应用

dest

dest_pci_domain

dest_port

is_prohibited

is_required

is_secure

note

协议

echo

*

*

7

true

false

false

TCP/UDP small services should be disabled since they are inherently insecure

tcp

echo

*

*

7

true

false

false

TCP/UDP small services should be disabled since they are inherently insecure

udp

discard

*

*

9

true

false

false

TCP/UDP small services should be disabled since they are inherently insecure

tcp

discard

*

*

9

true

false

false

TCP/UDP small services should be disabled since they are inherently insecure

udp

daytime

*

*

13

true

false

false

TCP/UDP small services should be disabled since they are inherently insecure

tcp

daytime

*

*

13

true

false

false

TCP/UDP small services should be disabled since they are inherently insecure

udp

chargen

*

*

19

true

false

false

TCP/UDP small services should be disabled since they are inherently insecure

tcp

chargen

*

*

19

true

false

false

TCP/UDP small services should be disabled since they are inherently insecure

udp

ftp-data

*

*

20

true

false

false

Unencrypted FTP services are insecure.

tcp

ftp-data

*

*

20

true

false

false

Unencrypted FTP services are insecure.

udp

ftp

*

*

21

true

false

false

Unencrypted FTP services are insecure.

tcp

ftp

*

*

21

true

false

false

Unencrypted FTP services are insecure.

udp

ssh

*

*

22

false

false

true

Secure shell is permitted AND secure.

tcp

ssh

*

*

22

false

false

true

Secure shell is permitted AND secure.

udp

telnet

*

*

23

true

false

false

Unencrypted telnet services are insecure.

tcp

telnet

*

*

23

true

false

false

Unencrypted telnet services are insecure.

udp

http

*

*

80

false

false

false

HTTP is considered insecure.

tcp

pop3

*

*

110

true

false

false

Post office protocol is considered insecure.

tcp

pop3

*

*

110

true

false

false

Post office protocol is considered insecure.

udp

netbios-ns

*

*

137

true

false

false

NetBIOS name service is considered insecure.

tcp

netbios-ns

*

*

137

true

false

false

NetBIOS name service is considered insecure.

udp

netbios-dgm

*

*

138

true

false

false

NetBIOS datagram service is considered insecure.

tcp

netbios-dgm

*

*

138

true

false

false

NetBIOS datagram service is considered insecure.

udp

netbios-ssn

*

*

139

true

false

false

NetBIOS session service is considered insecure.

tcp

netbios-ssn

*

*

139

true

false

false

NetBIOS session service is considered insecure.

udp

https

*

*

443

false

false

true

HTTPS service is permitted AND secure.

tcp

isakmp

*

*

500

false

false

true

ISAKMP service is permitted AND secure.

tcp

isakmp

*

*

500

false

false

true

ISAKMP service is permitted AND secure.

udp

login

*

*

513

true

false

false

Remote login (rlogin) is considered insecure.

tcp

shell

*

*

514

true

false

false

Remote shell (rsh) is considered insecure.

tcp

syslog

*

*

514

false

false

false

Syslog service is permitted but NOT secure.

udp

oracle

*

*

1521

false

false

true

Oracle database default listener

tcp

ms-sql-s

*

*

1433

false

false

true

Microsoft SQL server default listener

tcp

ms-sql-s

*

*

1433

false

false

true

Microsoft SQL server default listener

udp

l2tp

*

*

1701

false

false

true

Layer 2 tunneling protocol

tcp

l2tp

*

*

1701

false

false

true

Layer 2 tunneling protocol

udp

pptp

*

*

1723

false

false

true

Point to point tunneling protocol

tcp

ms-wbt-server

*

*

3389

false

false

true

Microsoft Windows-based terminal server

tcp

ms-wbt-server

*

*

3389

false

false

true

Microsoft Windows-based terminal server

udp

ipsec-nat-t

*

*

4500

false

false

true

IPsec NAT-Traversal

tcp

ipsec-nat-t

*

*

4500

false

false

true

IPsec NAT-Traversal

udp