Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-14888 | WIR0110 | SV-15656r1_rule | ECWN-1 | Medium |
Description |
---|
A WLAN session that never terminates due to inactivity may allow an opening for an adversary to highjack the session to obtain access to the network. |
STIG | Date |
---|---|
WLAN Access Point (Internet Gateway Only Connection) Security Technical Implementation Guide (STIG) | 2014-12-31 |
Check Text ( C-13416r1_chk ) |
---|
1. Review the relevant configuration screen of the WLAN controller or access point. 2. Verify the session timeout setting is set for 30 minutes or less. 4. Mark as a finding if any of the following are found. - Session timeout is not set to 30 minutes or less for the entire WLAN. - The WLAN does not have the capability to enable the session time-out feature. |
Fix Text (F-34136r1_fix) |
---|
Set the WLAN inactive session timeout to 30 minutes or less. |