2.3.9.1 (L1) Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s)'

Information

This policy setting allows you to specify the amount of continuous idle time that must pass in an SMB session before the session is suspended because of inactivity. Administrators can use this policy setting to control when a computer suspends an inactive SMB session. If client activity resumes, the session is automatically reestablished.

The maximum value is 99999, which is over 69 days; in effect, this value disables the setting.

The recommended state for this setting is: 15 or fewer minute(s)

Each SMB session consumes server resources, and numerous null sessions will slow the server or possibly cause it to fail. An attacker could repeatedly establish SMB sessions until the server's SMB services become slow or unresponsive.

Solution

To establish the recommended configuration via GP, set the following UI path to 15 or fewer minute(s) :

Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Microsoft network server: Amount of idle time required before suspending session

Impact:

There will be little impact because SMB sessions will be re-established automatically if the client resumes activity.

See Also

https://workbench.cisecurity.org/benchmarks/17689

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-12

Plugin: Windows

Control ID: d3d5494e54f48781bf60e2d9ca52134f6c26faccde9e8e31d4a9cbd80e8bfc75