Rule ID
SV-252600r831511_rule
Version
V1R3
By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the account.
If the IBM Aspera Shares feature of the Aspera Platform is not installed, this is Not Applicable. Verify IBM Aspera Shares locks accounts after three unsuccessful login attempts within a 15-minute timeframe: - Log in to the IBM Aspera Shares web page as a user with administrative privilege. - Select the "Admin" tab. - Scroll down to the "Security" section. - Select the "User Security" option. - Verify the "Failed login count" is set to "3" or less. - Verify the "Failed login interval" is set to "15" or less. If the "Failed login count" is set to more than "3", this is a finding. If the "Failed login interval" is set to more than "15" minutes, this is a finding.
Configure IBM Aspera Shares to lock accounts after three unsuccessful login attempts within a 15-minute timeframe: - Log in to the IBM Aspera Shares web page as a user with administrative privilege. - Select the "Admin" tab. - Scroll down to the "Security" section. - Select the "User Security" option. - Edit the "Failed login count" option to "3" or less. - Edit the "Failed login interval" option to "15" minutes or less. - Select "Save" at the bottom of the page.