IBM Aspera Console must prevent concurrent logins for all accounts.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-252566 | ASP4-CS-040190 | SV-252566r817868_rule | Medium |
| Description |
|---|
| Limiting the number of current sessions per user is helpful in limiting risks related to DoS attacks. This requirement addresses concurrent sessions for information system accounts and does not address concurrent sessions by single users via multiple system accounts. The maximum number of concurrent sessions must be the same as the requirements specified for the application for which it serves as intermediary. This policy only applies to application gateways/firewalls (e.g., identity management or authentication gateways) that provide user account services as part of the intermediary services. |
| STIG | Date |
|---|---|
| IBM Aspera Platform 4.2 Security Technical Implementation Guide | 2022-08-24 |
Details
| Check Text ( C-56022r817866_chk ) |
|---|
| Verify IBM Aspera Console prevents concurrent logins for all accounts: - Log in to the IBM Aspera Console web page as a user with administrative privilege. - Select the "Configuration" tab. - Select the "Defaults" tab. - Scroll down to the "Security" section. - Verify the "Prevent concurrent login" option is checked. If the "Prevent concurrent login" option is not checked, this is a finding. |
| Fix Text (F-55972r817867_fix) |
|---|
| Configure IBM Aspera Console to prevent concurrent logins for all accounts: - Log in to the IBM Aspera Console web page as a user with administrative privilege. - Select the "Configuration" tab. - Select the "Defaults" tab. - Scroll down to the "Security" section. - Put a check the "Prevent concurrent login" check box. - Select "Save" at the bottom of the page. |