Defining lockout and event timeout

A lockout prevents logging into a valid user account after a predefined number of unsuccessful login attempts. Lockouts help reduce brute-force password attacks from succeeding.

Event timeout defines the time interval during which identical incorrect credentials are treated as a single login attempt for event recording.

NOTE: Failed user login attempts over Ethernet—and any associated lockouts—will apply to both ION and Secure ION. Failed user login attempts over other communication channels—such as a serial port—are tracked separately.

You can define the following account lockout and event timeout options:

• Lockout after unsuccessful login attempts.
• Lockout duration.
• Event timeout for ION or Secure ION only, and only when not using ION sessions.

Prerequisites:

• Open a Security Configuration File in the ION Setup Security wizard

To define user lockouts and timeouts:

1. In the ION Setup Security wizard, click Next to navigate to Select protocol lockout options:

   

2. Select each protocol and click Edit to change lockout and timeout values for:
   • User lockout after unsuccessful login attempts.
   • Timeout for ION protocol only.
3. Enter a value for the Lockout duration in minutes.
4. Next, either:
   • Continue configuring the meter security settings.
   • Click Finish to push your security configuration changes to the meter.