Logon restrictions

Logon restrictions serve primarily to prevent dictionary attacks (a method whereby a malicious user obtains a valid user name and attempts to learn the corresponding password by trying every word in a dictionary). With the speed of modern hardware, malicious programs can guess millions of passwords per minute. To prevent dictionary attacks, Crystal Enterprise has an internal mechanism that enforces a time delay (0.5-1.0 second) between logon attempts. In addition, Crystal Enterprise provides several customizable options that you can use to reduce the risk of a dictionary attack:

• Disable accounts after N failed attempts to log on
• Reset failed logon count after N minute(s)
• Re-enable account after N minute(s)