UCF STIG Viewer Logo

The network element must be configured for a maximum number of unsuccessful SSH login attempts set at 3 before resetting the interface.


Overview

Finding ID Version Rule ID IA Controls Severity
V-5613 NET1646 SV-28745r2_rule Medium
Description
An attacker may attempt to connect to the device using SSH by guessing the authentication method and authentication key or shared secret. Setting the authentication retry to 3 or less strengthens against a Brute Force attack.
STIG Date
Infrastructure Router Security Technical Implementation Guide Juniper 2018-11-27

Details

Check Text ( C-29030r3_chk )
Review the configuration and verify the number of unsuccessful SSH login attempts is set at 3.

system {
login {
retry-options {
tries-before-disconnect 3;
maximum-time 60;
}
Fix Text (F-5524r9_fix)
Configure the network device to require a maximum number of unsuccessful SSH logon attempts at 3.