Details

By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced.

Solution

Configure the router to enforce the limit of three consecutive invalid logon attempts and lock out the user account from accessing the device for 15 minutes as shown in the example below.

[edit system login]
set retry-options tries-before-disconnect 3
set retry-options lockout-period 15

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Juniper_Router_Y21M02_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Juniper.

References

• 800-53|AC-7a.
• CAT|II
• CCI|CCI-000044
• Rule-ID|SV-101205r1_rule
• STIG-ID|JUNI-ND-000150
• Vuln-ID|V-91105

Source

• Tenable.com/audits