--> In order to prevent from Denial of Service (DoS), Distributed Denial of Service (DDoS) from the same IP address, You can configure Lockout options to protect the Secure Access (SA).
--> Juniper SA blocks the IP address of the user who is trying to perform Denial of Service (DoS), Distributed Denial of Service (DDoS) or Password Guessing Attacks.
--> Juniper SA does not block the User Account, it simply blocks the IP Address of the User.
--> If you try to login with another username via the same IP address (or computer) during the lockout period, it will also not be able to authenticate; until the lockout is over.
--> The terms that are used in the Lockout Options Settings are as follows:
Rate: Specify the number of failed sign-in attempts to allow per minute.
Attempts: Specify the maximum number of failed sign-in attempts to be allowed, before triggering the initial lockout.
Lockout period: Specify the number of minutes that you want the SA to lock out the IP address.
Ex:
Rate: 3 (attempts per minute)
Attempts: 180
Duration: 2 (duration of lockout in minutes)
--> The SA determines the maximum initial period of time (in minutes) to allow the failed sign-in attempts to occur by dividing the specified number of attempts by the rate.
--> For example, 180 attempts divided by a rate of 3 results for an initial period of 60 minutes.
--> If 180 or more failed sign-in attempts occur within 60 minutes or less, the SA locks out the IP address being used for the failed sign-in attempt.
--> After the 2 minute lockout period has expired, the IP address is unlocked and users are again allowed to login from that IP address.
--> For the next 60 minutes, the determining factor for the next lockout is only the rate (3 attempts/minute) that is configured above.
--> Juniper SA blocks the IP address of the user who is trying to perform Denial of Service (DoS), Distributed Denial of Service (DDoS) or Password Guessing Attacks.
--> Juniper SA does not block the User Account, it simply blocks the IP Address of the User.
--> If you try to login with another username via the same IP address (or computer) during the lockout period, it will also not be able to authenticate; until the lockout is over.
--> The terms that are used in the Lockout Options Settings are as follows:
Rate: Specify the number of failed sign-in attempts to allow per minute.
Attempts: Specify the maximum number of failed sign-in attempts to be allowed, before triggering the initial lockout.
Lockout period: Specify the number of minutes that you want the SA to lock out the IP address.
Ex:
Rate: 3 (attempts per minute)
Attempts: 180
Duration: 2 (duration of lockout in minutes)
--> The SA determines the maximum initial period of time (in minutes) to allow the failed sign-in attempts to occur by dividing the specified number of attempts by the rate.
--> For example, 180 attempts divided by a rate of 3 results for an initial period of 60 minutes.
--> If 180 or more failed sign-in attempts occur within 60 minutes or less, the SA locks out the IP address being used for the failed sign-in attempt.
--> After the 2 minute lockout period has expired, the IP address is unlocked and users are again allowed to login from that IP address.
--> For the next 60 minutes, the determining factor for the next lockout is only the rate (3 attempts/minute) that is configured above.
No comments:
Post a Comment