Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-55155 | SRG-APP-000186-NDM-000266 | SV-69401r1_rule | Medium |
Description |
---|
If a device management session or connection remains open after management is completed, it may be hijacked by an attacker and used to compromise or damage the network device. Nonlocal device management and diagnostic activities are those activities conducted by individuals communicating through a network, either an external network (e.g., the Internet) or an internal network. In the event the remote node has abnormally terminated or an upstream link from the managed device is down, the management session will be terminated, thereby freeing device resources and eliminating any possibility of an unauthorized user being orphaned to an open idle session of the managed device. |
STIG | Date |
---|---|
Network Device Management Security Requirements Guide | 2019-09-27 |
Check Text ( C-55777r1_chk ) |
---|
Determine if the network device terminates all sessions and network connections when nonlocal device maintenance is completed. This requirement may be verified by demonstration or validated test results. If the network device does not terminate all sessions and network connections when nonlocal device maintenance is complete, this is a finding. |
Fix Text (F-60021r1_fix) |
---|
Configure the network device to terminate all sessions and network connections when nonlocal device maintenance is completed. |