User Authentication Security - Configure login security options to hinder password guessing attacks - lockout-period

Information

The Junos default behavior for login security provides reasonable protection from password guessing attacks, but may not be suitable for every environment.

Set the amount of time in minutes before a user can attempt to login after being locked out due to the number of failed login attempts specified in Step 1 with the tries-before-disconnect statement. The range is from 1 through 43200 with a default of 120.

Solution

Configure login security for length of time the login is locked out.

user@host# edit system login retry-options
user@host# set lockout-period 15

See Also

http://www.juniper.net/us/en/training/jnbooks/day-one/fundamentals-series/hardening-junos-devices-checklist/

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-7a.

Plugin: Juniper

Control ID: 5478590dd4298c2f5062ea6b76fd7aed13262db03c3e25195a98d3935b316bb0