NET0730 - The finger service is not disabled

Information

The network element must have the Finger service disabled.

The finger service supports the UNIX finger protocol, which is used for querying a host about the users that are logged on. This service is not necessary for generic users. If an attacker were to find out who is using the network, they may use social engineering practices to try to elicit classified DoD information.

NOTE: Beginning with IOS 12.1(5), finger is disabled by default. For IOS version 12.0 through 12.1(4), verify that the no ip finger command is present. For any version prior to 12.0, verify that the no service finger command is present.

Solution

Disable the finger service.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Network_Perimeter_Router_L3_Switch_V8R32_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7, CAT|III, CSCv6|9.1, Rule-ID|SV-3079r3_rule, STIG-ID|NET0730, Vuln-ID|V-3079

Plugin: Cisco

Control ID: 5bdeb20f510c8a564d51e9f040268df7b77176b3f7f844dca41465f399963bf7