Ensure 'HTTP session timeout' is set to organzational policy

Details

Sets the timeout for an HTTP session before the security appliance terminates it.



Rationale:



Limiting session timeout prevents unauthorized users from using abandoned sessions to perform malicious activities.


Solution

From the Firepower Management Center:
Step 1. Navigate to Devices > Platform Settings

Step 2. Either edit the platform settings policy which exists as you click the pencil icon beside the policy or create a new FTD policy as you click New Policy. Select the type as Firepower Threat Defense.

Step 3. As you navigate to the HTTP section, a page appears as shown in the image.

Enable HTTP server: Enable this option to make to enable HTTP server on the FTD.


Supportive Information

The following resource is also helpful.

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Cisco_Firepower.


References


Source