IBM Aspera Faspex must lock accounts after three unsuccessful login attempts within a 15-minute timeframe.
An XCCDF Rule
Description
By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the account.
- ID
- SV-252581r831503_rule
- Version
- ASP4-FA-050170
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Configure IBM Aspera Faspex to lock accounts after three unsuccessful login attempts within a 15-minute timeframe:
- Log in to the IBM Aspera Faspex web page as a user with administrative privilege.
- Select the "Server" tab.
- Select the "Configuration" tab.
- Select the "Security" section.