The IDPS must terminate the connection associated with a communications session at the end of the session or after an organizationally defined time period of inactivity.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000213-IDPS-000171	SRG-NET-000213-IDPS-000171	SRG-NET-000213-IDPS-000171_rule		Medium

Description
Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled between the managed IDPS and a PC or terminal server when the latter has been left unattended. In addition quickly terminating an idle session will also free up resources committed by the managed IDPS as well as reduce the risk of a management session from being hijacked.

Description

Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled between the managed IDPS and a PC or terminal server when the latter has been left unattended. In addition quickly terminating an idle session will also free up resources committed by the managed IDPS as well as reduce the risk of a management session from being hijacked.

STIG	Date
IDPS Security Requirements Guide (SRG)	2012-03-08

Details

Check Text ( C-43311_chk )
View the configuration of the IDPS. Examine the configuration for communications between the sensors, management console, firewall, or other network device. Verify the sensor terminates and closes the session once the communication is no longer required or active. If the IDPS application does not terminate and close sessions once the session is not needed, this is a finding.

Fix Text (F-43311_fix)
Configure a session inactivity timeout period of 10 minutes or less.