Manage failed login attempts

Contributors

Repeated failed login attempts sometimes indicate that an intruder is attempting to access the storage system. You can take a number of steps to ensure that an intrusion does not take place.

How you will know that login attempts have failed

The Event Management System (EMS) notifies you about failed login attempts every hour. You can find a record of failed login attempts in the audit.log file.

What to do if repeated login attempts fail

In the short term, you can take a number of steps to prevent an intrusion:

  • Require that passwords be composed of a minimum number of uppercase characters, lowercase characters, special characters, and/or digits

  • Impose a delay after a failed login attempt

  • Limit the number of allowed failed login attempts, and lock out users after the specified number of failed attempts

  • Expire and lock out accounts that are inactive for a specified number of days

You can use the security login role config modify command to perform these tasks.

Over the long term, you can take these additional steps:

  • Use the security ssh modify command to limit the number of failed login attempts for all newly created SVMs.

  • Migrate existing MD5-algorithm accounts to the more secure SHA-512 algorithm by requiring users to change their passwords.