Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-62863 | RICX-DM-000026 | SV-77353r1_rule | Medium |
Description |
---|
By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the account. |
STIG | Date |
---|---|
Riverbed SteelHead CX v8 NDM Security Technical Implementation Guide | 2015-11-30 |
Check Text ( C-63657r1_chk ) |
---|
Verify that RiOS is configured to limit the number of unsuccessful login attempts during a 15-minute period to 3. Navigate to the device Management Console Navigate to Configure >> Security >> Password Policy Verify that "Login Attempts Before Lockout:" is set to "3" Verify that "Timeout for User Login After Lockout (seconds)" is set to "900" If "Login Attempts Before Lockout" is not set to "3" and/or "Timeout for User Login After Lockout (seconds)" is not set to "900", this is a finding. |
Fix Text (F-68781r1_fix) |
---|
Configure RiOS to limit the number of unsuccessful login attempts to 3 during a 15-minute period. Navigate to the device Management Console Navigate to Configure >> Security >> Password Policy Set the value of "Login Attempts Before Lockout:" to "3" Set the value of "Timeout for User Login After Lockout (seconds);" to "900" Click "Apply" to save the changes Navigate to the top of the web page and click "Save" to write changes to memory |