Riverbed Optimization System (RiOS) must enforce the limit of three (3) consecutive invalid logon attempts by a user during a 15-minute time period for device console access.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-62859 | RICX-DM-000024 | SV-77349r1_rule | Medium |
| Description |
|---|
| By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced. |
| STIG | Date |
|---|---|
| Riverbed SteelHead CX v8 NDM Security Technical Implementation Guide | 2019-10-01 |
Details
| Check Text ( C-63653r1_chk ) |
|---|
| Verify that RiOS is configured to limit the number of invalid logon attempts during a 15 minute period to 3. Login to the device console to access the command line interface (CLI) Type: show authentication policy Verify that "Maximum unsuccessful logins before account lockout:" is set to "3" Verify that "Wait before account unlock:" is set to "900" seconds If "Maximum unsuccessful logins before account lockout" is not set to "3" and/or "Wait before account unlock" is not set to "900" seconds, this is a finding. |
| Fix Text (F-68777r1_fix) |
|---|
| Configure RiOS to limit the number of invalid logon attempts to 3 during a 15 minute period. Login to the device console to access the command line interface (CLI) Type: enable Type: conf t Type: authentication policy template strong Scroll down to "Maximum unsuccessful logins before account lockout:" and type "3" Under "Wait before account unlock:" and type "900" Seconds Type: write memory |