Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-5613 | NET1646 | SV-15458r2_rule | Medium |
Description |
---|
An attacker may attempt to connect to the device using SSH by guessing the authentication method and authentication key or shared secret. Setting the authentication retry to 3 or less strengthens against a Brute Force attack. |
STIG | Date |
---|---|
Perimeter Router Security Technical Implementation Guide Cisco | 2016-12-23 |
Check Text ( C-12923r2_chk ) |
---|
Review the configuration and verify the number of unsuccessful SSH login attempts is set at 3. ip ssh authentication-retries 3 |
Fix Text (F-5524r9_fix) |
---|
Configure the network device to require a maximum number of unsuccessful SSH logon attempts at 3. |