Cisco Password Retry Lockout
If you want to put a limit on the number of times a Cisco user can attempt to authenticate you need to enable a failed login lockout system. By default, there is no limit to how long they can try incorrectly but the ability to enable a retry lockout system is built into the current Cisco IOS.
A failed login lockout is important because any users that have been granted privilege level 15 (the highest set of security rights) are not typically locked out. After enabling this feature, even these privileged user accounts are locked out if they exceed their login attempts. The number of privileged users you have should always be kept to a minimum.
After locked out, these accounts are locked until you manually unlock them. To enable this, you simply need to change the Authentication, Authorization, and Accounting (AAA) authentication process to use the new version AAA authentication (which supports account lockout) that Cisco cleverly calls new-model. Do not worry, even though you change AAA authentication process, you can still specify that users will be authenticated locally and not via the AAA server, as shown in the following set of commands:
Router1#enable
Password:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#aaa new-model
Router1(config)#aaa local authentication attempts max-fail 5
Router1(config)#aaa authentication login default local
Router1(config)#end
If an account is locked out, you can use the following command in Privileged EXEC mode to unlock an account, as in the following example. This command can apply a specific user or all.
clear aaa local user lockout username etetz
The counter is never reset, so if you have several failed logins over a few days, reset the counter with a command specifying all accounts, or just yours. Here is the command to issue in Privileged EXEC mode:
clear aaa local user fail-attempts username etetz
Cloud Computing Glossary
cloud computing
A networking solution in which everything — from computing power to computing infrastructure, applications, business processes to personal collaboration — is delivered as a service wherever and whenever you need.
Cloud Computing Glossary
cloud service
The delivery of software, infrastructure, or storage that has been packaged so it can be automated and delivered to customers in a consistent and repeatable manner.
Cloud Computing Glossary
deprovision
The release of cloud services that are no longer needed.
Cloud Computing Glossary
federating
Linking distributed resources together over the cloud.
Cloud Computing Glossary
hypervisor
An operating system that acts as a traffic cop, managing the various virtualization tasks in the cloud to ensure that they make things happen in an orderly manner.
Cloud Computing Glossary
multi-tenancy
The sharing of underlying resources by multiple companies over a cloud.
Cloud Computing Glossary
network attached store
Storage that has its own network address through which it is accessed by the network's workstation users. Acronym: NAS
Cloud Computing Glossary
service level agreement
A contract that stipulates the type of service you need from providers and what type of penalties would result from an unexpected business interruption. Acronym: SLA
Cloud Computing Glossary
solution stack
An integrated set of software that provides everything a developer needs to build an application.
Cloud Computing Glossary
storage area network
A storage systems that is flexible and scalable because it's available to multiple hosts at the same time. Acronym: SAN
Cloud Computing Glossary
vertical industry groups
Workgroups comprised of members from a particular industry such as technology and retail.
Cloud Computing Glossary
virtual memory
The portion of your hard drive that Windows uses to expand the available RAM
Cloud Computing Glossary
virtualization
Using computer resources to imitate other computer resources or whole computers to maximize performance and flexibility.
