For those who say that this login timeout is not a security feature, I beg to differ.
(Only part of this post is tongue-in-cheek.)
Government directives such as Dept. of Navy's CTO 2006-04 and CTO 2006-07 mandate that a session that gets started by a remote connect source must complete the connection within a time limit or be forcibly ejected. They say it is a security issue. I, being a puny little contractor, have no chance in Hell of convincing anyone that it isn't so much of a problem.
Therefore, by direction of the US Navy, that timeout is there for your security. And because it is there, my system can comply with Navy rules.
Now, having said what I said, there is this to consider: It might or might not help security, but it IS a resource issue if you are in a network address translation environment. It is just that the resource being conserved isn't on the Alpha, it is on your NAT'ing firewall appliance. Ditto for proxy services.
Now, if this becomes a resource issue, then it IS a security issue, too, because of the concept of Denial Of Service. If I can do something that denies service to a machine - by consuming all the resources used to get to it - then there really IS a security factor to consider.
You must remember that security doesn't stop at the shell of the server's enclosure. The paths leading to it are important, too. And if you can drop the silent session, you are helping to conserve resources used to access your system.
Sr. Systems Janitor
