The A10 Networks ADC must automatically lock the account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes are exceeded.

An XCCDF Rule

Description

<VulnDiscussion>By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the account.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-82563r1_rule
Severity: Medium
References: CCI-002238
Updated: about 1 year ago

Use the following command to enable admin lockout:
admin lockout enable

The following command locks the admin account after three failed logon attempts sets the A10 ADC to remember the last failed logon for 15 minutes.
admin lockout threshold 3
admin lockout reset-time 15
Use the following command to enable admin lockout:
admin lockout enable

The following command keeps a locked admin account locked until it is manually unlocked by an authorized admin:
admin lockout duration 0

The A10 Networks ADC must automatically lock the account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes are exceeded.

Description

Remediation - Manual Procedure