It is important to disable or secure all unneeded services. If Cisco
discovery protocol (CDP)
, domain name
service (DNS), network time protocol (NTP)
,
hypertext transfer protocol (HTTP)
, TFTP, SNMP, or
Telnet are not used in the network, they should be disabled.
HTTP/Web
Management
HTTP/Web Management is useful, but using it on network
equipment may weaken the network security. Many vendors have serious bugs in
their Web server software. For maximum security, HTTP should be disabled on a
production network. If HTTP is used, it should be password protected. If
vulnerability is published, security advisories from the vendor should be
monitored and new firmware should be applied.
Unless needed, TFTP and
FTP should not be enabled. Some vendors use very weak TFTP schemes, which allow
the configuration file to be downloaded by any user. Because the configuration
file contains passwords and WEP keys, security can be compromised.