Free DISA STIG and SRG Library | Vaulted

V-5613

The network element must be configured for a maximum number of unsuccessful SSH login attempts set at 3 before resetting the interface.

Finding ID
NET1646
Rule ID
SV-15458r2_rule
Severity
Cat II
CCE
(None)
Group Title
SSH login attempts value is greater than 3.
CCI
(None)
Target Key
(None)
Documentable
No
Discussion

An attacker may attempt to connect to the device using SSH by guessing the authentication method and authentication key or shared secret. Setting the authentication retry to 3 or less strengthens against a Brute Force attack.

Fix Text

Configure the network device to require a maximum number of unsuccessful SSH logon attempts at 3.

Check Content

Review the configuration and verify the number of unsuccessful SSH login attempts is set at 3. ip ssh authentication-retries 3

Responsibility

Information Assurance Officer