Use LockOut Realms

Details

A LockOut realm wraps around standard realms adding the ability to lock a user out after multiple failed logins.

Rationale:

Locking out a user after multiple failed logins slows down attackers from brute forcing logins.

Solution

Create a lockout realm wrapping the main realm similar to the example below:

failureCount=’3′ lockOutTime=’600′ cacheSize=’1000′
cacheRemovalWarningTime=’3600’>

Supportive Information

The following resource is also helpful.

https://workbench.cisecurity.org/files/3090

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

800-53|CM-6
CSCv7|5.1

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles