Ensure 'console session timeout' is less than or equal to '5' minutes

Details

Sets the idle timeout for a console session before the security appliance terminates it.



Rationale:



Limiting session timeout prevents unauthorized users from using abandoned sessions to perform malicious activities.


Solution

From the Firepower Management Center:
Step 1 Choose Devices > Platform Settings and create or edit a Firepower policy.

Step 2 Click Shell Timeout
Step 3 You have the following choices:

To configure session timeout for the web interface, enter a number (of minutes) in the Browser Session Timeout (Minutes) field. The default value is 60; the maximum value is 1440 (24 hours). For information on how to exempt users from this session timeout, see User Account Login Options.
To configure session timeout for the command line interface, enter a number (of minutes) in the Shell Timeout (Minutes) field. The default value is 0; the maximum value is 1440 (24 hours).
To permanently disable the expert command in the auxiliary command line interface, check the Permanently Disable Expert Access check box.
Caution
After you deploy a policy with expert mode disabled to an appliance, you cannot restore the ability to access expert mode through the web interface or the auxiliary command line interface. You must contact Support to restore the expert mode capability.

Step 4 Click Save.


Supportive Information

The following resource is also helpful.

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Cisco.


References


Source