I've been asked the following questions by our Cyber Security Team to make sure we are compliant with company policies and asked to provide evidence to support these statements.
I know that user logging shows when people have recently logged into Dataminer and that a user can set a logout timer within their own profiles but i can't seem to find anywhere that i can set a group policy in Dataminer for items 1. & 4. and struggling to find logs that show 2. & 3.
Does anyone have any ideas if these are at all possible and if so where i would find the logs showing all the login attempts whether they be successful or not?
Thanks
Dave
- Accounts are being locked or blocked for a period of time after a number of predefined unsuccessful log-on attempts.
Screenshot taken after a number of failed logon attempts which demonstrates that the account is locked or logon is temporarily blocked. (Alternatively report from compliance management system which demonstrates that the appropriate system setting is in place.) Confirmation that the number of allowed failed logon attempts until the account gets locked / the system gets blocked is aligned with the relevant policy.
2. Unsuccessful and successful attempts are being logged and security events are raised if a potential attempted or successful breach of log-on controls is detected.
3. Log files from the system showing the unsuccessful logon attempts and screenshot of the resulting security event.
4. Inactive sessions are being terminated or locked after a defined period of inactivity.
Screenshot showing terminated or locked session after a period of inactivity. (Alternatively report from compliance management system which demonstrates that the appropriate system setting is in place.) Confirmation that the timeout limit is aligned with the relevant policy.
Hi David,
- Account's get locked after unsuccessful login attempts:As mentioned by Ben, if you authenticate users through an active directory (or LDAP), then these settings get managed by the LDAP server.
In case you use DataMiner users, the security policy settings will be taken from the Windows server settings, as defined in secpol.msc.
- Logs of successful and unsuccessful login attemptsSuccessful and unsuccessful login attempts are stored in the information events in the DataMiner system.
Prior to DataMiner version 10.1.8 DataMiner doesn't log failed authentication attempts (by default). However, this can be activated.
More information on how to set this up can be found under the "Configuration of DataMiner processes" section in the help.The file that needs to be updated is "C:\Skyline DataMiner\MaintenanceSettings.xml", where the highlighted line needs to be added.
- Log files showing unsuccessful login attempts.It's advised to consult the information events rather than the log files.
- Inactive sessions are being terminated.Through the user settings, you can define the time after which inactive sessions get disconnected.
More info can be found under the user settings section in the dataminer help.
Hi Ive.
Thanks so much for that info. I’ve managed to get everything sorted using your guide apart from the SLNet bit for the MaintenanceSettings as i’m now trying to find where that file is to edit it.
If you could point me in the right direction that would be tremendous.
Kind regards
Dave
Hi David,
I’ve added the filepath and an example file with the correct change in the answer above.
Please note that a server restart will be required after you updated the maintenance.xml file.
Hi David – is your DataMiner System using Active Directory or maybe another LDAP compatible directory? Or are you running your DataMiner stand-alone? Because I believe this might be relevant in response to you questions. Integration with a directory is recommended, and in that case the actual authentication of the user itself is not done by DataMiner. Just checking what kind of environment / set-up you have.