Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Is there a risk of setting a console connection timeout and what is the recommended setting?

Is there a risk of setting a console connection timeout and what is the recommended setting? Please suggest if there is any best prctice documentation that can be referred.

2 REPLIES

Is there a risk of setting a console connection timeout and what

This is from the CCNA Security online material:

"By default, an administrative interface stays active and logged in for 10 minutes after the last session activity. After that, the interface times out and logs out of the session.

If an administrator is away from the terminal while the console connection is active, an attacker has up to 10 minutes to gain privilege level access. It is recommended that these timers be fine-tuned to limit the amount of time to within a two or three minute maximum."

Is there a risk of setting a console connection timeout and what

Hi Henrik

depend on what you need or what your security policy says for my lab gear i use 60 minutes. because i know how can access this. if you have gear outside in insecure space set it to a minimum or disable the console. everybody how can access your gear can break in. simple restart and boot w/o config. and you are in.

it realy depends how secure is your space and how much security you need.

and than the settings for policy have to match, what sec do you have if your console login and logout is secure. but when you restart you can simple break in by starting w/o config and than load it.

HTH

Patrick

301
Views
0
Helpful
2
Replies
CreatePlease to create content