Protecting local accounts against brute force attacks

Protecting local accounts against brute force attacks

Overview

Externally managed accounts (SAML or Windows authentication) are already protected against brute force attacks by the mechanisms of each identity provider.

To protect local accounts against brute force attacks, a local account is blocked for fifteen minutes after five failed login attempts by default. Configure the blocking period and maximum number of failed login attempts in the Portal.

Setting the maximum login attempts and blocking period

To set the maximum number of failed login attempts and the blocking period of local accounts:

  1. Log in to the CLI of the Portal appliance.
  2. Optional: If the Portal has no configuration file yet, that is, if portal.conf does not exist in folder /var/nexthink/portal/conf, create it by copying the defaults from the sample configuration file:
    sudo -u nxportal cp /var/nexthink/portal/conf/portal.conf.sample \
    /var/nexthink/portal/conf/portal.conf
  3. Edit the Portal configuration file:
    sudo vi /var/nexthink/portal/conf/portal.conf
  4. Press G to go to the end of the file.
  5. Press o to insert a new line.
  6. Type in the following line to configure the maximum number of failed login attempts before blocking the local account. For example, to specify the default of 5 times:
    globalconfig.portal.user.max-consecutive-failed-logins = 5
  7. Type in the following line to configure the blocking period. For example, to specify the default of 15 minutes:
    globalconfig.portal.user.lock-account-duration = 15m
  8. Press Esc to stop editing.
  9. Save your changes and exit by typing:
    :wq
  10. Restart the Portal to apply your settings:
    sudo systemctl restart nxportal

Central administrators can see the blocked local accounts and the time until they are blocked in the Portal, by opening the dashboard Accounts under ADMINSTRATION - ACCOUNT MANAGEMENT.

Related tasks