The IDPS must enforce the organizationally defined limit of consecutive invalid access attempts by a user during the organizationally defined time period.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34507	SRG-NET-000038-IDPS-00036	SV-45349r1_rule		Medium

Description
One of the most prevalent ways an attacker tries to gain access to a system is by repeatedly trying to access an account and guessing a password. To reduce the risk of malicious access attempts being successful, the IDPS must define and limit the number of times a user account may consecutively fail a login attempt within a defined time period. By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute force attack, is reduced.

Description

One of the most prevalent ways an attacker tries to gain access to a system is by repeatedly trying to access an account and guessing a password. To reduce the risk of malicious access attempts being successful, the IDPS must define and limit the number of times a user account may consecutively fail a login attempt within a defined time period. By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute force attack, is reduced.

STIG	Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide	2012-11-19

Details

Check Text ( C-42699r1_chk )
Review the IDPS configuration to determine if there is a defined limit on invalid account access requests within an organizationally defined time period. If the system is not configured to enforce the organizationally defined limit of consecutive invalid access attempts by a user during an organizationally defined time period, this is a finding.

Fix Text (F-38745r1_fix)
Configure the IDPS to limit the number of invalid access attempts to within an organizationally defined time period.