How Do I Set a Security Lock for Logging In to the CBH System?

Scenario

• An account can be used to log in to CBH from different browsers on the same PC.
• A user account cannot be used to log in to a CBH system from different device at the same time. If it does, the source IP address will be locked out.
• A user account can only be used by a specific user for secure O&M.

Symptom

To secure CBH system, the source IP address or user account will be locked out after the number of consecutive invalid password attempts reached the configured upper limit.

Procedure

1. Log in to the CBH system.
2. Choose System > Sysconfig> Security and view the current configuration in the UserLock Config area.
   Figure 1 User lockout configuration
   

3. Click Edit in the UserLock Config area.
   Figure 2 Configuring lockout parameters
   

4. Set parameters as required. For details about the parameters, see Table 1.

   Table 1 Parameters for configuring lockout parameters

   Parameter	Description
   Lock	You can select User or Source IP. If you select User, the user account will be locked after the number of consecutive incorrect password attempts exceeds the configured threshold. If you select Source IP, the local source IP address of the user is locked and the IP addresses in the same network segment in the LAN are locked after the number of consecutive invalid password attempts exceeds the configured threshold.
   Password attempt	Threshold on consecutive invalid password attempts for all users to log in to a CBH system
   Lock duration	Duration for locking out a user after the number of consecutive incorrect password attempts exceeds the configured threshold, in minutes. The default value is 30 minutes. The value of 0 indicates that the account or source IP address will be locked out until an administrator unlock it manually.
   Count reset duration	Amount of the time the account or source IP address will remain locked out after the consecutive incorrect password attempts exceeds the configured threshold

5. Click OK.