The F5 BIG-IP appliance must be configured to limit the number of concurrent sessions to the Configuration Utility to 10 or an organization-defined number.

An XCCDF Rule

Description

Device management includes the ability to control the number of administrators and management sessions that manage a device. Limiting the number of allowed administrators and sessions per administrator is helpful in limiting risks related to denial-of-service (DoS) attacks. This requirement addresses concurrent sessions for administrative accounts and does not address concurrent sessions by a single administrator via multiple administrative accounts. Satisfies: SRG-APP-000001-NDM-000200, SRG-APP-000435-NDM-000315

ID: SV-266064r1024595_rule
Version: F5BI-DM-300001
Severity: Medium
References: CCI-000054 CCI-002385
Updated: about 2 months ago

Remediation Templates

From the BIG-IP GUI:
1. System.
2. Preferences.
3. Set System Settings view to Advanced.
4. Maximum HTTP connections to Configuration Utility: enter 10 or an organization-defined number.
5. Update.
From the BIG-IP console, type the following commands:

tmsh modify sys httpd max-clients <10 or an organization-defined number>
tmsh save sys config

The F5 BIG-IP appliance must be configured to limit the number of concurrent sessions to the Configuration Utility to 10 or an organization-defined number.

Description

Remediation Templates

A Manual Procedure