Manage failed login attempts
Repeated failed login attempts sometimes indicate that an intruder is attempting to access the storage system. You can take a number of steps to ensure that an intrusion does not take place.
How you will know that login attempts have failed
The Event Management System (EMS) notifies you about failed login attempts every hour. You can find a record of failed login attempts in the
What to do if repeated login attempts fail
In the short term, you can take a number of steps to prevent an intrusion:
Require that passwords be composed of a minimum number of uppercase characters, lowercase characters, special characters, and/or digits
Impose a delay after a failed login attempt
Limit the number of allowed failed login attempts, and lock out users after the specified number of failed attempts
Expire and lock out accounts that are inactive for a specified number of days
You can use the
security login role config modify command to perform these tasks.
Over the long term, you can take these additional steps:
security ssh modifycommand to limit the number of failed login attempts for all newly created SVMs.
Migrate existing MD5-algorithm accounts to the more secure SHA-512 algorithm by requiring users to change their passwords.