Disable GoupWise accounts from getting locked.

Can I stop this feature of GroupWise accounts getting locked due to too many failed login attempts?

Answers to questions I might be asked:
-Annoyed clients when it happens.
-The passwords are secure
-So what if I can check logs to see what caused it? I can't stop someone or a bot from attempting to log in.
-If possible I'd rather GW use other preventative measures like 5 second delays between login attempts, or temporarily ban source IPs.
-There is no edirectory in this case. Just GroupWise.

Thanks
  • Hi Cougie,

    I strongly recommend against disabling Intruder Detection - you are opening up your system to being compromised/hacked. I do not consider GroupWise only passwords as being secure as you can't implement password complexity, so you do not know that passwords are indeed secure/complex.

    Having given you my concerns, if you wish to go ahead then: GroupWise Admin Console | Post Office | Client Settings tab | Intruder Detection.

    Cheers,
  • On 06.12.2018 00:44, Cougie wrote:
    >
    > Can I stop this feature of GroupWise accounts getting locked due to too
    > many failed login attempts?
    >
    > Answers to questions I might be asked:
    > -Annoyed clients when it happens.
    > -The passwords are secure
    > -So what if I can check logs to see what caused it? I can't stop someone
    > or a bot from attempting to log in.
    > -If possible I'd rather GW use other preventative measures like 5
    > seconds delay between login attempts, or temporarily ban source IPs.
    > -There is no edirectory in this case. Just GroupWise.


    Just adding my 2c. With disabled intruder detection, *NO* password is
    secure. Brute Force attacks against SMTP with a botnet can tray millions
    of passwords in a short while, and yes, that *does* happen. Do not open
    up that can of worms.

    Do you have your GWIA directly exposed to the internet?

    CU,
    --
    Massimo Rosen
    Micro Focus Knowledge Partner
    No emails please!
    http://www.cfc-it.de
  • Thanks for your responses.
    I am certainly not against intrusion detection. Just that account lockout is a totally silly way to go about it.
    What do I do as an administrator when an account is locked? I unlock the account and perhaps change the password. That doesn't stop the attacks and then the account gets locked again.
    In this case the attacks are coming in via IMAP connection attempt from different source IPs from all over the world.
    I can't just block IMAP connections as we have external services/users that rely on IMAP.

    Like I suggested, a simple connection attempt delay and external IP banning would render brute force attacks useless.
  • Hi,

    I would suggest you limit IMAP access to only those accounts specifically requiring IMAP.

    Cheers,
  • On 06.12.2018 12:34, laurabuckley wrote:
    >
    > Hi,
    >
    > I would suggest you limit IMAP access to only those accounts
    > specifically requiring IMAP.


    Of course that wouldn't help those accounts.

    He has a point though, Groupwise seriously lacks in security options,
    and in all seriousness, these days can hardly be directly exposed to the
    internet anymore. I try to tell TPTB for years, but nobody's listening.
    Facebook icons in the client is more important.

    CU,
    --
    Massimo Rosen
    Micro Focus Knowledge Partner
    No emails please!
    http://www.cfc-it.de
  • Cougie wrote:

    > In this case the attacks are coming in via IMAP connection attempt
    > from different source IPs from all over the world.


    How many users require access via IMAP?

    If it is only a small number you can block the the IMAP port at your
    firewall and open an obscure high port and do port forwarding to your
    GWIA.

    Hackers will try to gain access via common ports. If those ports are
    not open they will not be able to attempt access and your accounts will
    no longer be locked.

    --
    Kevin Boyle - Knowledge Partner
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below this post.
    Thank you.
  • In article <Cougie.8rutld@no-mx.forums.microfocus.com>, Cougie wrote:
    > Like I suggested, a simple connection attempt delay and external IP
    > banning would render brute force attacks useless.


    The best place for most of us to make such suggestions is in the Ideas
    Portal at https://ideas.microfocus.com/MFI/mf-gw/

    where there is already some Ideas that get close to this, so adding
    your own and then voting for the others would help push things along.
    You might even get some additional thoughts just from reading them.

    https://ideas.microfocus.com/MFI/mf-gw/Idea/Detail/14413
    https://ideas.microfocus.com/MFI/mf-gw/Idea/Detail/1649
    https://ideas.microfocus.com/MFI/mf-gw/Idea/Detail/1126


    Andy of
    http://KonecnyConsulting.ca in Toronto
    Knowledge Partner
    https://forums.novell.com/member.php/75037-konecnya
    If you find a post helpful and are logged in the Web interface, please
    show your appreciation by clicking on the star below. Thanks!