The firewall implementation must terminate the connection associated with a communications session at the end of the session or after an organizationally defined time period of inactivity.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-37297 | SRG-NET-000213-FW-000127 | SV-49058r1_rule | Medium |
| Description |
|---|
| Terminating network connections associated with communications sessions include, de-allocating associated TCP/IP address/port pairs at the operating system level, and de-allocating networking assignments at the application level if multiple application sessions are using a single, operating system level network connection. If sessions are not terminated when a transaction has completed, the session has the potential to be hijacked by an adversary. The time period of inactivity may, as the organization deems necessary, be a set of time periods by type of network access or for specific accesses. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2013-04-24 |
Details
| Check Text ( C-45544r1_chk ) |
|---|
| Examine the vendor documentation or the configuration for communications between the firewall and other network devices. Verify the firewall terminates and closes the session once the communication is no longer required or active. If the firewall application does not terminate and close sessions once the session is not needed, this is a finding. |
| Fix Text (F-42222r1_fix) |
|---|
| Configure the firewall implementation to terminate communication sessions when the transaction has ended or after an organizationally defined time period. |