Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Juniper SRX SG NDM Security Technical Implementation Guide
SRG-APP-000190-NDM-000267
The Juniper SRX Services Gateway must terminate a device management session if the keep-alive count is exceeded.
The Juniper SRX Services Gateway must terminate a device management session if the keep-alive count is exceeded.
An XCCDF Rule
Details
Profiles
Prose
The Juniper SRX Services Gateway must terminate a device management session if the keep-alive count is exceeded.
Medium Severity
<VulnDiscussion>Configuring the keep-alive for management protocols mitigates the risk of an open connection being hijacked by an attacker. The keep-alive messages and the interval between each message are used to force the system to disconnect a user that has lost network connectivity to the device. This differs from inactivity timeouts because the device does not wait the 10 minutes to log the user out but, instead, immediately logs the user out if the number of keep-alive messages are exceeded. The interval between messages should also be configured. These values should be set to an organization-defined value based on mission requirements and network performance.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>