Educause Security Discussion mailing list archives

Re: Brute force credentials protection

From: "Maud, Phil" <P.H.Maud () CRANFIELD AC UK>
Date: Tue, 5 Mar 2019 11:18:29 +0000

This makes interesting reading

https://ravingroo.com/295/active-directory-account-lockout-policy-threshold-counter-strong-password/

Regards

Phil Maud
Information Security Analyst
Information Services, Building 63 (IT) G7
E: P.H.Maud () cranfield ac uk
T: +44 (0) 1234 75 4879  


-----Original Message-----
From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Mike Dronen
Sent: 04 March 2019 20:04
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Brute force credentials protection

All - Looks like it's been a while since this topic has come up in the forum. I'm wondering how you protect against 
brute force password attempts, i.e. two-factor auth. In our environment we set an attribute in AD to lock the user 
account for a prescribed period of time after four failed attempts. This appears to work for us. Just wondering if 
there are other mechanisms just as good or better? Thanks.

Current thread:

Brute force credentials protection Mike Dronen (Mar 04)
- Re: Brute force credentials protection Maud, Phil (Mar 05)
  - Re: Brute force credentials protection Laverty, Patrick (Mar 05)
  - Re: Brute force credentials protection Dexter Caldwell (Mar 05)
- <Possible follow-ups>
- Re: Brute force credentials protection Mike Dronen (Mar 05)
  - Re: Brute force credentials protection randy (Mar 05)
    - Re: Brute force credentials protection Brad Judy (Mar 05)
    - Re: Brute force credentials protection Tom Horton (Mar 05)
    - Re: Brute force credentials protection Greg Williams (Mar 06)
    - Re: Brute force credentials protection Francisco Chavez (Mar 05)