Check: NET1646
WLAN Controller STIG (STIG):
NET1646
(in versions v6 r15 through v6 r12)
Title
The network device must be configured for a maximum number of unsuccessful SSH logon attempts set at 3 before resetting the interface. (Cat II impact)
Discussion
An attacker may attempt to connect to the device using SSH by guessing the authentication method and authentication key or shared secret. Setting the authentication retry to 3 or less strengthens against a Brute Force attack.
Check Content
Review the configuration and verify the number of unsuccessful SSH logon attempts is set at 3. If the device is not configured to reset unsuccessful SSH logon attempts at 3, this is a finding.
Fix Text
Configure the network device to require a maximum number of unsuccessful SSH logon attempts at 3.
Additional Identifiers
Rule ID: SV-5613r4_rule
Vulnerability ID: V-5613
Group Title: SSH login attempts value is greater than 3.
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |