From MobileIron Core v9.x MDM Security Technical Implementation Guide
Part of PP-MDM-991000
Associated with: CCI-001133
If communications sessions remain open for extended periods of time even when unused, there is the potential for an adversary to highjack the session and use it to gain access to the device or networks to which it is attached. Terminating sessions after a certain period of inactivity is a method for mitigating the risk of this vulnerability.
Review MobileIron Core Server documentation and configuration settings to determine if the server appliance terminates the network connection associated with a communications session at the end of any transaction with the MDM agent or other server or after 10 minutes of inactivity. SSH to MobileIron Core from any SSH client and enter the administrator credentials set up when the MobileIron Core was installed. If communications are not terminated at the end of a session or after 10 minutes of inactivity, this is a finding.
Configure MobileIron Core Server to timeout after 10 minutes of inactivity. 1. SSH to MobileIron Core from any SSH client. 2. Enter the administrator credentials you set when you installed MobileIron Core. 3. Type 'timeout 10' 4. exit
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer