F5BI-LT-000093 - The BIG-IP Core implementation must terminate all communications sessions at the end of the session or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity, and for user sessions (nonprivileged sessions), the session must be terminated after 15 minutes of inactivity.

Information

Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminating an idle session will also free up resources committed by the managed network element.

Terminating network connections associated with communications sessions includes, for example, deallocating associated TCP/IP address/port pairs at the operating system level and deallocating networking assignments at the application level if multiple application sessions are using a single operating system level network connection.

ALGs may provide session control functionality as part of content filtering, load balancing, or proxy services.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Configure BIG-IP Core to terminate all communications sessions at the end of the session or as follows:

- For in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity.
- For user sessions (nonprivileged sessions), the session must be terminated after 15 minutes of inactivity.

Item Details

Audit Name: DISA F5 BIG-IP Local Traffic Manager STIG v2r4

Category: ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

Plugin: F5

Control ID: 727a98b6ade5b35fa255a7c669a423d62a7d9d6626a65cfed853e535e2cfb1e6

Detections

Analytics

Information

Solution

See Also

Item Details