@@ -539,14 +539,14 @@ The VPN client shall by default encrypt all transmitted user credentials or sens
#### 5.2.8.4 MI-AUTH-3 Authentication timeout
The VPN client, server, or other node shall implement an authentication timeout that requires periodic re-authentication of the user for active sessions.
The VPN client, server, or other nodes shall not use session credentials with indefinite validity.
* Reference: TR-AUTH
* Objective: Protect VPN connection from unauthorized use
* Preparation: Configure the authentication timeout
* Activities: Establish a VPN connection, after the configured authentication timeout interval, attempt to send traffic via the VPN connection
* Verdict: No traffic is transmitted through the VPN connection => PASS, otherwise FAIL
* Evidence: Log messages showing VPN connection establishment, authentication timeout or disconnection, packet capture with timestamps synchronized with log messages
* Objective: Protect VPN connection from unauthorised use
* Preparation: Inspect, obtain or configure the session lifetime
* Activities: Obtain a session credential. After the configured session credential validity periode, attempt to conntect to the VPN server.
* Verdict: Connection is rejected => PASS, otherwise FAIL
* Evidence: Log messages showing VPN connection establishment, authentication timeout or rejection, packet capture with timestamps synchronised with log messages
