Riverbed Optimization System (RiOS) must automatically lock the account until the locked account is released by an administrator when three unsuccessful login attempts in 15 minutes are exceeded.

An XCCDF Rule

Description

<VulnDiscussion>By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the account.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-77353r1_rule
Severity: Medium
References: CCI-002238
Updated: about 1 year ago

Configure RiOS to limit the number of unsuccessful login attempts to 3 during a 15-minute period.

Navigate to the device Management Console
Navigate to Configure >> Security >> Password Policy
Set the value of "Login Attempts Before Lockout:" to "3"
Set the value of "Timeout for User Login After Lockout (seconds);" to "900"
Click "Apply" to save the changes
Navigate to the top of the web page and click "Save" to write changes to memory

Riverbed Optimization System (RiOS) must automatically lock the account until the locked account is released by an administrator when three unsuccessful login attempts in 15 minutes are exceeded.

Description

Remediation - Manual Procedure