UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The firewall implementation must terminate the connection associated with a communications session at the end of the session or after an organizationally defined time period of inactivity.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000213-FW-000135 SRG-NET-000213-FW-000135 SRG-NET-000213-FW-000135_rule Medium
Description
Terminating network connections associated with communications sessions include, de-allocating associated TCP/IP address/port pairs at the operating system level, and de-allocating networking assignments at the application level if multiple application sessions are using a single, operating system level network connection. If sessions are not terminated when a transaction has completed, the session has the potential to be hijacked by an adversary. The time period of inactivity may, as the organization deems necessary, be a set of time periods by type of network access or for specific accesses.
STIG Date
Firewall Security Requirements Guide 2012-12-10

Details

Check Text ( C-SRG-NET-000213-FW-000135_chk )
Examine the vendor documentation or the configuration for communications between the firewall and other network devices.
Verify the firewall terminates and closes the session once the communication is no longer required or active.

If the firewall application does not terminate and close sessions once the session is not needed, this is a finding.
Fix Text (F-SRG-NET-000213-FW-000135_fix)
Configure the firewall implementation to terminate communication sessions when the transaction has ended or after an organizationally defined time period.