Detections
Analytics
1.8.3 Ensure 'HTTP session timeout' is less than or equal to '5' minutes
Information
Sets the timeout for an HTTP session before the security appliance terminates it.Rationale:
Limiting session timeout prevents unauthorized users from using abandoned sessions to perform malicious activities.
Solution
* Step 1: Run the following to set the HTTP timeout to less than or equal to 5 minutesHOSTNAME(CONFIG)# HTTP SERVER SESSION-TIMEOUT_ 5_
See Also
Item Details
Audit Name: CIS Cisco Firewall ASA 9 L1 v4.1.0
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-2, CSCv7|11.1
Plugin: Cisco
Control ID: 5549e6a2878e2af4a4553957bcf3762cc428d15c7c4cc12c19b6680e991c3a68