The TippingPoint SMS must limit total number of user sessions for privileged uses to a maximum of 10.
An XCCDF Rule
Description
<VulnDiscussion>Device management includes the ability to control the number of administrators and management sessions that manage a device. Limiting the number of currently allowed administrator sessions is a best practice that lowers the risk of DoS attacks.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-242232r710703_rule
- Severity
- Low
- References
- Updated
Remediation - Manual Procedure
1. Log in to the SMS client.
2. Select >> "Edit" >> "Preferences". Select "Security" under "Session Preferences". Click the check box for "Limit number of total and user sessions".
3. Type 10 or less for the number of active sessions allowed on SMS.
4. Click OK.