The Juniper SRX Services Gateway must immediately terminate SSH network connections when the user logs off, the session abnormally terminates, or an upstream link from the managed device goes down.

From Juniper SRX SG NDM Security Technical Implementation Guide

Part of SRG-APP-000186-NDM-000266

Associated with: CCI-000879

SV-81025r1_rule The Juniper SRX Services Gateway must immediately terminate SSH network connections when the user logs off, the session abnormally terminates, or an upstream link from the managed device goes down.

Vulnerability discussion

This setting frees device resources and mitigates the risk of an unauthorized user gaining access to an open idle session. When sessions are terminated by a normal administrator log off, the Juniper SRX makes the current contents unreadable and no user activity can take place in the session. However, abnormal terminations or loss of communications do not signal a session termination, thus a keep-alive count and interval must be configured so the device will know when communication with the client is no longer available. The keep-alive value and the interval between keep-alive messages must be set to an organization-defined value based on mission requirements and network performance.

Check content

[edit] show system services ssh If the keep-alive count and keep-alive interval are not set to an organization-defined value, this is a finding.

Fix text

Configure the SSH keep-alive value. [edit] set system services ssh client-alive-count-max set system services ssh client-alive-interval Note: The keep-alive value and the interval between keep-alive messages must be set based on mission requirements and network performance for each local network.

Pro Tips

Powered by sagemincer