Configuring CAPTCHA for the Symantec Encryption Management Server Login page

book

Article ID: 170116

calendar_today

Updated On:

Products

Encryption Management Server

Issue/Introduction

Note: This article is applicable only to the administrators of Symantec Encryption Management Server 3.4.1 Maintenance Pack 2 or later. 

For enhanced security, administrators can configure Symantec Encryption Management Server to impose a maximum number of failed logon attempts to the server. Additionally, starting from the Symantec Encryption Management Server 3.4.1 Maintenance Pack 2 release, administrators can configure Symantec Encryption Management Server to display a CAPTCHA on the Login page after a certain number of failed logon attempts. This feature protects administrator accounts and Symantec Encryption Management Server against unauthorized access using the brute-force attack.

By default, CAPTCHA for failed logon attempts is enabled, and the number of failed logon attempts is set to three. For example, if repeated attempts are made to log on to the Symantec Encryption Management Server with incorrect passwords, a CAPTCHA is displayed automatically on the login screen after the third failed logon attempt. For every following attempt to log on, the displayed CAPTCHA letters must also be entered. Though the CAPTCHA is set to appear after three failed logon attempts by default, administrators can configure Symantec Encryption Management Server to modify the default values to meet their security requirements.

Resolution

To configure CAPTCHA for failed logon attempts

  1. Open the /etc/ovid/omf.properties file in edit mode.

  2. Set the value of the omf.admin.failed.attempts.before.captcha property to a number greater than zero. This value specifies the number of failed login attempts that must occur before the CAPTCHA is displayed.

Note: The default value of the omf.admin.failed.attempts.before.captcha property is set to 3. If the value of the omf.admin.failed.attempts.before.captcha property  is set to 0 (zero), CAPTCHA is always displayed on the Login page.

  1. Save the changes in the /etc/ovid/omf.properties file.

  2. (Optional) In a server cluster setup, run the following command to replicate the new settings on the other cluster members:

     /usr/bin/pgprepctl file /etc/ovid/omf.properties

  1. To apply the changes made, restart the Apache Tomcat service, run the following command on the server that you updated:

  pgpsysconf --restart tomcat