The network element must time out access to the console port after 10 minutes or less of inactivity.

From Perimeter Router Security Technical Implementation Guide Cisco

Part of The console port does not timeout after 10 minutes.

SV-15444r2_rule The network element must time out access to the console port after 10 minutes or less of inactivity.

Vulnerability discussion

Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition quickly terminating an idle session will also free up resources committed by the managed network element. Setting the timeout of the session to 10 minutes or less increases the level of protection afforded critical network components.

Check content

Review the configuration and verify that a session using the console port will time out after 10 minutes or less of inactivity as shown in the following example: line con 0 exec-timeout 10 0

Fix text

Configure the timeout for idle console connection to 10 minutes or less.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer