AnsweredAssumed Answered

How do you prevent user accounts from being locked when using Remote Access VPN?

Question asked by Louis Poulin on Feb 7, 2018
Latest reply on Feb 18, 2018 by rajendra bandili

When you put in place remote access (VPN) and you validate the username/password against an internal directory (like Active Directory), how do you prevent a malicious user from locking user accounts from the outside?


If a malicious user tries different passwords for a username either on the SSL VPN webpage or by using the endpoint VPN client, eventually the account will be locked/disabled in the internal directory.


We can then imagine someone doing a DoS attack for all the users in the organization.




P.S. I'm interested in a solution for a setup running R80.10