HPE Community
Operating System - HP-UX
1847362 Members
5508 Online
110264 Solutions
New Discussion

Re: what is the "good" number for "invalid logout attempts"

 
Hanry Zhou
Super Advisor

‎07-14-2008 10:20 AM

‎07-14-2008 10:20 AM

what is the "good" number for "invalid logout attempts"

In a Window based company, they are the policy of 10 times invalid logon attempts.

But, what I usually set on unix based environment is 3 times.

What is the good number, and any reasons for it?

Thanks,
none
0 Kudos
Reply
3 REPLIES 3
Patrick Wallek
Honored Contributor

‎07-14-2008 10:24 AM

‎07-14-2008 10:24 AM

Re: what is the "good" number for "invalid logout attempts"

>>What is the good number, and any reasons for it?

That can be entirely up to management. It could be defined as part of a corporate security policy.

At one job this was set to 5 on the Unix machines, but that was a management decision.
0 Kudos
Reply
Court Campbell
Honored Contributor

‎07-14-2008 10:33 AM

‎07-14-2008 10:33 AM

Re: what is the "good" number for "invalid logout attempts"

Not so low that is doesn't give the average user enough tries to remember their password. I would say 3-5.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎07-14-2008 07:28 PM

‎07-14-2008 07:28 PM

Re: what is the "good" number for "invalid logout attempts"

The highest security level would suggest 1 attempt. This also generates the highest number of calls to fix a locked account. Or change to 10 for a match to your company policy. The same PC users are logging onto the HP-UX system so consistency is more important. Use scripts to monitor lastb to look for potential attacks.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.