Ensure 'SSH source restriction' is set to an authorized IP address

Information

Determines the client IP addresses that are allowed to connect to the security appliance through SSH

Rationale:

One key element of securing the network is the security of management access to the infrastructure devices. It is critical to establish the appropriate controls in order to prevent unauthorized access to infrastructure devices. One of them is permitting only authorized originators to attempt device management access. This ensures that the processing of access requests is restricted to an authorized source IP address, thus reducing the risk of unauthorized access and the exposure to other attacks, such as brute force, dictionary, or DoS attacks.

Solution

Use the Data Interfaces tab on Device > System Settings > Management Access

See Also

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/hardening/ftd/FTD_Hardening_Guide_v64.html

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(11)

Plugin: Cisco_Firepower

Control ID: 5ba3ddb7ec444fb8ca6a047971c1d56221000a754fcffef0c368b3a3263fffab