Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-74929 | MQMH-ND-000150 | SV-89603r1_rule | Medium |
Description |
---|
By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute forcing, is reduced. |
STIG | Date |
---|---|
IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide | 2017-06-06 |
Check Text ( C-74787r1_chk ) |
---|
Log on to the MQ Appliance WebGUI as a privileged user. Go to Administration (gear icon) >> Access >> RBM Settings. Verify the Authentication Method is set to LDAP. Review LDAP server settings and verify the LDAP configuration limits three consecutive invalid logon attempts by a user during a 15-minute time period If MQ is not set to LDAP authentication or if LDAP is not configured to meet the requirement, this is a finding. |
Fix Text (F-81545r1_fix) |
---|
Log on to the MQ Appliance WebGUI as a privileged user. Go to Administration (gear icon) >> Access >> RBM Settings. Set Authentication Method to LDAP. Configure LDAP connection as required. Note: Enforcing the limit of three consecutive invalid logon attempts during a 15-minute time period is the responsibility of the LDAP server. |