Thanks for the advice, folks!
It's still behind a firewall, so the only open ports are the ones required for management.
I was thinking of disabling ports 902 and 903, so that would at least stop them from being able to xfer files and accessing the consoles.
It can't be much more dangerous than exposing a Windows box with remote desktop open, right?
Regarding my original question - is there any built in protection against brute force attacks? i.e. what happens with failed password attempts?
Thanks,
Alan