Details

When a user exceeds the maximum number of attempts allowed (the default is 3 attempts) during a certain period of time (the default is 5 minutes) the account used during those attempts will be locked out for a pre-configured lock-out period (the default is 10 minutes). This can be used to mitigated brute force dictionary attacks.

A security event log will be generated as soon as a user account has exceeded the number of allowed attempts and the show>system>security>user command can be used to display the total number of failed attempts per user.

The account will be automatically re-enabled as soon as the lock-out period has expired.

Solution

Run the following command on the device to implement account lockout: configure system security password attempts time lockout

Supportive Information

The following resource is also helpful.

• https://infoproducts.alcatel-lucent.com/aces/cgi-bin/dbaccessfilename.cgi/9305050101_V1_SR-OS Security Best Practices v2.0.pdf

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Alcatel.

References

• 800-53|CM-6b

Source

• Tenable.com/audits