1.3 Account Anti-riot Attack

Information

Some tools exist on the Internet, which specifically attack the management-plane protocol accounts of the system and frequently attempt accounts to attack devices so as to obtain accounts. Therefore, the system should be able to reject all remote login requests in a blocking manner when it is found that repeated remote login attempts fail for a certain number of consecutive times by monitoring the system account authentication. At this time, only IP requests from whitelisted users are allowed to be responded). This blocking can last for a period of time, so as to achieve the purpose of timely cutting off brute-force cracking attempts and protecting the CPU processing capability of the management plane.

Solution

Configuring the number of failures and locking time by running the following commands:

ZXR10 (config)#system-user
ZXR10 (config-system-user)#user-authen-restriction fail-time 3 lock-minute 2

See Also

https://support.zte.com.cn/support/doccenter/DocumentProductHandBookDetail.aspx?sid=102&id=30768582&type=docfeedback

Item Details

Audit Name: Tenable ZTE ROSNG

Category: ACCESS CONTROL

References: 800-53|AC-7

Plugin: ZTE_ROSNG

Control ID: 2834afdfb1cead902c11ab990bd45a6ddc71f71ab48ab8c3563c0f326e6c904c