Title

The VPN Gateway must notify the user, upon successful logon (access), of the number of unsuccessful logon (access) attempts since the last successful logon (access). (Cat III impact)

Discussion

Users need to be aware of activity that occurs regarding their account. Providing users with information regarding the number of unsuccessful attempts that were made to login to their account allows the user to determine if any unauthorized activity has occurred and gives them an opportunity to notify administrators. This applies to gateways that have the concept of a user account and have the login function residing on the gateway or the gateway acts as a user intermediary.

Check Content

Determine if the VPN Gateway is either configured to notify the administrator of the number of unsuccessful login attempts since the last successful login or configured to use an authentication server which would perform this function. If the administrator is not notified of the number of unsuccessful login attempts since the last successful login, this is a finding. If the VPN Gateway does not notify the user, upon successful logon (access), of the number of unsuccessful logon (access) attempts since the last successful logon (access), this is a finding.

Fix Text

Configure the VPN Gateway to notify the user, upon successful logon (access), of the number of unsuccessful logon (access) attempts since the last successful logon (access).

Additional Identifiers

Rule ID: SV-207188r608988_rule

Vulnerability ID: V-207188

Group Title: SRG-NET-000049

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.