Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1630
Views
0
Helpful
3
Replies

FireSIGHT/SourceFire User Lockout Duration Configuration?

Go to solution
richard.feldmann1
Level 1
Level 1

‎06-21-2016 09:39 AM - edited ‎03-10-2019 06:38 AM

Hello All,

I have been digging through documentation for 5.3 and 5.4 and I cannot locate any information for what the account lockout duration is for when a user fails the number of logins set for the Maximum Number of Failed Logins value in a user account. Is there any official documentation anywhere for this (and where in the audit or raw logs does it show a lockout)? I have a customer going through a PCI DSS audit and the auditor is demanding this information. As an aside, it appears that the default admin account cannot be disabled (the Installation Guide says it cannot be deleted, but can it be disabled via CLI)?

Appreciate any assistance you can provide.

Thanks,

Richard

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jetsy Mathew
Cisco Employee
Cisco Employee
In response to richard.feldmann1

‎06-23-2016 08:04 AM

Hello Richard,

External authentication would be the only way of getting the restricting password re-use .

For getting locked out, you have to enable STIG this will enable account lockouts, other than that there is no way to do it without STIG.

I will open an enhancement bug for your request to add this feature in the roadmap.

Rate and correct  if my post helps you .

Regards

Jetsy 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jetsy Mathew
Cisco Employee
Cisco Employee

‎06-21-2016 10:59 PM

Hello Richard,

Could you verify the User Preferences in the User Management option in the Firesight GUI .

You can find it under System > Local > User Management > Users 

Regards

jetsy 

0 Helpful

Go to solution
richard.feldmann1
Level 1
Level 1
In response to Jetsy Mathew

‎06-22-2016 06:20 AM

Hello Jetsy,

Thank you for your reply. I am looking at a 5.3 Defense Center now and there is no "lockout duration" setting in the User Configuration or System Policy areas. I am attaching a screenshot of what I'm seeing. Also, I do not see an option anywhere for restricting password reuse (cannot use last 5 passwords, for example). Are such options only available when using External Authentication (all our users are currently Local) -- or not at all? Unfortunately as part of this audit that our customer is going through I have to provide vendor documentation for these options and many others and there are so many that I cannot locate in the User Guide or Installation Guide, or by searching the forums and Google, etc.

Preview file
45 KB
0 Helpful

Go to solution
Jetsy Mathew
Cisco Employee
Cisco Employee
In response to richard.feldmann1

‎06-23-2016 08:04 AM

Hello Richard,

External authentication would be the only way of getting the restricting password re-use .

For getting locked out, you have to enable STIG this will enable account lockouts, other than that there is no way to do it without STIG.

I will open an enhancement bug for your request to add this feature in the roadmap.

Rate and correct  if my post helps you .

Regards

Jetsy 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card