Riverbed Optimization System (RiOS) must enforce the limit of three (3) consecutive invalid logon attempts by a user during a 15-minute time period for web-based management access.

An XCCDF Rule

Details
Profiles

Description

By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced.

ID: SV-77351r1_rule
Version: RICX-DM-000025
Severity: Medium
References: CCI-000044
Updated: 5 days ago

Remediation Templates

Configure RiOS to limit the number of invalid logon attempts to 3 during a 15 minute period.

Navigate to the device Management Console
Navigate to Configure >> Security >> Password Policy
Set the value of "Login Attempts Before Lockout:" to "3"
Set the value of "Timeout for User Login After Lockout (seconds);" to "900"
Click "Apply" to save the changes
Navigate to the top of the web page and click "Save" to write changes to memory

Riverbed Optimization System (RiOS) must enforce the limit of three (3) consecutive invalid logon attempts by a user during a 15-minute time period for web-based management access.

Description

Remediation Templates

A Manual Procedure