Security Basics mailing list archives
Remote access timeout best practices
From: "Chris Barber" <cmbarber () gmail com>
Date: Thu, 18 Sep 2008 14:45:35 -0700
Hi All, I am working with several groups of people in my organization on some remote access (VPN) issues. Here is the major concern and point of contension: Timeouts! I have the ability to to place 2 timeouts on all VPN sessions, Idle and Session. The default Idle timeout is set to 30 minutes, with a few waivered exceptions pushing that to 2 hours. The default Session timeout is set at 240 minutes (4 hours) so far there are no approved exceptions to this, however, there is at least one submitted request. The session timeout is really a limit, no session will remain open longer than 240 minutes regardless of activity I have done some research and found that for the most part these seem to be well within "best business practice" I would like to hear from others what their take is on these timeouts and what the reasons are for or against them. Thanks in advance for your feedback, Chris.
Current thread:
- Remote access timeout best practices Chris Barber (Sep 19)