Riverbed Optimization System (RiOS) must enforce the limit of three (3) consecutive invalid logon attempts by a user during a 15-minute time period for web-based management access.
An XCCDF Rule
Description
By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced.
- ID
- SV-77351r1_rule
- Version
- RICX-DM-000025
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Configure RiOS to limit the number of invalid logon attempts to 3 during a 15 minute period.
Navigate to the device Management Console
Navigate to Configure >> Security >> Password Policy
Set the value of "Login Attempts Before Lockout:" to "3"
Set the value of "Timeout for User Login After Lockout (seconds);" to "900"