Riskfort (CA Risk Authentication) Rule to limit logins based on Client IP Address
search cancel

Riskfort (CA Risk Authentication) Rule to limit logins based on Client IP Address

book

Article ID: 135619

calendar_today

Updated On:

Products

CA Advanced Authentication - Strong Authentication (AuthMinder / WebFort) CA Strong Authentication CA Risk Authentication CA Advanced Authentication

Issue/Introduction

Riskfort (CA Risk Authentication) server may be  bombarded with Risk Evaluate requests (during login)  from a specific Client IP address (possibly rogue) impacting the performance of Riskfort server. In such a situation there is a need  to cap the number of Risk Evaluate requests  that are possible to the back end Riskfort server in given time interval. 

Environment

Release : 9.1 (Applicable to all the supported releases)

Component : RiskMinder(Arcot RiskFort)

Cause

Denial of service due to repetitious Evaluate Risk requests from a specific Client IP address.  

Resolution

Note: The IP address block should happen at the Network Firewall level. Riskfort server will process any request it gets and provides an Advise. The below rule will only help to give Stepup when IP velocity threhold is reached, it will not block. To block the transaction the rule should be given the DENY advise rather INCREASEAUTH.

A Riskfort Rule to INCREASEAUTH when number of Evaluate Requests (Logins) from a specific IP exceeds a threshold.



Additional Information

None.