profile image
Vishnu J Kumar
Lead Engineer, HCL Software
About
7 years of experience in Automation and QA, associated with HCL for 4 years. Passionate about opensource tools such as selenium, cucumber, Rest-Assured etc. Java and Python are my programming language of choice.
Posts by Vishnu J Kumar
article-img
Secure DevOps | February 5, 2021
Protecting HCL Compass from Brute-force attacks
HCL Compass allows the administrator to protect Compass database repositories from brute-force attacks, here is the official documentation.  It limits the number of invalid login attempts of an attacker, who pretends as a user, before the lock out and also limits the login attempts from a certain host connecting to HCL Compass.  If an attacker is trying to hack and determine the password of a particular user, they might try many login attempts with different username and password combinations until they find one that works. As a defence against such attacks, HCL Compass can lock out the account or host used by the attacker when a certain number of failed attempts have occurred. When an account or a host is locked out, the login error message is the same as if the attacker entered an incorrect username and password. This prevents the attacker from knowing that the account has been locked out, causing them to waste resources on a continued fruitless attack. This severely limits the attacker to succeed in guessing the password.  Steps to protect the credential  HCL Compass enables the credential protection in just two simple steps.  First step to enable security is by creating a “.config” file with the below data. In this example we will create the config file with the name “SecureCredential.config”. This file can be created in any location; hence we have created the file in the HCL Compass default installation location, which is, “C:\Program Files\HCL\CCM\Compass”  # Comments are preceded by '#' and are ignored. # This enables lockouts lockout_enable 1 # Host lockout configuration # This sets the HOST lockout threshold to 10 tries lockout_threshold HOST 10  # This sets the HOST reset period to 60 seconds. lockout_reset HOST 60 # User lockout configuration # This sets the USER lockout threshold to 10 tries lockout_threshold USER 10  # This sets the USER reset period to 60 seconds. lockout_reset USER 60 # Whitelist / blacklists lockout_whitelist HOST whitelisthost lockout_whitelist USER whitelistuser1, whitelistuser lockout_blacklist HOST blacklisthost3 lockout_blacklist USER bl_user1 lockout_blacklist USER bl_user2,bl_user3 # Login attempt table cleanup # This says to cleanup any failed login attempts older # than one day (60s/m * 60m/hr * 24hr/day), and only # in...
Close