Questions about Cisco IOS

Unanswered Question
Feb 14th, 2012
User Badges:

I work for the U.S. Government, government regulations require us to meet certain requirements. Are Cisco products capable of loading an Anti Virus/Malware application to protect the IOS while not quarantining traffic or clients? Also, will the IOS enforce a password with a minimum of 6 characters, including a combination of alpha, numeric and special characters, and also force an annual password change?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
darren.g Tue, 02/14/2012 - 15:38
User Badges:
  • Silver, 250 points or more

g.lafreniere wrote:


I work for the U.S. Government, government regulations require us to meet certain requirements. Are Cisco products capable of loading an Anti Virus/Malware application to protect the IOS while not quarantining traffic or clients? Also, will the IOS enforce a password with a minimum of 6 characters, including a combination of alpha, numeric and special characters, and also force an annual password change?


No and no.


The US government is stupid if it tries to apply restrictions on software to hardware which is not succeptable to problems in the first palce. IOS doesn't process the information contained in passed traffic beyond the header analysis required to make routing/forwarding decisions. In 30 years in IT I've never heard of a virus or piece of malware embedded in the network protocol (layer 1/2/3) header.


Despite the "OS' in the name, IOS is not an "operating system" in the sense the idiots who drafted such inflexable regulations intended. I wonder if Cisco senior management know of such stupid "requirements"?


Caveat : You can have a Cisco device run an in-line virus/malware checker in the form of IDP modules - but they don't protect the "IOS" - they scan the traffic being passed by the device.

Leo Laohoo Tue, 02/14/2012 - 16:55
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Hey Darren,


Maybe they (US Government) meant iOS instead of IOS. 

darren.g Tue, 02/14/2012 - 19:36
User Badges:
  • Silver, 250 points or more

leolaohoo wrote:


Hey Darren,


Maybe they (US Government) meant iOS instead of IOS. 


+5 Leo, +5. :-)


Darren

Leo Laohoo Tue, 02/14/2012 - 19:40
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

LOL

simionov.adrian Wed, 02/15/2012 - 01:57
User Badges:

This reminds me about the 2 most funniest tickets I've seen last year:


1. Description of the ticket: "HELP."


2. Open by a server guy: port not found, please open the port on the firewall. Please check the attachement.

Attachement was a screenshot of a notepad searching with FIND in the text for a certain port, and string "1531" was not found in that document.

Leo Laohoo Wed, 02/15/2012 - 13:51
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

2. Open by a server guy: port not found, please open the port on the firewall. Please check the attachement.

Attachement was a screenshot of a notepad searching with FIND in the text for a certain port, and string "1531" was not found in that document.

Awesome!  (+5)


This is better than the design doco prepared by a "CCIE" which revolves around a rack-full of servers which will be powered up using 3750E PoE!

Leo Laohoo Wed, 02/15/2012 - 13:50
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Also, will the IOS enforce a password with a minimum of 6 characters, including a combination of alpha, numeric and special characters, and also force an annual password change?

Not Cisco IOS.  Any RADIUS/TACACs proggie can.  Depends on the network admin if he/she is lazy enough.

glen.grant Wed, 02/15/2012 - 14:04
User Badges:
  • Purple, 4500 points or more

  You can specify a password length but not special characters etc..


security passwords min-length


To ensure that all configured passwords are at least a specified length, use the security passwords min-length command in global configuration mode. To disable this functionality, use the no form of this command.


security passwords min-length length

no security passwords min-length length

Syntax Description



length

Minimum length of a configured password. The default is six characters.




Defaults


Six characters


Command Modes


Global configuration


Command History



Release
Modification

12.3(1)

This command was introduced.




Usage Guidelines


The security passwords min-length command  provides enhanced security access to the router by allowing you to  specify a minimum password length, eliminating common passwords that are  prevalent on most networks, such as "lab" and "cisco." This command  affects user passwords, enable passwords and secrets, and line  passwords. After this command is enabled, any password that is less than  the specified length will fail.


Examples


The following example shows both how to specify a minimum password  length of six characters and what happens when the password does not  adhere to the minimum length:


security password min-length 6

enable password lab

% Password too short - must be at least 6 characters. Password not configured.

Actions

This Discussion

Related Content