When you put in place remote access (VPN) and you validate the username/password against an internal directory (like Active Directory), how do you prevent a malicious user from locking user accounts from the outside?
If a malicious user tries different passwords for a username either on the SSL VPN webpage or by using the endpoint VPN client, eventually the account will be locked/disabled in the internal directory.
We can then imagine someone doing a DoS attack for all the users in the organization.
P.S. I'm interested in a solution for a setup running R80.10