Title

The LockOutRealm must be configured with a login failure count of 3. (Cat II impact)

Discussion

LockOutRealm prevents brute force attacks against user passwords. Removal of unneeded or non-secure functions, ports, protocols, and services mitigate the risk of unauthorized connection of devices, unauthorized transfer of information, or other exploitation of these resources. Access to LockOutRealm must be configured to control login attempts by local accounts. The organization must perform a periodic scan/review of the application (as required by CCI-000384) and disable functions, ports, protocols, and services deemed to be unneeded or non-secure.

Check Content

Verify the failureCount parameter is set to 3 in the LockOutRealm configuration. Login to the ISEC7 EMM Suite server. Navigate to <Drive>:\Program Files\Isec7 EMM Suite\Tomcat\Config Open the server.xml file with Notepad. Select Edit >> Find and search for LockOutRealm. Verify the failureCount parameter is set to 3 in the following file: <Realm className="org.apache.catalina.realm.LockOutRealm" failureCount="3" lockOutTime="900" > If the failureCount parameter is not set to 3 in the LockOutRealm configuration, this is a finding.

Fix Text

Add failureCount parameter to the LockOutRealm configuration: Login to the ISEC7 EMM Suite server. Navigate to <Drive>:\Program Files\Isec7 EMM Suite\Tomcat\Config Open the server.xml file with Notepad. Select Edit >> Find and search for LockOutRealm. Add the following line is in the server.xml file: <Realm className="org.apache.catalina.realm.LockOutRealm" failureCount="3" lockOutTime="900" > Restart the ISEC7 EMM Suite Web service in the services.msc

Additional Identifiers

Rule ID: SV-224783r505933_rule

Vulnerability ID: V-224783

Group Title: SRG-APP-000065

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.