AMLS-L3-000140 - The Arista Multilayer Switch must be configured so inactive router interfaces are disabled.

Information

An inactive interface is rarely monitored or controlled and may expose a network to an undetected attack on that interface. Unauthorized personnel with access to the communication facility could gain access to a router by connecting to a configured interface that is not in use.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Remove subinterfaces and disable any inactive ports on the router via the 'shutdown' command on the interface configuration mode.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Arista_MLS_DCS-7000_Series_Y24M07_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-4, CAT|II, CCI|CCI-001414, Rule-ID|SV-217492r382735_rule, STIG-ID|AMLS-L3-000140, STIG-Legacy|SV-75353, STIG-Legacy|V-60895, Vuln-ID|V-217492

Plugin: Arista

Control ID: fd01385829cb3767b05a19fc2754209ec698a1b61bb871ebdf2aedc8161a9649