The system administrator will ensure SSH timeout value is set to 60 seconds or less, causing incomplete SSH connections to shut down after 60 seconds or less.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-5612 | NET1645 | SV-5612r5_rule | ECSC-1 | Medium |
| Description |
|---|
| Reducing the broken telnet session expiration time to 60 seconds or less strengthens the device from being attacked by use of an expired session. |
| STIG | Date |
|---|---|
| Free Space Optics Device Security Technical Implementation Guide | 2011-10-07 |
Details
| Check Text ( C-3534r4_chk ) |
|---|
| Base Procedure: Review the configuration and verify that the timeout is set for 60 seconds or less. The SSH service terminates the connection if protocol negotiation (that includes user authentication) is not complete within this timeout period. |
| Fix Text (F-5523r2_fix) |
|---|
| Implement Secure Shell Timeout. |