Help Center/ Cloud Bastion Host/ User Guide (Kuala Lumpur Region)/ FAQs/ About CBH System Login/ Login Security Management/ How Do I Set a Security Lock for Logging In to the CBH System?
Updated on 2024-06-12 GMT+08:00

How Do I Set a Security Lock for Logging In to the CBH System?

Scenario

  • An account can be used to log in to CBH from different browsers on the same PC.
  • A user account cannot be used to log in to a CBH system from different device at the same time. If it does, the source IP address will be locked out.
  • A user account can only be used by a specific user for secure O&M.

Symptom

To secure CBH system, the source IP address or user account will be locked out after the number of consecutive invalid password attempts reached the configured upper limit.

Procedure

  1. Log in to the CBH system.
  2. Choose System > Sysconfig > Security and view the current configuration in the UserLock Config area.
  3. Click Edit in the UserLock Config area.
  4. Set parameters as required. For details about the parameters, see Table 1.

    Table 1 Parameters for configuring lockout parameters

    Parameter

    Description

    Lock

    You can select User or Source IP.

    • If you select User, the user account will be locked after the number of consecutive incorrect password attempts exceeds the configured threshold.
    • If you select Source IP, the local source IP address of the user is locked and the IP addresses in the same network segment in the LAN are locked after the number of consecutive invalid password attempts exceeds the configured threshold.

    Password attempt

    Threshold on consecutive invalid password attempts for all users to log in to a CBH system

    Lock duration

    Duration for locking out a user after the number of consecutive incorrect password attempts exceeds the configured threshold, in minutes.

    • The default value is 30 minutes.
    • The value of 0 indicates that the account or source IP address will be locked out until an administrator unlock it manually.

    Count reset duration

    Amount of the time the account or source IP address will remain locked out after the consecutive incorrect password attempts exceeds the configured threshold

  5. Click OK.