I have to set up a server that will allow remote logins. Obviously security is an issue. In this first pass we are discussing:-
Locking a person for 15 minutes if they fail to login correctly three times in succession over a five minute period.
Locking them out totally and making them reset their password if they fail to login correctly, say, a dozen times in succession in any one 24 hour period.
Are there any guidelines or best practices around? A search on the Internet suggests that there is a lack of guidelines on this.
Aucun commentaire:
Enregistrer un commentaire