Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-242234 | TIPP-NM-000040 | SV-242234r710709_rule | Medium |
Description |
---|
By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced. |
STIG | Date |
---|---|
Trend Micro TippingPoint NDM Security Technical Implementation Guide | 2021-06-09 |
Check Text ( C-45509r710707_chk ) |
---|
Verify the SMS client requires locking of account after three invalid login attempts. Navigate to Edit >> Preferences. If the checkbox for "Lock user after failed login attempts" is not checked, or if the threshold is not set to 3, this is a finding. |
Fix Text (F-45467r710708_fix) |
---|
In the Trend Micro TippingPoint system, ensure the SMS client is requiring locking of account after three invalid login attempts: 1. Navigate to Edit >> Preferences. 2. Click the checkbox for "Lock user after failed login attempts". 3. Under threshold enter 3. 4. Click OK to save. |