SYMP-NM-000050 - Symantec ProxySG must be configured to enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period - max-failed-attempts

Details

By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced.


Solution

The lockout policy may be configured for both SSH and Web Management Console sessions.

1. SSH into the ProxySG console, type 'enable', press 'Enter'.
2. Enter the appropriate password, type 'config', press 'Enter'.
3. Type 'security local-user-list edit local_user_database', press 'Enter'.
4. Type 'lockout-duration 900', type 'max-failed-attempts 3', press 'Enter'.


Supportive Information

The following resource is also helpful.

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system BlueCoat.


References


Source