Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-254927 | TANS-AP-000720 | SV-254927r867681_rule | Medium |
Description |
---|
Leaving sessions open indefinitely is a major security risk. An attacker can easily use an already authenticated session to access the hosted application as the previously authenticated user. By closing sessions after a set period of inactivity, the web server can make certain that sessions not closed through the user logging out of an application are eventually closed. Acceptable values are 5 minutes for high-value applications, 10 minutes for medium-value applications, and 20 minutes for low-value applications. |
STIG | Date |
---|---|
Tanium 7.x Application on TanOS Security Technical Implementation Guide | 2022-10-31 |
Check Text ( C-58540r867679_chk ) |
---|
Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI). 1. Log on with multi-factor authentication. 2. Click "Administration" at top center of the screen. 3. Select the "Global Settings" under "Management". 4. In "Filter Items" box, enter "max_console_idle_seconds". If no results are returned, this is a finding. If results are returned for "max_console_idle_seconds", but the value is not "900" or less, this is a finding. |
Fix Text (F-58484r867680_fix) |
---|
In the event the "max_console_idle_seconds" setting exists, but is not "900" or less: 1. Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI) and log on with multi-factor authentication. 2. Click "Administration" on the top navigation banner. 3. Under "Configuration," select "Platform Settings". 4. In the "Filter Items" box, enter "max_console_idle_seconds". 5. Select the "max_console_idle_seconds" setting. 6. Enter "900" or less for "Value". 7. Click "Save". In the event the "max_console_idle_seconds" setting does not exist: 1. Using a web browser on a system that has connectivity to the Tanium Application, access the Tanium Application web user interface (UI) and log on with multi-factor authentication. 2. Click "Administration" on the top navigation banner. 3. Under "Configuration," select "Platform Settings". 4. Click "Create Setting" in the top right. 5. Select "Server" for "Setting Type". 6. In "Create Platform Setting" dialog box, enter "max_console_idle_seconds" for "Name". 7. Select "Numeric" for the "Value Type". 8. Enter "900" or less for the "Value". 9. Click "Save". |