Details
By enforcing a reasonable unlock timeout after multiple failed logon attempts, the risk of unauthorized access via user password guessing, otherwise known as brute forcing, is reduced. Users must wait for the timeout period to elapse before subsequent logon attempts are allowed.
Solution
From the vSphere Client, select the ESXi host and go to Configure >> System >> Advanced System Settings.
Click ‘Edit’ and select the ‘Security.AccountUnlockTime’ value and configure it to ‘900’.
or
From a PowerCLI command prompt while connected to the ESXi host, run the following command:
Get-VMHost | Get-AdvancedSetting -Name Security.AccountUnlockTime | Set-AdvancedSetting -Value 900
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system VMware.
References
- 800-53|AC-7b.
- CAT|II
- CCI|CCI-002238
- Rule-ID|SV-239263r674718_rule
- STIG-ID|ESXI-67-000006
- STIG-Legacy|SV-104045
- STIG-Legacy|V-93959
- Vuln-ID|V-239263