I've been asked the following questions by our Cyber Security Team to make sure we are compliant with company policies and asked to provide evidence to support these statements.
I know that user logging shows when people have recently logged into Dataminer and that a user can set a logout timer within their own profiles but i can't seem to find anywhere that i can set a group policy in Dataminer for items 1. & 4. and struggling to find logs that show 2. & 3.
Does anyone have any ideas if these are at all possible and if so where i would find the logs showing all the login attempts whether they be successful or not?
Thanks
Dave
- Accounts are being locked or blocked for a period of time after a number of predefined unsuccessful log-on attempts.
Screenshot taken after a number of failed logon attempts which demonstrates that the account is locked or logon is temporarily blocked. (Alternatively report from compliance management system which demonstrates that the appropriate system setting is in place.) Confirmation that the number of allowed failed logon attempts until the account gets locked / the system gets blocked is aligned with the relevant policy.
2. Unsuccessful and successful attempts are being logged and security events are raised if a potential attempted or successful breach of log-on controls is detected.
3. Log files from the system showing the unsuccessful logon attempts and screenshot of the resulting security event.
4. Inactive sessions are being terminated or locked after a defined period of inactivity.
Screenshot showing terminated or locked session after a period of inactivity. (Alternatively report from compliance management system which demonstrates that the appropriate system setting is in place.) Confirmation that the timeout limit is aligned with the relevant policy.
To add to Ive's answer:
1. Besides the lockout policies in Windows or an external LDAP, DataMiner also provides a 'MaxConnectionAttempts' setting. DataMiner will refuse a particular client when exceeding this amount of connections in a specific timespan. For more information see MaxConnectionAttemptsCheck.
This cannot be configured through a group policy.
Note that the lowest setting will take priority, if your Windows lockout policy is set to 10 attempts and DataMiner is set to 5. DataMiner will block new attempts after the 5th attempt.
3. When the 'EnableFailedAuthenticationAttempts' setting is enabled, you can find failed authentication attempts in the history Information Events. You can also find these in the SLNet.txt logfile.
4. This is how the client looks after an automatic disconnect (I set it to 1 minute for testing purposes)
Thanks Jens for the added info. Much appreciated
Hi David – is your DataMiner System using Active Directory or maybe another LDAP compatible directory? Or are you running your DataMiner stand-alone? Because I believe this might be relevant in response to you questions. Integration with a directory is recommended, and in that case the actual authentication of the user itself is not done by DataMiner. Just checking what kind of environment / set-up you have.