Details
Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminating an idle session will also free up resources committed by the managed network element.
Terminating network connections associated with communications sessions includes, for example, de-allocating associated TCP/IP address/port pairs at the operating system level or de-allocating networking assignments at the application level if multiple application sessions are using a single, operating system-level network connection. This does not mean that the device terminates all sessions or network access; it only ends the inactive session and releases the resources associated with that session.
Solution
Configure the BIG-IP appliance to terminate the connection associated with a device management session at the end of the session or after 10 minutes of inactivity.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system F5.
References
- 800-53|SC-10
- CAT|I
- CCI|CCI-001133
- Rule-ID|SV-217409r557520_rule
- STIG-ID|F5BI-DM-000139
- STIG-Legacy|SV-74597
- STIG-Legacy|V-60167
- Vuln-ID|V-217409