Solved

Limit web interface login attempts

Posted on 2011-09-02
8
1,042 Views
Last Modified: 2012-05-12
due to SAS 70 audit requirements i must enforce an attempted login limit on my web interface, which runs on the same box as the secure gateway.   W2k3 on IIS6.  WI 4.0.  SG 3.0.  Get me pointed in the right direction?
0
Comment
Question by:alexsupertramp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 11

Expert Comment

by:KrAzY
ID: 36477096
Limit as in the amount of times they can log in in a certain amount of seconds/minutes or amount of login attempts and then lockout?  Does SAS have those limitations built in?  Usually you should look to your application to provide restrictions and not your Web Interface.
0
 
LVL 4

Author Comment

by:alexsupertramp
ID: 36479059
sorry, i wasn't specific enough: i need to limit the amount of incorrect login attempts at the web interface login.
0
 
LVL 11

Expert Comment

by:KrAzY
ID: 36479645
Does Active Directory "Login Attempts" satisfy this?
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 4

Author Comment

by:alexsupertramp
ID: 36491415
where is there a "login attempts" option in ad?
0
 
LVL 11

Accepted Solution

by:
KrAzY earned 250 total points
ID: 36500465
0
 
LVL 4

Author Comment

by:alexsupertramp
ID: 36500624
Thanks, I found this yesterday, and it's good info, but from testing i've done i don't think it's effective at the web interface login level.  
0
 
LVL 24

Assisted Solution

by:Dirk Kotte
Dirk Kotte earned 250 total points
ID: 36544622
for comliance we use two factor authentication fron aladdin / safenet.
this solution (safeword) has build-in attack logging and protection.
 
0
 
LVL 4

Author Closing Comment

by:alexsupertramp
ID: 36546015
Thanks for the valuable info.  Both solutions will be helpful.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question