Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-74975 | MQMH-ND-000730 | SV-89649r1_rule | Medium |
Description |
---|
If an MQ Appliance device management session or connection remains open after management is completed, it may be hijacked by an attacker and used to compromise or damage the MQ Appliance network device. Nonlocal MQ Appliance device management and diagnostic activities are those activities conducted by individuals communicating through a network, either an external network (e.g., the Internet) or an internal network. In the event the remote node has abnormally terminated or an upstream link from the managed device is down, the management session will be terminated, thereby freeing device resources and eliminating any possibility of an unauthorized user being orphaned to an open idle session of the managed device. |
STIG | Date |
---|---|
IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide | 2017-06-06 |
Check Text ( C-74827r1_chk ) |
---|
Log on to the MQ Appliance CLI as a privileged user. Enter: co web-mgmt show If the idle-timeout value is not 600 seconds or less, this is a finding. |
Fix Text (F-81591r1_fix) |
---|
Log on to the MQ Appliance CLI as a privileged user. Enter: co web-mgmt idle-timeout <600 seconds or less> exit write mem y |