STIGQter STIGQter: STIG Summary: Cisco IOS XE Router NDM Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The Cisco router must be configured to limit the number of concurrent management sessions to an organization-defined number.

DISA Rule

SV-215807r648759_rule

Vulnerability Number

V-215807

Group Title

SRG-APP-000001-NDM-000200

Rule Version

CISC-ND-000010

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the router to limit the number of concurrent management sessions to an organization-defined number as shown in the example below.

R4(config)#ip http max-connections 2
R4(config)#line vty 0 1
R4(config-line)#transport input ssh
R4(config-line)#exit
R4(config)#line vty 2 4
R4(config-line)# transport input none
R4(config-line)#end

Check Contents

Note: This requirement is not applicable to file transfer actions such as FTP, SCP and SFTP.

Review the router configuration to determine if concurrent management sessions are limited as shown in the example below:

ip http secure-server
ip http max-connections 2



line vty 0 1
transport input ssh
line vty 2 4
transport input none


If the router is not configured to limit the number of concurrent management sessions, this is a finding.

Vulnerability Number

V-215807

Documentable

False

Rule Version

CISC-ND-000010

Severity Override Guidance

Note: This requirement is not applicable to file transfer actions such as FTP, SCP and SFTP.

Review the router configuration to determine if concurrent management sessions are limited as shown in the example below:

ip http secure-server
ip http max-connections 2



line vty 0 1
transport input ssh
line vty 2 4
transport input none


If the router is not configured to limit the number of concurrent management sessions, this is a finding.

Check Content Reference

M

Target Key

4020

Comments