Detections
Analytics

1.8.3 Ensure 'HTTP idle timeout' is less than or equal to '5' minutes

Information

Sets the timeout for an HTTP session idle before the security appliance terminates it.

 Rationale:

 Limiting session idle timeout prevents unauthorized users from using abandoned sessions to perform malicious activities.

Solution

Step 1: Run the following to set the HTTP timeout to less than or equal to 5 minutes

 hostname(config)# http server idle-timeout 5

 Default Value:

 The default session timeout value is 20 minutes.

See Also

https://workbench.cisecurity.org/files/3246

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-2, CSCv7|11.1

Plugin: Cisco

Control ID: 07c0caef4d6bd6775a8232fa6f15d656ab1c1aced7ffa2e8c1b76a3afe8aaf66