing tunnel creation in the SSH daemon is a security measure aimed at thwarting unauthorized network tunneling through the host. This control, when enforced, helps mitigate the risks associated with potential data exfiltration or unauthorized network access that could occur via SSH tunnels.

By disallowing tunnel creation, organizations can ensure that the SSH daemon is not exploited for unauthorized tunneling activities, thus contributing to a more secure network posture.

Solution

Impact:

There is no reported functional impact associated with this security control, indicating that the prevention of SSH tunneling does not adversely affect the host's normal operational behavior.

See Also

https://workbench.cisecurity.org/benchmarks/15784

Item Details

Category: CONFIGURATION MANAGEMENT, MAINTENANCE

References: 800-53|CM-7, 800-53|MA-4, CSCv7|5.1

Plugin: Unix

Control ID: 0c325fbeb5f86430e6f446739ebdf6a4b93c6b71b5267b2c6605b1f17e40f4d2