User Authentication Security - Configure login security options to hinder password guessing attacks - tries-before-disconnect

Information

The Junos default behavior for login security provides reasonable protection from password guessing attacks, but may not be suitable for every environment.

Limit the maximum number of times a user is allowed to attempt to authenticate with the wrong password before the connection is terminated. The range is from 1 through 10. The system default is 10.

Solution

Configure login security for the number of failed login attempts before the attempt is disconnected.

user@host# edit system login retry-options
user@host# set tries-before-disconnect 3

See Also

http://www.juniper.net/us/en/training/jnbooks/day-one/fundamentals-series/hardening-junos-devices-checklist/

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-7a.

Plugin: Juniper

Control ID: eed627640fb87053d2dcfc269beadb64eab8ab654812ed4b8ac40ca6c4fec608