← Back to VMware Horizon 7.13 Connection Server Security Technical Implementation Guide

V-246898

CAT II (Medium)

The Horizon Connection Server must reauthenticate users after a network interruption.

Rule ID

SV-246898r879887_rule

STIG

VMware Horizon 7.13 Connection Server Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-000366

Discussion

Given the remote access nature of Horizon Connection Server, the client must be ensured to be under positive control as much as is possible from the server side. As such, whenever a network interruption causes a client disconnect, that session must be reauthenticated upon reconnection. To allow a session resumption would be convenient but would allow for the possibility of the endpoint being taken out of the control of the intended user and reconnected to a different network, in control of a bad actor who could then resume the disconnected session.

Check Content

Log in to the Horizon 7 Console. From the left pane, navigate to Settings >> Global Settings. In the right pane, click the "Security Settings" tab. Locate the "Reauthenticate Secure Tunnel Connections After Network Interruption" setting.

If the "Reauthenticate Secure Tunnel Connections After Network Interruption" setting is set to "No", this is a finding.

Fix Text

Log in to the Horizon 7 Console. From the left pane, navigate to Settings >> Global Settings. In the right pane, click the "Security Settings" tab. Click "Edit". Check the box next to "Reauthenticate secure tunnel connections after network interruption". Click "OK".