1.4.1.1 Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Limits the maximum number of times a local user can enter a wrong password before being locked out

Rationale:

Limiting the number of failed authentication attempts is a prevention and safeguard against brute force and dictionary attacks on systems. The implementation of the aaa local authentication max failed attempts helps to limit the number of consecutive failed login attempts when the AAA authentication scheme through the local database is used as method.

Solution

Run the following to configure the maximum number of consecutive local login failures to be less than or equal to 3

HOSTNAME(CONFIG)#AAA LOCAL AUTHENTICATION ATTEMPTS MAX-FAIL 3

See Also

https://benchmarks.cisecurity.org/tools2/cisco/CIS_Cisco_Firewall_Benchmark_v4.0.0.pdf

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-7, CSCv6|16.7

Plugin: Cisco

Control ID: bdd9afdaf5ab7cf50118aad2e676892a6aab733ededce81ee9e5c49ccf73eed9