Skip to content

Riverbed Optimization System (RiOS) must enforce the limit of three (3) consecutive invalid logon attempts by a user during a 15-minute time period for web-based management access.

An XCCDF Rule

Description

By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced.

ID
SV-77351r1_rule
Version
RICX-DM-000025
Severity
Medium
References
Updated

Remediation Templates

A Manual Procedure

Configure RiOS to limit the number of invalid logon attempts to 3 during a 15 minute period.

Navigate to the device Management Console
Navigate to Configure >> Security >> Password Policy
Set the value of "Login Attempts Before Lockout:" to "3"
Set the value of "Timeout for User Login After Lockout (seconds);" to "900"