• nbailey@lemmy.ca
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Or, hear me out, maybe we don’t expose network management interfaces to untrusted networks? Sure, shit can still get breached by very deep intrusions, but at least you don’t show up on shodan!?

    • _dev_null@lemmy.zxcvn.xyz
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Indeed, from a tenable article:

      Cisco does recommend disabling the HTTP Server feature on any Cisco IOS XE systems that are internet-facing. The advisory provides steps on how to disable the feature as well as steps on how to determine if the HTTP Server feature is enabled. Additionally, the Cisco security advisory outlines an additional command to run after disabling the HTTP Server feature, to ensure that the feature is not re-enabled after a system reload.

      So yeah, maybe not widen your attack surface to the whole fucking internet in the first place.