Session management attempts to ensure the integrity of user connections by using timeouts and screensavers to disconnect users who have gone idle. This is an important part of accountability, preventing someone who stumbles across an authenticated session from taking control of an account. In this video, learn how to implement strong session management controls.
- [Narrator] Session management attempts…to ensure the integrity of user connections…by using timeouts and screensavers to disconnect users…who have gone idle.…This is an important part of accountability,…preventing someone who stumbles across…an authenticated session from taking control…of the legitimate user's account.…Timeouts are very simple but effective security controls.…They come in three different forms.…First, timeouts may simply disconnect a user session…after a certain amount of time has passed.…
This is somewhat of a brute force approach to timeouts.…It may be easy to implement but it often results…in user dissatisfaction.…For example, I once worked at an organization…that used an automatic timeout on VPN connections…after two hours.…Telecommuters found this completely intolerable…because they were connected to the VPN all day…as they worked and wound up getting bounced…off the network every two hours.…Second, timeouts may monitor a user session for inactivity.…
Once a user goes idle, the system starts a timer…
You can sign up for Mike's free study group at certmike.com, and find his study guides at the Sybex test prep site. To review the complete CISSP Body of Knowledge, visit https://www.isc2.org/cissp-domains/default.aspx.
Note: This course is part of a series releasing throughout 2018. A complete learning path will be available once all the courses are released.
- Identity and access management overview
- Identification mechanisms: user names, access cards, biometrics, and registration
- Authentication factors
- Password authentication protocols
- Identity as a service (IDaaS)
- Enforcing accountability
- Managing credentials with policies
- Using access control lists
- Defending against access control attacks
Skill Level Advanced
1. Identity and Access Management
5. Credential Management
7. Access Control Attacks
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.