Title

Network management ports on the SAN fabric switches except those needed to support the operational commitments of the sites are not disabled. (Cat II impact)

Discussion

Enabled network management ports that are not required expose the SAN fabric switch and the entire network to unnecessary vulnerabilities. By disabling these unneeded ports the exposure profile of the device and network is diminished. The IAO/NSO will disable all network management ports on the SAN fabric switches except those needed to support the operational commitments of the sites.

Check Content

The reviewer will, with the assistance of the IAO/NSO, verify that all network management ports on the SAN fabric switches are disabled except those needed to support the operational commitments of the sites.

Fix Text

Develop a plan to locate and disable all network management ports that are not required to support the operational commitments of the sites. Obtain CM approval of the plan and then execute the plan.

Additional Identifiers

Rule ID: SV-6769r1_rule

Vulnerability ID: V-6635

Group Title: SAN Network Management Ports Fabric Switch

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.