Ensure ‘HTTP session timeout’ is less than or equal to ‘5’ minutes

Details

Sets the timeout for an HTTP session before the security appliance terminates it.

Rationale:

Limiting session timeout prevents unauthorized users from using abandoned sessions to perform malicious activities.

Solution

* Step 1: Run the following to set the HTTP timeout to less than or equal to 5 minutes

HOSTNAME(CONFIG)# HTTP SERVER SESSION-TIMEOUT_ 5_

Supportive Information

The following resource is also helpful.

https://workbench.cisecurity.org/files/1903

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Cisco.

References

800-53|CM-2
CSCv7|11.1

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles