Use the Brute Force Attack OS window to configure options related to preventing brute force attacks against the Linux operating system (OS).
Brute force attacks are a major security threat to servers whereby the attacker (which is generally an automated software program) systematically checks all possible passwords and pass-phrases on a trial-and-error basis until the correct one is found. Alternatively, the attacker can attempt to guess the key, which is typically created from the password using a key derivation function. A defense against this is to limit the number of consecutive unsuccessful login attempts on the system to five , after which the user -id ID is automatically locked by the server. Only the authorized administrator with privileges can unlock the user id..
The SBC system admin controls are enhanced with the addition of an account management object, bruteForceAttackOS ( Brute Force Attack OS ), to protect against Linux OS brute force attacks. This object allows the controls allow an administrator to limit the number of consecutive failed OS login attempts from 1 to 10, with the default of 3before the account is locked and to specify how long to keep the account locked.
On the SBC Main main screen, navigate to to All > > System > > Admin > > Account Management > > Brute Force Attack OS. The Brute Force Attack OS window is displayedopens.
Caption |
---|
0 | Figure |
---|
1 | Brute Force Attack OS Window |
---|
|
Image Modified |
The following parameters are described: Use the following table to set brute force attack OS options and then click Save.
Caption |
---|
0 | Table |
---|
1 | Brute Force Attack OS parameter descriptionsParameters |
---|
|
Parameter | Description |
---|
OS State | Enable this flag to defend the Linux OS against brute force attacks. The options are:enabled Disableddisabled Enabled (default)
| Consecutive Failed OSAttempt Allowed | Specifies the number of consecutive failed login attempts allowed before the account is locked. The value ranges from 1 to 10 attempts and the default value is 3 attempts. | Allow OSAuto Unlock | Enable this flag to automatically unlock the Linux OS account after a configurable number of seconds set by unlockOSTime the Unlock OSTime parameter. The options are:enabled Disableddisabled Enabled (default)
| Unlock OSTime | Specifies the time interval after which the disabled Linux OS account will automatically unlock. The value ranges from 30 to 5400 seconds and the default value is 30 seconds. |
|