Advantages to killing sessions after 5 minutes?

I'm completely confused, though. What is the security benefit here?

Nothing. The most likely scenario is that something in between is timing out the connection after 5 minutes to conserve resources. That could be a firewall, a WAN accelerator, an SSL accelerator, etc. Or it could be just a bad default setting. Who knows?

Network admins often have different concerns than everyone else, that often times can come into conflict with others. We work in a silo-ed world where the holistic picture isn't taken into account.

Don't assume there's a particularly good reason for every setting, but leave room for the potential that the 5 minute timeout was a quick fix for some other problem they're having, and your application problem was blowback.


This sounds like a good example of a security "cargo cult". A security control has been implemented blindly without understanding the context involved or indeed implementing it correctly.

Generally speaking in security the point of an idle timeout it to reduce the risk of situations where a client machine is left unattended and a malicious user gets to the machine and executes unauthorised commands on it. The balance in these timeouts tends to be one of usuability (which favours longer or no timeout) and security (which favours shorter timeouts).

You can sometimes spot security cargo culting with exactly what you've mentioned which is that the operators of the system are actually helping you bypass the nominal control (in your case by recommending keep-alives be used)


I'm completely confused, though. What is the security benefit here?

It might not be a question of security but have a different reason. Unfortunately your question only offers your view so we can only speculate what the real reason might be.

One explanation might be that there is a simple stateful packet filter where the states time out after 120 seconds of inactivity. This means any data transferred after this inactivity will be blocked because there is no open state any more. The reason for this might be a device which has only very limited resources and can thus not keep too much states open at the same time, for instance a firewall which was designed with 10 users in mind but is now used by 100 users.

Of course it might also be that a BOFH is running the system which is probably more your view at the issue :) But this is hard to tell without having more insight in the actual system.

Tags:

Ssh

Network