Check: 4.028
Windows Vista STIG:
4.028
(in versions v6 r42 through v6 r41)
Title
The amount of idle time required before suspending a session must be properly set. (Cat III impact)
Discussion
Open sessions can increase the avenues of attack on a system. This setting is used to control when a computer disconnects an inactive SMB session. If client activity resumes, the session is automatically re-established. This protects critical and sensitive network data from exposure to unauthorized personnel with physical access to the computer.
Check Content
Analyze the system using the Security Configuration and Analysis snap-in. Expand the Security Configuration and Analysis tree view. Navigate to Local Policies >> Security Options. If the value for "Microsoft Network Server: Amount of idle time required before suspending session" is not set to "15" minutes or less, this is a finding. The policy referenced configures the following registry value: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\LanManServer\Parameters\ Value Name: autodisconnect Value Type: REG_DWORD Value: 0x0000000f (15) (or less)
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Microsoft Network Server: Amount of idle time required before suspending session" to "15" minutes or less.
Additional Identifiers
Rule ID: SV-29225r2_rule
Vulnerability ID: V-1174
Group Title: Idle Time Before Suspending a Session.
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001133 |
The information system terminates the network connection associated with a communications session at the end of the session or after an organization-defined time period of inactivity. |
| CCI-002361 |
The information system automatically terminates a user session after organization-defined conditions or trigger events requiring session disconnect. |