[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

New to -02: services off by default

To: opsec@ops.ietf.org
Subject: New to -02: services off by default
From: George Jones <gmj@pobox.com>
Date: Mon, 27 Oct 2003 07:24:17 -0500 (EST)
Reply-to: gmj@pobox.com

2.5.3 Listening Services Should Be Off By Default

   Requirement. Services that cause the device to listen for traffic
      destined for itself SHOULD be off by default.  The user SHOULD
      have to take explicit actions to enable any such services.

   Justification. Open ports have the potential to expose
      vulnerabilities. The user, not the vendor, should decide which
      services are required and what risks to accept.  This will also
      prevent systems from being compromised through the misuse of
      services which the user was unaware were enabled.

   Examples. If the device supports SSH, HTTP, telnet and SNMP, in the
      default configuration they should all be disabled.

   Warnings. None.

Prev by Date: RE: More BCP: revenge of RS232 and CLIs
Next by Date: New to -02: Software/OS Install, Authorized Access Recovery
Previous by thread: -02 submitted
Next by thread: New to -02: Software/OS Install, Authorized Access Recovery
Index(es):
- Date
- Thread