Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-5613 | NET1646 | SV-28745r2_rule | Medium |
Description |
---|
An attacker may attempt to connect to the device using SSH by guessing the authentication method and authentication key or shared secret. Setting the authentication retry to 3 or less strengthens against a Brute Force attack. |
STIG | Date |
---|---|
Perimeter Router Security Technical Implementation Guide Juniper | 2018-02-27 |
Check Text ( C-29030r3_chk ) |
---|
Review the configuration and verify the number of unsuccessful SSH login attempts is set at 3. system { login { retry-options { tries-before-disconnect 3; maximum-time 60; } |
Fix Text (F-5524r9_fix) |
---|
Configure the network device to require a maximum number of unsuccessful SSH logon attempts at 3. |