Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-5613 | NET1646 | SV-15458r2_rule | ECSC-1 | Medium |
Description |
---|
An attacker may attempt to connect to the device using SSH by guessing the authentication method and authentication key or shared secret. Setting the authentication retry to 3 or less strengthens against a Brute Force attack. |
STIG | Date |
---|---|
Infrastructure L3 Switch Secure Technical Implementation Guide - Cisco | 2013-10-08 |
Check Text ( C-12923r2_chk ) |
---|
Review the configuration and verify the number of unsuccessful SSH login attempts is set at 3. ip ssh authentication-retries 3 |
Fix Text (F-5524r7_fix) |
---|
Configure the network element to require a maximum number of unsuccessful SSH login attempts at 3. |