Details

Some tools exist on the Internet, which specifically attack the management-plane protocol accounts of the system and frequently attempt accounts to attack devices so as to obtain accounts. Therefore, the system should be able to reject all remote login requests in a blocking manner when it is found that repeated remote login attempts fail for a certain number of consecutive times by monitoring the system account authentication. At this time, only IP requests from whitelisted users are allowed to be responded). This blocking can last for a period of time, so as to achieve the purpose of timely cutting off brute-force cracking attempts and protecting the CPU processing capability of the management plane.


Solution

Configuring the number of failures and locking time by running the following commands:

ZXR10 (config)#system-user
ZXR10 (config-system-user)#user-authen-restriction fail-time 3 lock-minute 2


Supportive Information

The following resource is also helpful.

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system ZTE_ROSNG.


References


Source