Security - disabling / locking accounts

Security - disabling / locking accounts

Post by wdougla » Thu, 25 Nov 1999 04:00:00



Can anyone tell me what is the best way to monitor/disable invalid logins ?
VMS has a comprehensive system that denies access for a specified period
after a number of invalid attempts; NT disables accounts according to the
security policy. What is used in Solaris (2.6)??
 
 
 

Security - disabling / locking accounts

Post by Martin Hepwort » Fri, 26 Nov 1999 04:00:00



> Can anyone tell me what is the best way to monitor/disable invalid logins ?
> VMS has a comprehensive system that denies access for a specified period
> after a number of invalid attempts; NT disables accounts according to the
> security policy. What is used in Solaris (2.6)??

HI
most people I've seen do this with an extra piece of software from
RSA-Security called "Keon Unix Security manager". There's prob other
ways as well (maybe SOl8 can do this by default?)

Martin

 
 
 

Security - disabling / locking accounts

Post by J.D. Baldw » Wed, 01 Dec 1999 04:00:00




> Can anyone tell me what is the best way to monitor/disable invalid
> logins ?  VMS has a comprehensive system that denies access for a
> specified period after a number of invalid attempts; NT disables
> accounts according to the security policy. What is used in Solaris
> (2.6)??

Why would you build a denial-of-service attack right into your account
security scheme?  A malicious person could disrupt *all* of your users
with a simple expect script by simply repeating invalid login attempts
a few times for each one.  Then they're all screwed, and your help
desk people (or, God forbid, you) have to get them all back in
business, one by one.
--
 From the catapult of J.D. Baldwin  |+| "If anyone disagrees with anything I

 _|70|___:::)=}-  for PGP public    |+| retract it, but also to deny under
 \      /         key information.  |+| oath that I ever said it." --T. Lehrer
***~~~~-----------------------------------------------------------------------
 
 
 

Security - disabling / locking accounts

Post by Mark Wend » Wed, 01 Dec 1999 04:00:00


Actually, the VMS "denial of service" is pretty smart in the way it locks out the
users.  It determines where the attack is coming from and locks out the user from
that location.  You can also go to the console, log in as "system", and use a one
line command and unlock all the locked users.

Mark Wendt




> > Can anyone tell me what is the best way to monitor/disable invalid
> > logins ?  VMS has a comprehensive system that denies access for a
> > specified period after a number of invalid attempts; NT disables
> > accounts according to the security policy. What is used in Solaris
> > (2.6)??

> Why would you build a denial-of-service attack right into your account
> security scheme?  A malicious person could disrupt *all* of your users
> with a simple expect script by simply repeating invalid login attempts
> a few times for each one.  Then they're all screwed, and your help
> desk people (or, God forbid, you) have to get them all back in
> business, one by one.
> --
>  From the catapult of J.D. Baldwin  |+| "If anyone disagrees with anything I

>  _|70|___:::)=}-  for PGP public    |+| retract it, but also to deny under
>  \      /         key information.  |+| oath that I ever said it." --T. Lehrer
> ***~~~~-----------------------------------------------------------------------

 
 
 

1. Security: Disabling a user account after a number of login attempts

        Is anyone aware of a standard Solaris routine or script that can disable
a user account after some number of failed login attempts?  I would think
an
administrator could implement some type of script to check when a login
attempt has failed and then "lock-out" that user account but I'm not sure
how to do this.
        Any help and/or direction would be appreciated.

Ralph Gibson, III

2. home server hardware suggestions?

3. "Account is disabled" , C2 security

4. New or Revised TAs on websco, 960712

5. "Account id disabled -- See Account Adminstrator.

6. Remote printing limits?

7. Account is disabled -- see Account Administrator

8. Network Card

9. Help: Account is disabled -- see Account Administrator

10. /etc/account (was: Re: locked my root account...help !)

11. login tries before the account is disabled

12. How to disable password for a account in Solaris 2.3?

13. Newbie question: disable telnet access on an account?