Customer has security audit requirements and their audit team is asking my customer to prove that all these services with vulnerabilities to be shut down.
Understand that we can turn off TLS 1.0 and 1.1 on ISE 2.2P2 but we're still unsure how do we turn off SSH v1.
Would like to know what is ISE PM and TME stand point on the above matters as well as future security vulnerabilities that might require customers to turn off additional services on ISE engine.hslai
Solved! Go to Solution.
Actually that is the exact documentation that the customer is referring to as a hardening guide. They are upset that it's the advise of that specific documentation to follow the Prime Infra Admin guide, which in turn advise for turning off SSHv1. When they attempt to do so with TAC as they require the ISE Root admin password, TAC refused saying it's not recommended.
As such, we're in quite a bind with regards to this.
Thanks a lot Hslai, would there be any documentation that we could show to user's compliance audit team to convince them that ISE is not impacted by SSHv2 vulnerabilities sine we only accept connections from SSH v2 clients. Would be good if there's a way to show them that ISE itself is configured that way.