Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The DataPower Gateway must provide a logout capability for administrator-initiated communication sessions.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-65123 | WSDP-NM-000082 | SV-79613r2_rule | Medium |
| Description |
|---|
| If an administrator cannot explicitly end a device management session, the session may remain open and be exploited by an attacker; this is referred to as a zombie session. |
| STIG | Date |
|---|---|
| IBM DataPower Network Device Management Security Technical Implementation Guide | 2017-10-05 |
Details
| Check Text ( C-65751r2_chk ) |
|---|
| Objects >> Device Management >> Web Management Service >> Idle timeout is set to 900 or less. Review the administrator's SSH Client Profile: Objects >> Crypto Configuration >> SSH Client Profile >> "Persistent Idle Timeout" is set to 900 or less. If it is not, this is a finding. |
| Fix Text (F-71063r2_fix) |
|---|
| Configure the DataPower Gateway Web Management service used by an administrator, to include an idle timeout (Objects >> Device Management >> Web Management Service): The time after which to invalidate idle administrator sessions. When invalidated, the web interface requires reauthentication. For the SSH command-line interface used by an administrator, use the web interface (Objects >> Crypto Configuration >> SSH Client Profile) to configure an SSH Client Profile for the administrator user ID. Configure the "Persistent Idle Timeout" to 900 or less. |