FireEye – AAA failed logins are tracked
Details Tracking failed logins is the first step toward mitigating password-guessing attacks. Solution Edit the configuration and add this line:n...
- Home
- Security Hardening
- TNS Best Practice FireEye
TNS Best Practice FireEye
FireEye – AAA is enabled
Details The appliance authenticates users remotely through LDAP, RADIUS, or TACACS+. This can simplify and improve management of users with...FireEye – AAA LDAP binding user should not be an admin
Details If LDAP is used with Active Directory a non-administrator user is required for searching and browsing AD server records....FireEye – AAA lockouts are enabled
Details Authentication through AAA will be blocked for a time after a configurable number of failures. This helps mitigate password-guessing...FireEye – Configuration auditing logs the required number of changes
Details Saving past configurations allows them to be audited for unauthorized changes and reviewed when troubleshooting. Auditing cannot be disabled...FireEye – Custom SNORT rules are enabled
Details FireEye Web MPS supports the use of custom rules for malware analysis. It allows end users to load their...FireEye – Email encryption certificates are verified
Details If TLS encryption is used for email communication then the certificate should be verified to provide assurance it was...FireEye – FENet patch updates are applied automatically
Details Patches are downloaded from the FireEye network (FENet) to remediate vulnerabilities or technical issues in the appliance. This security...FireEye – FENet security content updates are applied automatically
Details FireEye MPC Network (FENet) supplies signatures and other security information which should be downloaded and applied to the appliance...FireEye – AAA lockouts delay further attempts for at least 30 seconds
Details Authentication through AAA for the account will be blocked during a lockout. Setting this too low can allow faster...