CISC-ND-000150 – The Cisco router must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must lock out the user account from accessing the device for 15 minutes.

Details

By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced.

Solution

Configure the Cisco router to enforce the limit of three consecutive invalid logon attempts as shown in the example below.

R2(config)#login block-for 900 attempts 3 within 120

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Cisco_IOS_Router_Y22M01_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Cisco.

References

800-53|AC-7a.
CAT|II
CCI|CCI-000044
Rule-ID|SV-215668r521266_rule
STIG-ID|CISC-ND-000150
STIG-Legacy|SV-105163
STIG-Legacy|V-96025
Vuln-ID|V-215668

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles