Mailinglist Archive: opensuse-security (232 mails)

< Previous Next >
Re: [suse-security] account lockout after x incorrect attempts???
  • From: ken <gebser@xxxxxxxxxxxxx>
  • Date: Wed, 5 Oct 2005 15:29:49 -0400
  • Message-id: <20051005152949.78ef15b3@xxxxxxxxxxxxxxxxxxx>
On Wed, 5 Oct 2005 08:34:06 -0400
Baenen Eric P Contr AFRL/HEC <Eric.Baenen@xxxxxxxxxxxx> wrote:

> Hello,
>
> We have a number of SUSE 9.x workstations - and recently we've been
> mandated to have them adhere to a corporate IT security policy that
> requires account lockout after a certain number of incorrect login
> attempts.
>
> ....

Look for this under Bone-Headed Security.

Imagine this policy is successfully implemented. Then *anyone* could
lock anyone else out of their account (aka a DOS) simply by trying to
log into it. This policy opens the door to all kinds of mischief. It
would even worse if it's going to be used to log in from the internet.
Then you might as well give Al Qaida an on/off switch to your email
system.


hth,
korporal ken, civilian

--
A lot of us are working harder than we want, at things we don't like to
do. Why? ...In order to afford the sort of existence we don't care to
live.
-- Bradford Angier

< Previous Next >