07 May 2010

Limiting the Number of Failed Login Attempts

If an attacker uses a brute-force attack or a dictionary attack when attempting to log in to a device, such as a router, multiple login attempts typically fail before the correct credentials are found. To mitigate these types of attacks, a Cisco IOS router can suspend the login process for 15 seconds, following a specified number of failed login attempts.

By default, a 15-second delay is introduced after ten failed login attempts. However, the security authentication failure rate number_of_failed_attempts log configuration command (issued in global configuration mode) can be used to specify the maximum number of failed attempts (in the range of 2 to 1024) before introducing the 15-second delay. Example illustrates setting the maximum number of attempts to five.

Also, notice the log command, which causes a 2MANY_AUTHFAILS syslog message to be written to a syslog server.

Example

Setting the Number of Failed Login Attempts

Router# conf term
Router(config)# security authentication failure rate 5 log
Router(config)# end


See Also:
CCNA Security Official Exam Certification Guide (Exam 640-553)


biOos
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)