NET1646 - The network element must be configured for a maximum number of unsuccessful SSH login attempts set at 3 before resetting.

Information

An attacker may attempt to connect to the device using SSH by guessing the authentication method and authentication key or shared secret. Setting the authentication retry to 3 or less strengthens against a Brute Force attack.

Solution

Configure the network device to require a maximum number of unsuccessful SSH logon attempts at 3.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Network_Infrastructure_Router_L3_Switch_V8R27_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-7, CAT|II, CSCv6|16.7, Rule-ID|SV-28745r2_rule, STIG-ID|NET1646, Vuln-ID|V-5613

Plugin: Juniper

Control ID: 96e84568169c82c779947925e8f40d80d2111c9db90b26f85bc034128f3ece01