Riverbed Optimization System (RiOS) must enforce the limit of three (3) consecutive invalid logon attempts by a user during a 15-minute time period for device console access.

An XCCDF Rule

Details
Profiles

Description

By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced.

ID: SV-77349r1_rule
Version: RICX-DM-000024
Severity: Medium
References: CCI-000044
Updated: 14 days ago

Remediation Templates

Configure RiOS to limit the number of invalid logon attempts to 3 during a 15 minute period.

Login to the device console to access the command line interface (CLI)

Type: enable
Type: conf tType: authentication policy template strong
Scroll down to "Maximum unsuccessful logins before account lockout:" and type "3"
Under "Wait before account unlock:" and type "900" Seconds
Type: write memory

Riverbed Optimization System (RiOS) must enforce the limit of three (3) consecutive invalid logon attempts by a user during a 15-minute time period for device console access.

Description

Remediation Templates

A Manual Procedure