From the course: CISSP Cert Prep (2021): 5 Identity and Access Management
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Session management
From the course: CISSP Cert Prep (2021): 5 Identity and Access Management
Session management
- [Presenter] Session management attempts to ensure the integrity of user connections by using timeouts and screensavers to disconnect users who have gone idle. This is an important part of accountability, preventing someone who stumbles across an authenticated session from taking control of the account that initiated that session. Timeouts are very simple and effective security controls. They come in three different forms. First, timeouts may simply disconnect a user session after a certain amount of time. This is a brute force approach to timeouts. It may be easy to implement, but often results in user dissatisfaction. For example, I once worked at an organization that had an automatic timeout on VPN connections after two hours. Remote workers found this completely intolerable because they were connected to the VPN all day as they worked, and they wound up getting bounced off every two hours. Second, timeouts may…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.