cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
935
Views
0
Helpful
7
Replies

IDM/CLI auto logout

joedansereau
Level 1
Level 1

I work on a system that requires management interfaces to logout a user if inactive for a period of time (10 minutes).

Is there any way to configure this for the 4215/4240 IDM &/or CLI interfaces?

7 Replies 7

smahbub
Level 6
Level 6

Use the ftp-timeout command in the service host submode to change the number of seconds that the FTP client waits before timing out when the sensor is communicating with an FTP server. The default is 300 seconds.

refer the following url for more info:

http://www.cisco.com/en/US/docs/security/ips/6.0/configuration/guide/cli/cliTasks.html#wpmkr1088220

The ftp-timeout option only applies to a sensor connecting to an ftp server for an upgrade.

There is no timeout option to shutdown a cli session (through telnet, ssh, or console) that has been sitting idle.

Thanks. This would be a nice feature to have for all access methods (telnet, ftp, ssh, IDM, IME, etc...)

If its really important, and there is firewall between the management subnet and the IPS sensor, you could use the firewall to disconnect the management traffic destined to the IPS after 'x' amount of time.

Regards

Farrukh

It would be nice, and is often required in any shop that has any defined security policy to have:

ssh/https session idle time out

RADIUS/TACACS AAA authentication

Account lockout after X bad passwords

I totally agree, all these features are a must to apply a consistent security policy across all network elements (specially considering the IDS/IPS is a security device)

Regards

Farrukh

A bug was entered against IDM in 5.0 and never acted upon for this very thing.

Thanks

Bob

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: