Manage failed login attempts
Repeated failed login attempts sometimes indicate that an intruder is attempting to access the storage system. You can take a number of steps to ensure that an intrusion does not take place.
How you will know that login attempts have failed
The Event Management System (EMS) notifies you about failed login attempts every hour. You can find a record of failed login attempts in the audit.log
file.
What to do if repeated login attempts fail
In the short term, you can take a number of steps to prevent an intrusion:
-
Require that passwords be composed of a minimum number of uppercase characters, lowercase characters, special characters, and/or digits
-
Impose a delay after a failed login attempt
-
Limit the number of allowed failed login attempts, and lock out users after the specified number of failed attempts
-
Expire and lock out accounts that are inactive for a specified number of days
You can use the security login role config modify
command to perform these tasks.
Over the long term, you can take these additional steps:
-
Use the
security ssh modify
command to limit the number of failed login attempts for all newly created SVMs. -
Migrate existing MD5-algorithm accounts to the more secure SHA-512 algorithm by requiring users to change their passwords.