On Nov 20, 2019, at 11:16, Joseph M. Karam <jka...@princeton.edu<mailto:jka...@princeton.edu>> wrote:
We would like to define a rule in our wireless infrastructure that says something like, “if the device failed authentication 20 times in 1 minute, do not allow it to authenticate again for 10 minutes”. Has anyone had good or bad experiences with defining these types of policies? This sounds like a variation of the “account lockout” question that pops up in security discussions, and the wireless situation you describe always comes up as one of the examples as to potentially bad consequences. IMO, the conversation needs to evolve to not just whether we should be locking out accounts but how can we do it in a smarter way? ie, it’s one thing to lock out an account where someone has been trying 100 different passwords in a time period vs the same password over and over again. Similarly, there are geolocation tools available so you could see, for example, that should be able to alert you if someone has been logging in successfully from a single geographical area for the past week but all of a sudden has a number of unsuccessful login attempts from a vastly different location. -- Julian Y. Koh Associate Director, Telecommunications and Network Services Northwestern Information Technology 2020 Ridge Avenue #331 Evanston, IL 60208 +1-847-467-5780 Northwestern IT Web Site: <http://www.it.northwestern.edu/> PGP Public Key: <https://bt.ittns.northwestern.edu/julian/pgppubkey.html> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community