An internal security scan showed that TCP port 514 is open on the Cisco Prime LMS 4.2.4 server. The security team is concerned that this port is commonly used for rsh, which is not encrypted and may use plain text logins or poorly authenticated logins. The port being open is documented in the "Installing and Migrating ..." manual for LMS 4.2 where it says that this TCP port 514 is used for Remote Copy Protocol in the direction from the server to device. The well-known port associated with a service is usually on the target host, not on the host that initiates the connection, so this is a little confusing. I see that there is no rsh service in /etc/inetd.conf, but there is an rsh service in /etc/xinetd.conf. This LMS is not configured to use RCP for anything, as far as I can tell.
Can I close TCP port 514 on this server without disasterous results, and how do I do that?
Or, how do I satisfy the security team that having this port open is not a security concern?
Thanks for any help.
Dave