topic Re: LGI_BRK_LIM in Operating System - OpenVMS

LGI_BRK_LIM

Wim Van den Wyngaert — Mon, 17 Dec 2007 14:28:24 GMT

I have VMS 7.3 with LGI_BRK_LIM on 5. Freshly booted.

From 1 decterm I do 5 T2T logins with the wrong password (user SYSTEM). The 6th login is with the correct password. And it works.

Shouldn't the value of 5 prevent that the 6th login is working ?

The 7th login is done with an invalid password and after that I really have an intruder (with show intr) and the login with the correct password fails.

What did I miss ?

Wim

Re: LGI_BRK_LIM

EdgarZamora_1 — Mon, 17 Dec 2007 14:44:54 GMT

I had tested this last year due to auditors asking and from my experience the breakin evasion kicks in after n+1 failures, where n is the value of LGI_BRK_LIM (subject to the other parameters, of course).

Re: LGI_BRK_LIM

Wim Van den Wyngaert — Mon, 17 Dec 2007 14:49:06 GMT

Edgar : OK but where is this documented ?
I find an example in the security guide where they explain that it is done at N, not N+1.

Wim

Re: LGI_BRK_LIM

EdgarZamora_1 — Mon, 17 Dec 2007 14:57:32 GMT

You have to exceed the limit. This is from the security guide:

"In other words, suspects become intruders by
exceeding their allowed chances for login during the monitoring period.

The chance count, set by the system parameter LGI_BRK_LIM, defines how many times a person can try logging in; the standard limit is five times."

Re: LGI_BRK_LIM

Wim Van den Wyngaert — Mon, 17 Dec 2007 14:58:21 GMT

Think I found it.

Someone can reconnect and reattempt login as long as the break-in limit (LGI_BRK_LIM) has not been exceeded during the monitoring period.

Exceeded means >N thus = N+1.

Wim