General IAUG Discussion Forum

 View Only
  • 1.  Communication Profile Password Lockout

    Posted 07-22-2021 10:48 AM

    Has anyone been able to set a password lockout policy for the Communication Profile password? 

    Thanks,
    Rachel



    ------------------------------
    Rachel Norton
    Comp System Engineer
    Lawrence Berkeley National Laboratory
    Berkeley CA
    ------------------------------


  • 2.  RE: Communication Profile Password Lockout

    Posted 07-23-2021 05:12 PM
    Rachel,
    Are you trying to lock a SIP user account when there are excessive invalid login attempts?


    ------------------------------
    Tom Lynn
    Forum Moderator
    Principal Engineer
    Nordstrom, Inc.
    Seattle
    ------------------------------



  • 3.  RE: Communication Profile Password Lockout

    Posted 07-23-2021 05:17 PM
    Yes.  We haven't been able to find a password lockout for invalid attempts.

    ------------------------------
    Rachel Norton
    Comp System Engineer
    Lawrence Berkeley National Laboratory
    Berkeley CA
    ------------------------------



  • 4.  RE: Communication Profile Password Lockout

    Posted 07-23-2021 06:13 PM
    If this is because you have people attempting to brute-force login then you should look at the Session Manager SIP Firewall rules found under: Elements -> Session Manager -> Network Configuration -> SIP Firewall.
    You set rules that will Permit / Drop / Rate-Limit or Rate-block messages when the rule is matched.  In this way you can stop or slow down an attacker without necessarily locking out your user.
    See: https://downloads.avaya.com/css/P8/documents/100068130 for more.  Discussion on the firewall begins on page 15



    ------------------------------
    Tom Lynn
    Forum Moderator
    Principal Engineer
    Nordstrom, Inc.
    Seattle
    ------------------------------



  • 5.  RE: Communication Profile Password Lockout

    Posted 07-26-2021 03:47 PM
    Thank you for this information.  I have reached out to our Avaya support team to look into this.  We currently have no sip firewall rules.

    ------------------------------
    Rachel Norton
    Comp System Engineer
    Lawrence Berkeley National Laboratory
    Berkeley CA
    ------------------------------