Account lockout policies can be implemented on Cisco equipment to prevent Brute-Force attacks. This tutorial will explain how to use login block-for command to block users if they exceed a certain number of incorrect login attempts. The login block-for command will block all telnet and SSH connections to that router if incorrect credentials are entered for a specified number of times.Continue Reading…
Linux password lockout policy
Linux password lockout policy can be configured using PAM (Pluggable Authentication Modules) to lock a user’s account temporarily if they attempt to bruteforce into an account by trying various password combinations. This configuration uses the pam_tally2.so module. Bruteforce hacking is a method to find a user’s password by trying to login with various password combinations. By having a password lockout policy such users can be locked out of their account if a certain number of incorrect passwords are entered. While trying this tutorial in your system make sure you have the file /lib/security/pam_tally2.so if it isn’t there trying this out will lock all user accounts even if you enter the correct password.Continue Reading…
