Detections
Analytics
1.8.3 Ensure 'HTTP session timeout' is less than or equal to '5' minutes
Information
Sets the timeout for an HTTP session before the security appliance terminates it.Rationale:
Limiting session timeout prevents unauthorized users from using abandoned sessions to perform malicious activities.
Solution
* Step 1: Run the following to set the HTTP timeout to less than or equal to 5 minutesHOSTNAME(CONFIG)# HTTP SERVER SESSION-TIMEOUT_ 5_
See Also
https://benchmarks.cisecurity.org/tools2/cisco/CIS_Cisco_Firewall_Benchmark_v4.0.0.pdf
Item Details
Audit Name: CIS Cisco Firewall ASA 9 L1 v4.0.0
Plugin: Cisco
Control ID: 5549e6a2878e2af4a4553957bcf3762cc428d15c7c4cc12c19b6680e991c3a68