| 
| Intruder Detection Overview |
|
Intruder Detection Overview
"Intruder Detection" is a security component of Netware that is used to deter and stop unauthorized access to user accounts. The basis of it is to keep track of how many incorrect login attempts are made for a certain user account. If a "wrong" password is given, it counts as one strike. When a user keeps entering the wrong password, when enabled, Intruder Detection will lock the account to further access attempts.
The configuration of Intruder Detection is simple, only takes a few easy steps to implement, and you only need to understand a few basic principles. These concepts are explained in detail below. Additionally, step by step pictorial instructions are included to guide you through the process the first time.
Configurable Options
Configuring Intruder Detection is done on a container basis and can be performed in either NetWare Administrator or Console One. Click here for a step by step tutorial. The following options are available to detect and lockout intruders:
Detect Intruders
This option is what enables Intruder Detection. As a rule, it needs to be done for every container in the tree. Note: This alone does not lock out intruders, it only detects them. (To actually lock the accounts, see further options below).
Recommended Setting: ON (Checked)
Incorrect login attempts
The number of wrong password attempts, within the set interval (next item), before the account is locked. For example, if the setting is 5, the account will be locked when the number of incorrect login attempts reach 5. Note that the number of incorrect logins is only accumulated for the time period specified (see next item).
Recommended Setting: 5
Intruder Attempt Reset Interval
This setting is a key component of the intruder detection system. It is used in conjunction with the "Incorrect Login Attempts" to determine if an account should be locked. If the number of "incorrect login attempts" occur within the specified "Intruder Attempt Reset Interval", the account will lock. It determines the time frame for which to keep track of attempted logins. It can be set by day, hour, and minute or any combination.
For Example, if this item is set to 30 minutes, and the "Incorrect Login Attempts" is set to 5, the account will lock if 5 bad attempts occur in 30 minutes. However, if 4 attempts occur, and then an hour later 4 more occur, and then an hour later 4 more occur, and the pattern continues, the account will never lock because it does not meet the criteria specified. Keep that in mind when determining the best settings for your environment.
Recommended Setting: 30 Minutes
Lock Account After Detection
This setting must be checked (enabled) in order to lock accounts after an intruder attempt is detected. Additionally, the time period should be set to determine how long the account will remain in "locked" status.
Recommended Setting: ON (Checked)
Recommended Time Setting: 1 Hour |
