Rule ID
SV-284864r1205360_rule
Version
V1R1
CCIs
By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced.
Review the Cisco SNA appliance configuration to verify it enforces the limit of three consecutive invalid logon attempts. Navigate to Cisco SNA Dashboard >> Configure >> Central Management >> Inventory >> Actions... >> Edit Appliance Configuration >> General >> Session Settings >> Number of Unsuccessful Attempts and Duration of Lockout. If the Cisco SNA appliance is not configured to enforce the limit of three consecutive invalid logon attempts, this is a finding.
Configure the Cisco SNA appliance to enforce the limit of three consecutive invalid logon attempts during a 15-minute time period. Navigate to Cisco SNA Dashboard >> Configure >> Central Management >> Inventory >> Actions... >> Edit Appliance Configuration >> General >> Session Settings. Input a number for "Number of Unsuccessful Attempts and Duration of Lockout". Apply the configuration.