The IDPS must terminate the connection associated with a communications session at the end of the session or after an organizationally defined time period of inactivity.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34728 | SRG-NET-000213-IDPS-00155 | SV-45625r1_rule | Medium |
| Description |
|---|
| Terminating network connections associated with communications sessions include, de-allocating associated TCP/IP address/port pairs at the operating system level, or de-allocating networking assignments at the application level if multiple application sessions are using a single, operating system level network connection. If sessions are not terminated when a transaction has completed, the session has the potential to be hijacked by an adversary. The time period of inactivity may, as the organization deems necessary, be a set of time periods by type of network access or for specific accesses. |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Details
| Check Text ( C-42991r1_chk ) |
|---|
| Examine the vendor documentation or the configuration for communications between the sensors, management console, or other network device. Verify IDPS sensors and management servers terminate and close the session once the communication is no longer required or active. If the IDPS application does not terminate and close sessions once the session is not needed, this is a finding. |
| Fix Text (F-39023r1_fix) |
|---|
| Configure the IDPS system to terminate communication sessions when the transaction has ended or after an organizationally defined time period. |