Detections
Analytics

Mitigating risk from SSH brute force login attacks - Monitor login attempts

Information

Beginning in BIG-IP 10.2.0, you can view the number of failed login attempts for each user by logging into the BIG-IP Configuration utility and browsing to the Account Security section of the System > Users : User List <username> screen.
 The information displayed indicates whether the user failed a sufficient number of login attempts to be locked out of the system. Locked out users must contact the BIG-IP system administrator to have accessibility reinstated.

 NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

1. Log in to the Configuration utility.
 2. Click System.
 3. Select Users : User List <username>.
 4. Review Failed Logins for each User.

See Also

https://support.f5.com/csp/article/K53108777#link_01

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-11a., CAT|II, CCI|CCI-000057, Rule-ID|SV-74523r2_rule, STIG-ID|F5BI-DM-000007, Vuln-ID|V-60093

Plugin: F5

Control ID: a2a4e6471b7f5ba90faa0fa6d0d11a0bd04303f6fd2d72cafc1dd38159571161