Title

The network device must be configured for a maximum number of unsuccessful SSH logon attempts set at 3 before resetting the interface. (Cat II impact)

Discussion

An attacker may attempt to connect to the device using SSH by guessing the authentication method and authentication key or shared secret. Setting the authentication retry to 3 or less strengthens against a Brute Force attack.

Check Content

Review the configuration and verify the number of unsuccessful SSH logon attempts is set at 3. If the device is not configured to reset unsuccessful SSH logon attempts at 3, this is a finding.

Fix Text

Configure the network device to require a maximum number of unsuccessful SSH logon attempts at 3.

Additional Identifiers

Rule ID: SV-5613r4_rule

Vulnerability ID: V-5613

Group Title: SSH login attempts value is greater than 3.

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.