Cougie Absent Member.
Absent Member.
1118 views

Disable GoupWise accounts from getting locked.

Can I stop this feature of GroupWise accounts getting locked due to too many failed login attempts?

Answers to questions I might be asked:
-Annoyed clients when it happens.
-The passwords are secure
-So what if I can check logs to see what caused it? I can't stop someone or a bot from attempting to log in.
-If possible I'd rather GW use other preventative measures like 5 second delays between login attempts, or temporarily ban source IPs.
-There is no edirectory in this case. Just GroupWise.

Thanks
Labels (1)
0 Likes
7 Replies
Micro Focus Expert
Micro Focus Expert

Re: Disable GoupWise accounts from getting locked.

Hi Cougie,

I strongly recommend against disabling Intruder Detection - you are opening up your system to being compromised/hacked. I do not consider GroupWise only passwords as being secure as you can't implement password complexity, so you do not know that passwords are indeed secure/complex.

Having given you my concerns, if you wish to go ahead then: GroupWise Admin Console | Post Office | Client Settings tab | Intruder Detection.

Cheers,
Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
0 Likes
Knowledge Partner
Knowledge Partner

Re: Disable GoupWise accounts from getting locked.

On 06.12.2018 00:44, Cougie wrote:
>
> Can I stop this feature of GroupWise accounts getting locked due to too
> many failed login attempts?
>
> Answers to questions I might be asked:
> -Annoyed clients when it happens.
> -The passwords are secure
> -So what if I can check logs to see what caused it? I can't stop someone
> or a bot from attempting to log in.
> -If possible I'd rather GW use other preventative measures like 5
> seconds delay between login attempts, or temporarily ban source IPs.
> -There is no edirectory in this case. Just GroupWise.


Just adding my 2c. With disabled intruder detection, *NO* password is
secure. Brute Force attacks against SMTP with a botnet can tray millions
of passwords in a short while, and yes, that *does* happen. Do not open
up that can of worms.

Do you have your GWIA directly exposed to the internet?

CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
Highlighted
Cougie Absent Member.
Absent Member.

Re: Disable GoupWise accounts from getting locked.

Thanks for your responses.
I am certainly not against intrusion detection. Just that account lockout is a totally silly way to go about it.
What do I do as an administrator when an account is locked? I unlock the account and perhaps change the password. That doesn't stop the attacks and then the account gets locked again.
In this case the attacks are coming in via IMAP connection attempt from different source IPs from all over the world.
I can't just block IMAP connections as we have external services/users that rely on IMAP.

Like I suggested, a simple connection attempt delay and external IP banning would render brute force attacks useless.
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Disable GoupWise accounts from getting locked.

Hi,

I would suggest you limit IMAP access to only those accounts specifically requiring IMAP.

Cheers,
Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
0 Likes
Knowledge Partner
Knowledge Partner

Re: Disable GoupWise accounts from getting locked.

On 06.12.2018 12:34, laurabuckley wrote:
>
> Hi,
>
> I would suggest you limit IMAP access to only those accounts
> specifically requiring IMAP.


Of course that wouldn't help those accounts.

He has a point though, Groupwise seriously lacks in security options,
and in all seriousness, these days can hardly be directly exposed to the
internet anymore. I try to tell TPTB for years, but nobody's listening.
Facebook icons in the client is more important.

CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
Knowledge Partner
Knowledge Partner

Re: Disable GoupWise accounts from getting locked.

Cougie wrote:

> In this case the attacks are coming in via IMAP connection attempt
> from different source IPs from all over the world.


How many users require access via IMAP?

If it is only a small number you can block the the IMAP port at your
firewall and open an obscure high port and do port forwarding to your
GWIA.

Hackers will try to gain access via common ports. If those ports are
not open they will not be able to attempt access and your accounts will
no longer be locked.

--
Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below this post.
Thank you.
_____
Kevin Boyle - Knowledge Partner - Calgary, Alberta, Canada
Who are the Knowledge Partners?
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Disable GoupWise accounts from getting locked.

In article <Cougie.8rutld@no-mx.forums.microfocus.com>, Cougie wrote:
> Like I suggested, a simple connection attempt delay and external IP
> banning would render brute force attacks useless.


The best place for most of us to make such suggestions is in the Ideas
Portal at https://ideas.microfocus.com/MFI/mf-gw/

where there is already some Ideas that get close to this, so adding
your own and then voting for the others would help push things along.
You might even get some additional thoughts just from reading them.

https://ideas.microfocus.com/MFI/mf-gw/Idea/Detail/14413
https://ideas.microfocus.com/MFI/mf-gw/Idea/Detail/1649
https://ideas.microfocus.com/MFI/mf-gw/Idea/Detail/1126


Andy of
http://KonecnyConsulting.ca in Toronto
Knowledge Partner
https://forums.novell.com/member.php/75037-konecnya
If you find a post helpful and are logged in the Web interface, please
show your appreciation by clicking on the star below. Thanks!

___
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.