Resources for system protection

In order to protect your system from external forces, you must implement system controls that prevent or mitigate the effect of attacks. Although i2 Group does not manage login configuration, and the responsibility for protection of your network from external attack remains yours, the following communities provide a starting point for your investigation into preventative methods.

The Open Web Application Security Project

The Open Web Application Security Project Foundation is a not-for-profit organization that is dedicated to enabling organizations to conceive, develop, operate, and maintain applications that can be trusted.

In particular, see https://owasp.org/www-community/controls/Blocking_Brute_Force_Attacks and https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html.

SANS Institute

The System-Admin, Audit, Network, and Security Institute is the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the internet's early warning system - the Internet Storm Center.

In particular, see the Password Construction Guidelines in its Security Policy Templates.

Common Weakness Enumeration

CWE™ is a community-developed list of common software security weaknesses. It serves as a common language, a measuring stick for software security tools, and as a baseline for weakness identification, mitigation, and prevention efforts.

In particular, see http://cwe.mitre.org/top25/index.html#CWE-307.