Lockout users by username or IP

QuiteSmart
QuiteSmart Posts: 66  Ally Member
Zyxel Certified Network Administrator - Nebula Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - WLAN
in Security Ideas

Hello,

after reading another security idea I focused on how locking-out users with too much failed attempts really work.

Differently from my idea it does not lock the user while it lock its public IP

MY IDEA IS: add the choice in configure —> user group —> setting between locking by username provided and or by IP

this IMHO would be an advancement because:

  1. if you ban that it ip it might happen that you are banning even other users. scenario: 5 employees of the same company go to a conference, they need to connect to thei VPN, they all use the hotel's WiFi, the first users inserts the wrong password too many times, they are all stuck for 30 minuts (or the time set)
  2. an attacker can spoof it's IP every 5 attemps and apparently change it (via a vpn or whatever) and performe a brute force attack bypassing the lockout security settings

if one wants to be hyper protected i would leave the choice to block by IP and eventually by both

3
Up Down
3 votes

Active · Last Updated

Comments

  • Emanuele_ss
    Emanuele_ss Posts: 5  Freshman Member
    First Comment Friend Collector

    Right!
    Blocking the IP address could be a bad decision. There could be employers working at an external location and they would all be blocked.

  • Zyxel_Melen
    Zyxel_Melen Posts: 3,687  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @QuiteSmart

    Let me summarize this idea in short: You hope the "User Lockout Settings" not just block IP address, but also block the user/admin account that trying to login. Is it correct?

    Zyxel Melen


  • QuiteSmart
    QuiteSmart Posts: 66  Ally Member
    Zyxel Certified Network Administrator - Nebula Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - WLAN
    edited August 23

    Hello @Zyxel_Melen thank you for your interest in my idea.

    To be more precise not "also" but and/or that would be that the administrator can decide which behavior will occour when the threshold is reached:

    1. block the user for xx minutes (if the type user exists)
    2. block the IP for xx minutes
    3. block both user both ip for xx minutes

    PS it is interesting to understand what would happen if the user "Melen" is currently connected to the VPN and an attacker tries to connect using that exact user but with wrong passoword(scenario where on the firewall an user is allowed to connect more than once at a time): if in this case Malen is locked would this affect the real Malen user already connected? Because this can turn into a DoS scenario

  • Zyxel_Melen
    Zyxel_Melen Posts: 3,687  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Thanks for the detail information. @QuiteSmart

    We will monitor this idea's comments and votes for evaluation.

    Zyxel Melen


Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)