Access to the MQ Appliance network device must limit the number of concurrent sessions to an organization-defined number for each administrator account and/or administrator account type.

From IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide

Part of SRG-APP-000001-NDM-000200

Associated with: CCI-000054

SV-89597r1_rule Access to the MQ Appliance network device must limit the number of concurrent sessions to an organization-defined number for each administrator account and/or administrator account type.

Vulnerability discussion

MQ Appliance device management includes the ability to control the number of administrators and management sessions that manage a device. Limiting the number of allowed administrators and sessions per administrator is helpful in limiting risks related to DoS attacks. This requirement addresses concurrent sessions for administrative accounts and does not address concurrent sessions by a single administrator via multiple administrative accounts. The maximum number of concurrent sessions should be defined based upon mission needs and the operational environment for each system.

Check content

Log on to the MQ Appliance WebGUI as a privileged user. Go to Administration (gear icon) >> Access >> RBM Settings. Verify the Authentication Method is set to LDAP. Review LDAP server configuration settings and verify the LDAP configuration limits the number of concurrent sessions. If MQ is not set to LDAP authentication or if LDAP is not configured to meet the requirement, this is a finding.

Fix text

Log on to the MQ Appliance WebGUI as a privileged user. Go to Administration (gear icon) >> Access >> RBM Settings. Set Authentication Method to LDAP and configure LDAP connection as required. Note: Implementation of concurrent session limitation must be enforced by the LDAP server's control of user logons.

Pro Tips

Powered by sagemincer