Free DISA STIG and SRG Library | Vaulted
  1. Security Guide Library
  2. Infrastructure L3 Switch Security Technical Implementation Guide
  3. V-5613

V-5613

The network device must be configured for a maximum number of unsuccessful SSH logon attempts set at 3 before resetting the interface.

Finding ID
NET1646
Rule ID
SV-5613r4_rule
Severity
Cat II
CCE
(None)
Group Title
SSH login attempts value is greater than 3.
CCI
(None)
Target Key
(None)
Documentable
No
Discussion

An attacker may attempt to connect to the device using SSH by guessing the authentication method and authentication key or shared secret. Setting the authentication retry to 3 or less strengthens against a Brute Force attack.

Fix Text

Configure the network device to require a maximum number of unsuccessful SSH logon attempts at 3.

Check Content

Review the configuration and verify the number of unsuccessful SSH logon attempts is set at 3. If the device is not configured to reset unsuccessful SSH logon attempts at 3, this is a finding.

Responsibility

Information Assurance Officer

Vaulted is more than a library.

SIGN UP FOR FREE