HTTP vs. HTTPS - idle-timeout

Information

ArubaOS-Switch devices can be configured through an HTTP interface, which is enabled by default. This methodshares the same vulnerability to credential interception as Telnet. It is recommended that the HTTPS interface be enabled and the HTTP interface be disabled. HTTPS is HTTP traffic running over an encrypted Transport LayerSecurity (TLS) or Secure Sockets Layer (SSL) session.

Solution

Enable SSL, disable plaintext HTTP, and set a 5-minute idle timeout:

switch(config)# web-management ssl
switch(config)# no web-management plaintext
switch(config)# web-management idle-timeout 300

See Also

https://support.hpe.com/hpesc/public/docDisplay?docId=a00056155en_us

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-12

Plugin: ArubaOS

Control ID: 7c8bd2de5c100c97d40cc5c1c0545a378c29c3a69a2b4f845cb85fff0f02ff73