Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-242232 | TIPP-NM-000011 | SV-242232r710703_rule | Low |
Description |
---|
Device management includes the ability to control the number of administrators and management sessions that manage a device. Limiting the number of currently allowed administrator sessions is a best practice that lowers the risk of DoS attacks. |
STIG | Date |
---|---|
Trend Micro TippingPoint NDM Security Technical Implementation Guide | 2021-06-09 |
Check Text ( C-45507r710701_chk ) |
---|
1. Log in to the SMS client. 2. Select >> "Edit" >> "Preferences". Select "Security" under "Session Preferences". 3. Verify the setting for the "limit number of total and user sessions" option is checked. 4. Verify the active sessions allowed on SMS option has a numeric value of 10 or less. If the TippingPoint SMS does not limit total number of user sessions for privileged uses to a maximum of 10, this is a finding. |
Fix Text (F-45465r710702_fix) |
---|
1. Log in to the SMS client. 2. Select >> "Edit" >> "Preferences". Select "Security" under "Session Preferences". Click the check box for "Limit number of total and user sessions". 3. Type 10 or less for the number of active sessions allowed on SMS. 4. Click OK. |