Watson Supply Chain Ideas

Use this form to submit an idea for a new product feature. The product team will review your input and provide status updates as decisions are made regarding the request.

Before you submit a new idea, please view requests that have already been submitted. If your idea has already been submitted, you can add comments or vote on the existing idea, thereby indicating your agreement with the idea. We may use this information to help prioritize development of new features.

 

Submit ideas for Watson Marketing and Watson Commerce products

Block users from attempting authentication at the Secure Proxy level

We have a Secure Proxy engine that is exposed to the internet. As such we are subjected to a large number of "probing" login attempts from usernames such as "root", "admin", etc.

All of our login attempts are passed to a Sterling External Authentication server for authentication through LDAP. With the current setup we wind up with tens of thousands of failed login attempts daily, causing load on our SEAS engine and LDAP servers, and also filling the SEAS logs with thousands of lines of garbage errors from these failed login attempts.

It would be useful to be able to restrict login attempts at the Secure Proxy level so that known invalid-ids are not even allowed to attempt authentication. This would reduce load on the authentication / LDAP servers, and also make the product more secure as there would be no chance of a user being able to break into a privileged ID if one happens to exist in LDAP.

Ideally it would be preferable if we could configure a pattern / patterns (perhaps using regex) that an allowed username must match in order to be allowed to attempt authentication. If not, it would at least be helpful to be able to blacklist specific usernames so they would not be allowed past the proxy.
  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Jan 8 2018
  • Planned for Future Release
How will this idea be used?
What is your industry?
What is the idea priority? Medium
DeveloperWorks ID DW_ID100885
RTC ID RTC_ID529184
Link to original RFE http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=100885
  • Attach files
  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    October 12, 2018 13:47

    When can we expect this RFE part of product functionality  ?