The Horizon Connection Server must disconnect users after a maximum of ten hours.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-246899 | HRZV-7X-000018 | SV-246899r768657_rule | Medium |
| Description |
|---|
| Horizon Connection Server is intended to provide remote desktops and applications, generally during working hours and for no more than an extended workday. Leaving sessions active for more than what is reasonable for a work day leaves open the possibility of a session becoming unoccupied and insecure on the client side. For example, if a client connection is opened at 0900, there are few day-to-day reasons that the connection should still be open after 1900, therefore the connection must be terminated. If the user is still active, they can reauthenticate immediately and get back on for another ten hours. |
| STIG | Date |
|---|---|
| VMware Horizon 7.13 Connection Server Security Technical Implementation Guide | 2021-07-30 |
Details
| Check Text ( C-50331r768655_chk ) |
|---|
| Log in to the Horizon 7 Console. From the left pane, navigate to Settings >> Global Settings. In the right pane, click the "General Settings" tab. Locate the "Forcibly Disconnect Users" setting. If the "Forcibly Disconnect Users" setting is set to "Never", this is a finding. If the "Forcibly Disconnect Users" setting is set to greater than "600" minutes (ten hours), this is a finding. |
| Fix Text (F-50285r768656_fix) |
|---|
| Log in to the Horizon 7 Console. From the left pane, navigate to Settings >> Global Settings. In the right pane, click the "General Settings" tab. Click "Edit". Next to "Forcibly Disconnect Users", select "After" from the dropdown and fill in "600" minutes in the text field. Click "OK". |