The TippingPoint SMS must limit total number of user sessions for privileged uses to a maximum of 10.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-242232	TIPP-NM-000011	SV-242232r710703_rule		Low

Description
Device management includes the ability to control the number of administrators and management sessions that manage a device. Limiting the number of currently allowed administrator sessions is a best practice that lowers the risk of DoS attacks.

STIG	Date
Trend Micro TippingPoint NDM Security Technical Implementation Guide	2021-06-09

Details

Check Text ( C-45507r710701_chk )
1. Log in to the SMS client. 2. Select >> "Edit" >> "Preferences". Select "Security" under "Session Preferences". 3. Verify the setting for the "limit number of total and user sessions" option is checked. 4. Verify the active sessions allowed on SMS option has a numeric value of 10 or less. If the TippingPoint SMS does not limit total number of user sessions for privileged uses to a maximum of 10, this is a finding.

Check Text ( C-45507r710701_chk )

1. Log in to the SMS client.
2. Select >> "Edit" >> "Preferences". Select "Security" under "Session Preferences".
3. Verify the setting for the "limit number of total and user sessions" option is checked.
4. Verify the active sessions allowed on SMS option has a numeric value of 10 or less.

If the TippingPoint SMS does not limit total number of user sessions for privileged uses to a maximum of 10, this is a finding.

Fix Text (F-45465r710702_fix)
1. Log in to the SMS client. 2. Select >> "Edit" >> "Preferences". Select "Security" under "Session Preferences". Click the check box for "Limit number of total and user sessions". 3. Type 10 or less for the number of active sessions allowed on SMS. 4. Click OK.