Logging into your organization’s network is one of the first things employees go through daily. Each successful authentication also opens up a direct route into your company’s resources, creating a session between the two systems.
However, trust shouldn’t be without limits—indefinitely keeping the session open can be detrimental to your security. This is something that a hacker could exploit when looking for ways to hijack your employees’ connections. Therefore, NordLayer unveils a new security feature designed to prevent this risk—Active Session Timeout.
Active Session Timeout using NordLayer
The new NordLayer feature allows you to choose a user’s session duration. When the time expires, the user is logged out from the Control Panel or NordLayer application and required to re-authenticate. This makes the action window during which the hacker could decrypt the connection shorter, making it much harder to hijack. This can be very beneficial if your users are handling sensitive data.
How does NordLayer’s Active Session Timeout feature work?
This feature automatically logs users out of the NordLayer application or Control Panel after the set period. It affects all users regardless of whether they were connected to the gateway during that time.
The setting is enforced automatically, and the session length can be adjusted by the admin in the Control Panel for the entire organization. The minimum duration length in the Control Panel and application can be set up to 1 day. Meanwhile, NordLayer’s default—and maximum—session duration time is 30 days. It adds a safeguard that is sure to be appreciated by a company’s IT personnel.
How is NordLayer’s Active Session Timeout different?
Unlike typical session management, NordLayer’s feature offers more flexibility and control. It not only addresses the typical use cases but also adds an extra layer of security, which is especially useful in remote working scenarios:
The feature will have a setting allowing you to select a preferred session duration period.
Session control has a predefined optimal default time of 30 days if there’s no preference for session duration time.
The functionality is applicable for both Control Panel and NordLayer application, so gives more control to manage admins’ and users’ reauthentication.
Benefits of Active Session Timeout
Stricter session management is recommended by various organizations like The Open Web Application Security Project (OWASP). It can significantly contribute to your organization’s cybersecurity hygiene.
The benefits of Active Session Timeout controls include better security adherence in the organization, more efficient users and internal policy management, and increased overall network and data protection.
Enhanced security: shorter session durations minimize the window of opportunity for unauthorized access.
Compliance alignment: the feature allows organizations to align with security protocols, thus reducing vulnerabilities.
Risk mitigation: in scenarios like device theft, the exposure period is significantly reduced, leaving a smaller time window for bad actors to exploit.
Integrates with Single sign-on authentication schemes. This feature enables network administrators to control access to work resources more precisely and align them with their internal policies.
This functionality has benefits to all organization units, from the end user to the manager:
Overall the feature automates and optimizes processes for all organization units, adding an additional functionality to network and data security.
Entering NordLayer’s Active Session Timeout
To adjust your currently used session duration:
Head to the Control Panel and click Settings
Select Security configurations and find the Active Session Timeout section
This allows you to change session duration times for your users in applications and the Control Panel. You can choose the desired time from 1 day to 30 from the dropdown menu.
The user will be shown a dialog box just before the session ends, asking to reauthenticate to start a new session running.
