cancel
Showing results for 
Search instead for 
Did you mean: 

LGI_BRK_LIM

 
SOLVED
Go to solution
Wim Van den Wyngaert
Honored Contributor

LGI_BRK_LIM

I have VMS 7.3 with LGI_BRK_LIM on 5. Freshly booted.

From 1 decterm I do 5 T2T logins with the wrong password (user SYSTEM). The 6th login is with the correct password. And it works.

Shouldn't the value of 5 prevent that the 6th login is working ?

The 7th login is done with an invalid password and after that I really have an intruder (with show intr) and the login with the correct password fails.

What did I miss ?

Wim
Wim
4 REPLIES 4
EdgarZamora_1
Respected Contributor

Re: LGI_BRK_LIM

I had tested this last year due to auditors asking and from my experience the breakin evasion kicks in after n+1 failures, where n is the value of LGI_BRK_LIM (subject to the other parameters, of course).
Wim Van den Wyngaert
Honored Contributor

Re: LGI_BRK_LIM

Edgar : OK but where is this documented ?
I find an example in the security guide where they explain that it is done at N, not N+1.

Wim
Wim
EdgarZamora_1
Respected Contributor
Solution

Re: LGI_BRK_LIM

You have to exceed the limit. This is from the security guide:

"In other words, suspects become intruders by
exceeding their allowed chances for login during the monitoring period.

The chance count, set by the system parameter LGI_BRK_LIM, defines how many times a person can try logging in; the standard limit is five times."
Wim Van den Wyngaert
Honored Contributor

Re: LGI_BRK_LIM

Think I found it.

Someone can reconnect and reattempt login as long as the break-in limit (LGI_BRK_LIM) has not been exceeded during the monitoring period.

Exceeded means >N thus = N+1.

Wim
Wim