Configuring protection against brute force attacks in Security Center - To better align Security Center with your security policies, you can use the Directory.gconfig file to configure how the system protects users against password brute force attacks. - Security Center 5.9 - 5.13

Product
Security Center
Content type
Guides > User guides
Version
5.13
5.12
5.11
5.10
5.9
Language
English
Last updated
2025-09-17

Configuring protection against brute force attacks in Security Center

To better align Security Center with your security policies, you can use the Directory.gconfig file to configure system protection against password brute force attacks.

What you should know

  • By default, a Security Center user who enters ten different incorrect passwords within 30 seconds is blocked from logging on for 30 seconds. All logon attempts by that user during the lockout period are rejected, regardless of password validity.
  • Protection against brute force attacks applies only to users created within Security Center. Users authenticated by an external identity provider are not affected.
  • You can modify the brute force settings in the Directory.gconfig file, such as the number of failed attempts that trigger the lockout and the duration of the lockout.
    CAUTION:
    Modify this configuration file only if you are sure that the changes are valid. Incorrect code can cause your system to have issues or go offline.
  • If you have Directory servers set up for load balancing, the system calculates the number of failed attempts before lockout based on the values of the BruteForceMaxFailedAttemptsForPeriod attribute for each server. For example, if you set the value to 10 for your main Directory server and for your failover server, a user is locked out after they have tried to log on 20 times with an incorrect password, if not sooner. For more information, see Setting up Directory failover and load balancing.
  • You can use the Activity trails task to see when users are locked out due to brute force protection. Select Activities > General > User logon failed when you generate the report. For more information, see Investigating user-related activity on your Security Center system.

Procedure

  1. On the main server, launch Notepad with the Run as administrator option.
  2. In Notepad, open Directory.gconfig.
    The file location depends on your version of Windows:
    • Windows 32-bit: C:\Program Files\Genetec Security Center 5.x\ConfigurationFiles
    • Windows 64-bit: C:\Program Files (x86)\Genetec Security Center 5.x\ConfigurationFiles
    NOTE: If .gconfig files are not associated with Notepad, select All Files (*.*) in the Open dialog box to see them.
  3. Inside <Directory, add or set the following attributes as needed:
    NOTE: In the default configuration, these attributes are missing from Directory.gconfig. Add only the attributes that you need to change.
    IsBruteForceProtectionEnabled
    IsBruteForceProtectionEnabled="true"

    Enable (true) or disable (false) brute force protection.

    BruteForceTimePeriod
    BruteForceTimePeriod="00:00:30"

    Number of hours (00-23), minutes (00-59), and seconds (00-59) that a user is locked out of Security Center after attempting too many unique passwords within 30 seconds.

    BruteForceMaxFailedAttemptsForPeriod
    BruteForceMaxFailedAttemptsForPeriod="10"

    Number of unique incorrect passwords that must be entered within 30 seconds to trigger a lockout.

    For example:
    Directory.gconfig file, highlighting the attributes for brute force protection.
    IMPORTANT: Configure these three attributes with identical values on all your Directory servers.
  4. Save and close the file.

Results

The configuration changes are applied immediately, without a system restart.