Title

The WLAN inactive session timeout must be set for 30 minutes or less. (Cat II impact)

Discussion

A WLAN session that never terminates due to inactivity may allow an opening for an adversary to highjack the session to obtain access to the network.

Check Content

1. Review the relevant configuration screen of the WLAN controller or access point. 2. Verify the session timeout setting is set for 30 minutes or less. 4. Mark as a finding if any of the following are found. - Session timeout is not set to 30 minutes or less for the entire WLAN. - The WLAN does not have the capability to enable the session time-out feature.

Fix Text

Set the WLAN inactive session timeout to 30 minutes or less.

Additional Identifiers

Rule ID: SV-15656r1_rule

Vulnerability ID: V-14888

Group Title: WLAN session timeout set to 30 minutes or less

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.