Remote access must be disconnected automatically when inactive for a certain length of time

Remote access sessions are a favourite target for IT attacks. They should not remain open indefinitely, as they provide a permanent, direct gateway into the internal network.

A remote access session that remains open indefinitely allows authentication rules and firewalls to be circumvented. Closing sessions after a certain period of inactivity eliminates this loophole.