STIGQter STIGQter: STIG Summary: Cisco IOS Switch NDM Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The Cisco switch must be configured to limit the number of concurrent management sessions to an organization-defined number.

DISA Rule

SV-220570r521267_rule

Vulnerability Number

V-220570

Group Title

SRG-APP-000001-NDM-000200

Rule Version

CISC-ND-000010

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the switch to limit the number of concurrent management sessions to an organization-defined number as shown in the example below:

SW4(config)#ip http max-connections 2
SW4(config)#line vty 0 4
SW4(config)#session-limit 2

Check Contents

Note: This requirement is not applicable to file transfer actions such as FTP, SCP, and SFTP.

Review the switch configuration to determine if concurrent management sessions are limited as show in the example below:

ip http secure-server
ip http max-connections 2



line vty 0 4
session-limit 2
transport input ssh

For platforms that do not support the session-limit command, the sessions can also be limited by reducing the number of active vty lines as shown in the example below:

line vty 0 1
transport input ssh
line vty 2 4
transport input none

If the switch is not configured to limit the number of concurrent management sessions, this is a finding.

Vulnerability Number

V-220570

Documentable

False

Rule Version

CISC-ND-000010

Severity Override Guidance

Note: This requirement is not applicable to file transfer actions such as FTP, SCP, and SFTP.

Review the switch configuration to determine if concurrent management sessions are limited as show in the example below:

ip http secure-server
ip http max-connections 2



line vty 0 4
session-limit 2
transport input ssh

For platforms that do not support the session-limit command, the sessions can also be limited by reducing the number of active vty lines as shown in the example below:

line vty 0 1
transport input ssh
line vty 2 4
transport input none

If the switch is not configured to limit the number of concurrent management sessions, this is a finding.

Check Content Reference

M

Target Key

4069

Comments