Ensure ‘HTTP idle timeout’ is less than or equal to ‘5’ minutes

Details

Sets the timeout for an HTTP session idle before the security appliance terminates it.

Rationale:

Limiting session idle timeout prevents unauthorized users from using abandoned sessions to perform malicious activities.

Solution

Step 1: Run the following to set the HTTP timeout to less than or equal to 5 minutes

hostname(config)# http server idle-timeout 5

Default Value:

The default session timeout value is 20 minutes.

Supportive Information

The following resource is also helpful.

https://workbench.cisecurity.org/files/3246

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Cisco.

References

800-53|CM-2
CSCv7|11.1

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles