|
Intruder Detection Overview "Intruder Detection" is a security component of
Netware that is used to deter and stop unauthorized access to user
accounts. The basis of it is to keep track of
how many incorrect login attempts are made for a certain user account.
If a "wrong" password is given, it counts as one
strike. When a user
keeps entering the wrong password, when enabled, Intruder Detection
will lock the account to further access attempts.
The configuration of Intruder Detection is simple,
only takes a few easy steps to implement, and you only need to understand
a few basic principles. These concepts are explained in detail below.
Additionally, step by step pictorial instructions are included to guide
you through the process the first time.
Configurable Options
The following options are available to detect and lockout intruders:
Detect Intruders
This option is what enables Intruder Detection.
As a rule, it needs to be done for every container in the tree. Note:
This alone does not lock out intruders, it only detects them. (To
actually lock
the accounts, see further options below).
Recommended Setting: ON (Checked)
Incorrect login
attempts
The number of wrong password attempts, within the set interval (next
item), before the account is locked. For example, if the setting
is 5, the account will be locked when the number of incorrect login
attempts reach 5. Note that the number of incorrect logins is only
accumulated for the time period specified (see next item).
Recommended Setting: 5
|
|
Intruder Attempt Reset Interval
This setting is a key component of the intruder detection system. It is used
in conjunction with the "Incorrect Login Attempts" to determine if
an account should be locked. If the number of "incorrect login attempts" occur
within the specified "Intruder Attempt Reset Interval", the account
will lock. It determines the time frame for which to keep track of attempted
logins. It can be set by day, hour, and minute or any combination.
For Example, if this item is set to 30 minutes,
and the "Incorrect Login Attempts" is set to 5, the account will
lock if 5 bad attempts occur in 30 minutes. However, if 4 attempts occur,
and then an hour later 4 more occur, and then an hour later 4 more occur,
and the pattern continues, the account will never lock because it does
not meet the criteria specified. Keep that in mind when determining the
best settings for your environment.
Recommended Setting: 30 Minutes
Lock Account After Detection
This setting must be checked (enabled) in order to lock accounts
after an intruder attempt is detected. Additionally, the time period
should be set to determine
how long the account will remain in "locked" status.
Recommended Setting: ON (Checked)
Recommended Time Setting: 1 Hour
For additional guidelines and general
rules of thumb, click on the "Guidelines" page.
If you have any questions about Intruder Detection
or any other network related issue, please call
or send an email. |
