Details
Authentication should be configured so there is a maximum number of consecutive failed login attempts for each account, at which point the account at risk will be locked out.
Rationale:
Multiple account login failures for the same account could possibly be an attacker trying to brute force guess the password.
Impact:
A users account will be locked after 5 unsuccessful login attempts.
Solution
To set the maximum failed login attempts correctly, perform the following steps:
From the vSphere Web Client, select the host.
Click Configure then expand System.
Select Advanced System Settings then click Edit.
Enter Security.AccountLockFailures in the filter.
Set the value for this parameter to 5.
Alternately, use the following PowerCLI command:
Get-VMHost | Get-AdvancedSetting -Name Security.AccountLockFailures | Set-AdvancedSetting -Value 5
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system VMware.