Banning an IP Address that Uses an Invalid Account
EFT can add an IP address to the Site’s IP ban list when a specified number of invalid login attempts occur over a specified period when a non-existing username was supplied. The offending IP address is added to the Site's IP address ban list. (The Site's IP address ban list can be viewed and managed on the Site's Connections tab.)
EFT Login Security Options do not apply to SAML (Web SSO) failed logins. Login security controls, such as password complexity and failed logins, are within the responsibility of the IdP and are not controlled by EFT.
To automatically ban an IP address after a number of invalid login attempts
-
In the administration interface, connect to EFT and click the Server tab.
-
On the Server tab, click the Site.
-
In the right pane, click the Security tab.
-
In the Password Security area, next to Invalid login options, click Configure. The Login Security Options dialog box appears.
-
Select the Ban IP address check box, then specify the number of invalid login attempts and number of minutes during which to count the invalid logins.
-
Click OK to save the changes and close the dialog box.
-
Click Apply to save the changes on EFT.
The settings above (6 invalid login attempts over a 5-minute period) cause the IP address to be added to the ban list after the 6th attempt (n+1). The values are the maximum failures ALLOWED before the IP address is banned. After the 6th login failure, the IP address would be banned.
-
DMZ Gateway 3.0 and later, EFT communicates the new IP address to the DMZ Gateway, and these attempts are rejected at the edge/DMZ.
-
DMZ Gateway 2.0, the IP address is added to the ban list, but the list is not communicated to the DMZ Gateway until the next EFT/DMZ Gateway reconnect.
-
If a hacker is using a legitimate username, but is running through a list of passwords, the IP address will be banned, but the legitimate user account is not disabled or locked out. The legitimate user can still login from a valid/non-banned IP address. The IP access/ban list displays newly added IP addresses. (You have to press F5 to refresh to ensure that it displays the current set of IP addresses. The GUI does not refresh automatically.)
Related Topics