STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated just now
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← Back to Juniper EX Series Switches Network Device Management Security Technical Implementation Guide

V-253878

CAT II (Medium)

The Juniper EX switch must be configured to limit the number of concurrent management sessions to 1 or an organization-defined value.

Rule ID

SV-253878r1212002_rule

STIG

Juniper EX Series Switches Network Device Management Security Technical Implementation Guide

Version

V2R5

CCIs

CCI-000054

Discussion

Device management includes the ability to control the number of administrators and management sessions that manage a device. Limiting the number of allowed administrators and sessions per administrator based on account type, role, or access type is helpful in limiting risks related to denial-of-service (DoS) attacks. This requirement addresses concurrent sessions for administrative accounts and does not address concurrent sessions by a single administrator via multiple administrative accounts. The maximum number of concurrent sessions must be defined based upon mission needs and the operational environment for each system. At a minimum, limits must be set for SSH, HTTPS, account of last resort, and root account sessions. Juniper switches apply session limits per access method (e.g., web management, SSH), which means the limit is applicable to local, remote, and root account sessions. Unconfigured management access methods are disabled. For instance, if there is no [edit system services ssh] stanza, that service is unavailable and a connection-limit should not be configured because that will enable the service.

Check Content

If, based on operational needs, an organization-defined number other than "1" is used, document the value in the System Security Plan (SSP). Verify the connection limit for all enabled administrative access methods is "1" or an organizationally defined value documented in the SSP.

SSH example:
user@host> show configuration system services ssh

connection-limit 1;

If the device does not limit the number of concurrent management sessions to "1" or an organization-defined number, this is a finding.

Fix Text

Configure the switch to limit connection limits for all enabled administrative access methods to "1" or an organization-defined value documented in the SSP.

1. Enter configuration mode.
2. Configure enabled administrative access methods to "1" or an organizationally defined value documented in the SSP.
3. Commit the configuration.

SSH example limiting connections to 1:
user@host> configure
Entering configuration mode

user@host# set system services ssh connection-limit 1
or
user@host# set system services ssh connection-limit <documented organizationally defined value>

user@host# commit
commit complete