The A10 Networks ADC must enforce the limit of three consecutive invalid logon attempts.

An XCCDF Rule

Description

<VulnDiscussion>By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced. The A10 Networks ADC must be configured to limit the consecutive invalid logon attempts. When someone attempts to log on, but fails repeatedly, the failed logon attempts and associated "user is disabled" message will be logged. Note: The user will still be prompted up to five times, even when the account is disabled at three failed logon attempts.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-82523r1_rule
Severity: Medium
References: CCI-000044
Updated: about 1 year ago

The following command enables admin lockout:
admin lockout enable

The following example locks the admin account after three failed logon attempts sets the A10 ADC to remember the last failed logon for 15 minutes:
admin lockout threshold 3
admin lockout reset-time 15Note: This will be applied to all administrative accounts.

The A10 Networks ADC must enforce the limit of three consecutive invalid logon attempts.

Description

Remediation - Manual Procedure