Manage failed login attempts in ONTAP
Repeated failed login attempts sometimes indicate that an intruder is attempting to access the storage system. You can take a number of steps to ensure that an intrusion does not take place.
How you will know that login attempts have failed
The Event Management System (EMS) notifies you about failed login attempts every hour. You can find a record of failed login attempts in the audit.log
file.
What to do if repeated login attempts fail
In the short term, you can take a number of steps to prevent an intrusion:
-
Require that passwords be composed of a minimum number of uppercase characters, lowercase characters, special characters, and/or digits
-
Impose a delay after a failed login attempt
-
Limit the number of allowed failed login attempts, and lock out users after the specified number of failed attempts
-
Expire and lock out accounts that are inactive for a specified number of days
You can use the security login role config modify
command to perform these tasks. Learn more about security login role config modify
in the ONTAP command reference.
Over the long term, you can take these additional steps:
-
Use the
security ssh modify
command to limit the number of failed login attempts for all newly created SVMs. Learn more aboutsecurity ssh modify
in the ONTAP command reference. -
Migrate existing MD5-algorithm accounts to the more secure SHA-512 algorithm by requiring users to change their passwords.