Network Device Management Rules : Ensuring limited login attempts for web-based management
  
Ensuring limited login attempts for web-based management
Rule Title: RiOS must enforce the limit of three consecutive invalid login attempts by a user during a 15-minute time period for web-based management access.
STIG ID: RICX-DM-000025
Rule ID: SV-77351r1_rule Severity: CAT II
Vuln ID: V-62861 Class: Unclass
By limiting the number of failed login attempts, the risk of unauthorized system access through user password guessing, otherwise known as brute-forcing, is reduced.
Verifying the system is configured for a limited number of login attempts
Verify that RiOS is configured to limit the number of invalid login attempts during a 15-minute period to 3.
For detailed information, see Verifying the system is configured for a limited number of login attempts.
Configuring the system for a limited number of login attempts
Configure RiOS to limit the number of invalid login attempts during a 15-minute period to 3.
For detailed information, see Configuring the system for a limited number of log in attempts.