Organizations need to implement and maintain secure logon processes to ensure authorized users are authenticated prior to accessing networks, systems, or applications. This verifies the identity of users and associates the user with the actions they perform. Secure logon processes may also help reduce the likelihood of password compromise that may lead to security incidents or data breaches. Secure logon processes is the focus of pitfall #31 in my eBook, Security Program Pitfalls and Prescription to Avoid Them.
Access to your organization’s networks, systems, and applications should be controlled through a secure logon process that records unsuccessful and successful logon attempts. A limit of five (or less) consecutive invalid logon attempts by a user during a 15-minute time period should be implemented. Accounts should be locked after this threshold of failed logon attempts is reached.
Further, secure logon procedures should force a time delay of at least 30 minutes before additional logon attempts are permitted. If logon timeouts restrictions are not used, systems should reject any further attempts without specific assistance and re-authorization from an access administrator, such as unlocking the affected account.
It is highly encouraged to send failed logon alerts, along with other appropriate domain controller alerts, to personnel responsible for monitoring the networks of your organization. Failed logon attempts are going to happen. You may already be thinking, “especially on a Monday, or a Tuesday after a three-day weekend.” Security and IT personnel should partner together to define failed logon attempt baselines for your organization. This is important because an unusually high volume of failed logon attempts should be investigated immediately to ensure a denial of service, or other cyber-attack, is not actively being perpetrated against your organization.
To learn more about this pitfall, and 99 more, get my book: 100 Security Program Pitfalls and Prescriptions to Avoid Them (available on Amazon here). Or register for a demo of the ASECENT Security and Compliance Portal and get a free synopsis of the 100 Security Program Pitfalls eBook today.