How To Manage Automated User Lockout or Console Login Brute Force Prevention
Article ID: 286590
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
- To manage settings that control how Console Users are locked out due to multiple failed attempts.
- Configure built-in prevention for brute force attacks
Environment
- App Control Console: All Supported Versions
Resolution
- Log in to the application server hosting the Console as the Carbon Black Service Account.
- If an Agent is installed, temporarily disable Tamper Protection.
- Stop the App Control Server service.
- Make a backup of the following file:
C:\Program Files (x86)\Bit9\Parity Console\WebUI\include\parity.ini
- Open the file in a text editor, and adjust the [Login] section of the original file accordingly:
- ipLockoutCountLength: Maximum number of failed attempts allowed during the ipLockoutThreshold, next attempt restricts IP Address
- ipLockoutThreshold: Number in seconds for the ipLockoutCountLength attempts
- ipLockoutLength: Time in seconds to restrict access based on IP Address
- nameLockoutCountLimit: Maximum number of failed attempts allowed during the nameLockoutThreshold, next attempt restricts account username
- nameLockoutThreshold: Number in seconds for the nameLockoutCountLimit attempts
- nameLockoutLength: Time in seconds to restrict access based on username
- Save the changes and start the App Control Server service.
Additional Information
- Currently there is no way to remove the restriction on an IP Address or username before the Lockout Length is reached
- Currently there is no way in the Console to know that an account was restricted
- Restricted account messages are logged in the C:\Program Files (x86)\Bit9\Parity Console\WebUI\Logs\php_errors.log file, example:
[30-Nov-2023 00:17:54 UTC] IP Address locked out: 192.168.0.100 [30-Nov-2023 00:17:54 UTC] Username locked out: AwesomeAdmin
Feedback
Yes
No
Powered by
