Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Limit web interface login attempts

Posted on 2011-09-02
8
Medium Priority
?
1,043 Views
Last Modified: 2012-05-12
due to SAS 70 audit requirements i must enforce an attempted login limit on my web interface, which runs on the same box as the secure gateway.   W2k3 on IIS6.  WI 4.0.  SG 3.0.  Get me pointed in the right direction?
0
Comment
Question by:alexsupertramp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 11

Expert Comment

by:KrAzY
ID: 36477096
Limit as in the amount of times they can log in in a certain amount of seconds/minutes or amount of login attempts and then lockout?  Does SAS have those limitations built in?  Usually you should look to your application to provide restrictions and not your Web Interface.
0
 
LVL 4

Author Comment

by:alexsupertramp
ID: 36479059
sorry, i wasn't specific enough: i need to limit the amount of incorrect login attempts at the web interface login.
0
 
LVL 11

Expert Comment

by:KrAzY
ID: 36479645
Does Active Directory "Login Attempts" satisfy this?
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 4

Author Comment

by:alexsupertramp
ID: 36491415
where is there a "login attempts" option in ad?
0
 
LVL 11

Accepted Solution

by:
KrAzY earned 1000 total points
ID: 36500465
0
 
LVL 4

Author Comment

by:alexsupertramp
ID: 36500624
Thanks, I found this yesterday, and it's good info, but from testing i've done i don't think it's effective at the web interface login level.  
0
 
LVL 24

Assisted Solution

by:Dirk Kotte
Dirk Kotte earned 1000 total points
ID: 36544622
for comliance we use two factor authentication fron aladdin / safenet.
this solution (safeword) has build-in attack logging and protection.
 
0
 
LVL 4

Author Closing Comment

by:alexsupertramp
ID: 36546015
Thanks for the valuable info.  Both solutions will be helpful.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question