The directory service must be configured to terminate LDAP-based network connections to the directory server after 5 minutes of inactivity.
An XCCDF Rule
Description
<VulnDiscussion>The failure to terminate inactive network connections increases the risk of a successful attack on the directory server. The longer an established session is in progress, the more time an attacker has to hijack the session, implement a means to passively intercept data, or compromise any protections on client access. For example, if an attacker gains control of a client computer, an existing (already authenticated) session with the directory server could allow access to the directory. The lack of confidentiality protection in LDAP-based sessions increases exposure to this vulnerability.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-224979r569186_rule
- Severity
- Low
- References
- Updated
Remediation - Manual Procedure
Configure the directory service to terminate LDAP-based network connections to the directory server after 5 minutes of inactivity.
Open an elevated "Command prompt" (run as administrator).
Enter "ntdsutil".