How are Broken Authentication Attacks Prevented?
The requirement for Broken Authentication and Session Management requires Web Application Firewall to support strong session management to enhance the authorization requirements for web sites. SonicWall SMA already has strong authentication capabilities with the ability to support One Time Password, Two-factor Authentication, Single Sign-On, and client certificate authentication.
For Session Management, Web Application Firewall pops up a session logout dialog box when the user portal is launched or when a user logs into an application offloaded portal. This feature is enabled by default when Web Application Firewall is licensed and can be disabled from the Web Application Firewall > Settings page.
The Web Application Firewall > Settings page also allows the administrator to configure the global idle session timeout. It is highly recommended that this timeout value is kept as low as possible.
Was This Article Helpful?
Help us to improve our support portal