As promised, I will keep adding to the list of what Network Engineers should do to harden their Cisco network devices. This article, as what it says on the title, talks about how to disable HTTP and HTTPS service running on your Cisco network devices by default. Brand new out of the box, the Cisco routers and switches contain HTML files that allow you to manage them using Graphical User Interface (GUI). Cisco Network Academy Program and most Cisco Press books teach students to use CLI and not GUI so most Network Engineers won’t be using this GUI. Having said that, if you don’t use it then disable it. That’s what IT-Security guys would say because this mitigate attacks by limiting what services that are running on your devices.
The screenshot below shows you a port scan of a newly configured switch with Telnet disabled and SSH enabled.
To disable this default behavior, issue the following commands:
Router (config)#no ip http server no ip http secure-server
Upon disabling HTTP and HTTPS services, here’s what it would look like after doing a port scan.
I hope this has been helpful and I thank you for reading!
Disclosure
NetworkJutsu.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.