STIGQter: STIG Summary: Cisco IOS XE Switch NDM Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: Cisco IOS XE Switch NDM Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:SV-220518r531084_rule
V-220518
SRG-APP-000001-NDM-000200
CISC-ND-000010
CAT II
10
Configure the switch to limit the number of concurrent management sessions to an organization-defined number as shown in the example below:
SW4(config)#ip http max-connections 2
SW4(config)#line vty 0 4
SW4(config)#session-limit 2
Note: This requirement is not applicable to file transfer actions such as FTP, SCP, and SFTP.
Review the switch configuration to determine if concurrent management sessions are limited as show in the example below:
ip http secure-server
ip http max-connections 2
…
…
…
line vty 0 4
session-limit 2
transport input ssh
For those platforms that do not support the session-limit command, the sessions can also be limited by reducing the number of active vty lines as shown in the example below.
line vty 0 1
transport input ssh
line vty 2 4
transport input none
If the switch is not configured to limit the number of concurrent management sessions, this is a finding.
V-220518
False
CISC-ND-000010
Note: This requirement is not applicable to file transfer actions such as FTP, SCP, and SFTP.
Review the switch configuration to determine if concurrent management sessions are limited as show in the example below:
ip http secure-server
ip http max-connections 2
…
…
…
line vty 0 4
session-limit 2
transport input ssh
For those platforms that do not support the session-limit command, the sessions can also be limited by reducing the number of active vty lines as shown in the example below.
line vty 0 1
transport input ssh
line vty 2 4
transport input none
If the switch is not configured to limit the number of concurrent management sessions, this is a finding.
M
4067