From Firewall Security Technical Implementation Guide - Cisco
Part of Firewall has unnecessary services enabled.
The risk of an attack increases with more services enabled on the firewall, since the firewall will listen for these services. If non-firewall services (e.g., DNS servers, e-mail client servers, ftp servers, web servers, etc.) are part of the standard firewall suite and are not necessary for administration of the firewall, they will be uninstalled or disabled.
Have the Firewall Administrator display the services running on the firewall appliance or underlying OS. CAVEAT: Anti-virus software running on the firewall's OS would be an exception to the above requirement. It is recommended that anti-virus software be implemented on any non-appliance firewall if supported. However, it is not a finding if anti-virus software has not been implemented. If services that are not necessary for the administration of the firewall are found to be running on the firewall, this is a finding.
The Firewall Administrator will only utilize services related to the operation of the firewall. Any unnecessary services, even if they are part of the firewall standard suite, must be uninstalled or disabled.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer