August 06, 2019
NIST 800-171 3.1.8
Share This Post
Limit unsuccessful logon attempts.
This control is put in place to avoid hackers from guessing the password by attempting to log into systems over and over again trying things like dictionary attacks or brute force attacks. While your windows domain can be set up so that there is a pause between several attempts or even a lockout, other systems are not so easy to configure this way. Some of your equipment might not be smart enough or new enough to stop password attacks. Start considering upgrading or updating your equipment to get to the point where you can use two-factor authentication You will need to introduce two-factor authentication at this stage because you have more controls with two-factor than you do on a router or firewall for instance. Get a two-factor system that gives you these controls as well. You will also need to track all of these unsuccessful attempts in a report, and provide that report to your ticket tracking system and log analysis systems. Password and account attacks are extremely common and you will spend a lot of time modifying your system to stop this. Now is the time to also introduce having a firewall. You will need to start controlling where people are going to and what they are attempting to access remotely. We also will now want to introduce a proxy or web-based firewall for your web environment. Investigate a web-based firewall and start working on your own physical firewall for your company. Make sure that you have two-factor capabilities enabled throughout your enterprise as well.
Share This Post