The DBN-6300 must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.

An XCCDF Rule

Details
Profiles

Description

By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced. It is possible to set a time-to-retry variable, as well as number of retries during that lockout timeout variable, within the DBN-6300.

ID: SV-79481r1_rule
Version: DBNW-DM-000015
Severity: Medium
References: CCI-000044
Updated: 24 days ago

Remediation Templates

Set a time-to-retry variable, as well as number of retries during that lockout timeout variable, within the DBN-6300 through the CLI.

This value is set with the following registry entry in the CLI:

reg set /sysconfig/auth/01 {"stores": { "local": { "policies": { "passwordFail": { "enable": true, "threshold": 3, "windowSeconds": 60 }}}}}

The DBN-6300 must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.

Description

Remediation Templates

A Manual Procedure