Questions about Cisco IOS

Unanswered Question
Feb 14th, 2012

I work for the U.S. Government, government regulations require us to meet certain requirements. Are Cisco products capable of loading an Anti Virus/Malware application to protect the IOS while not quarantining traffic or clients? Also, will the IOS enforce a password with a minimum of 6 characters, including a combination of alpha, numeric and special characters, and also force an annual password change?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (2 ratings)
darren.g Tue, 02/14/2012 - 15:38

g.lafreniere wrote:

I work for the U.S. Government, government regulations require us to meet certain requirements. Are Cisco products capable of loading an Anti Virus/Malware application to protect the IOS while not quarantining traffic or clients? Also, will the IOS enforce a password with a minimum of 6 characters, including a combination of alpha, numeric and special characters, and also force an annual password change?

No and no.

The US government is stupid if it tries to apply restrictions on software to hardware which is not succeptable to problems in the first palce. IOS doesn't process the information contained in passed traffic beyond the header analysis required to make routing/forwarding decisions. In 30 years in IT I've never heard of a virus or piece of malware embedded in the network protocol (layer 1/2/3) header.

Despite the "OS' in the name, IOS is not an "operating system" in the sense the idiots who drafted such inflexable regulations intended. I wonder if Cisco senior management know of such stupid "requirements"?

Caveat : You can have a Cisco device run an in-line virus/malware checker in the form of IDP modules - but they don't protect the "IOS" - they scan the traffic being passed by the device.

Leo Laohoo Tue, 02/14/2012 - 16:55

Hey Darren,

Maybe they (US Government) meant iOS instead of IOS. 

darren.g Tue, 02/14/2012 - 19:36

leolaohoo wrote:

Hey Darren,

Maybe they (US Government) meant iOS instead of IOS. 

+5 Leo, +5. :-)

Darren

simionov.adrian Wed, 02/15/2012 - 01:57

This reminds me about the 2 most funniest tickets I've seen last year:

1. Description of the ticket: "HELP."

2. Open by a server guy: port not found, please open the port on the firewall. Please check the attachement.

Attachement was a screenshot of a notepad searching with FIND in the text for a certain port, and string "1531" was not found in that document.

Leo Laohoo Wed, 02/15/2012 - 13:51

2. Open by a server guy: port not found, please open the port on the firewall. Please check the attachement.

Attachement was a screenshot of a notepad searching with FIND in the text for a certain port, and string "1531" was not found in that document.

Awesome!  (+5)

This is better than the design doco prepared by a "CCIE" which revolves around a rack-full of servers which will be powered up using 3750E PoE!

Leo Laohoo Wed, 02/15/2012 - 13:50
Also, will the IOS enforce a password with a minimum of 6 characters, including a combination of alpha, numeric and special characters, and also force an annual password change?

Not Cisco IOS.  Any RADIUS/TACACs proggie can.  Depends on the network admin if he/she is lazy enough.

glen.grant Wed, 02/15/2012 - 14:04

  You can specify a password length but not special characters etc..

security passwords min-length

To ensure that all configured passwords are at least a specified length, use the security passwords min-length command in global configuration mode. To disable this functionality, use the no form of this command.

security passwords min-length length

no security passwords min-length length

Syntax Description


length

Minimum length of a configured password. The default is six characters.

Defaults

Six characters

Command Modes

Global configuration

Command History


Release
Modification

12.3(1)

This command was introduced.

Usage Guidelines

The security passwords min-length command  provides enhanced security access to the router by allowing you to  specify a minimum password length, eliminating common passwords that are  prevalent on most networks, such as "lab" and "cisco." This command  affects user passwords, enable passwords and secrets, and line  passwords. After this command is enabled, any password that is less than  the specified length will fail.

Examples

The following example shows both how to specify a minimum password  length of six characters and what happens when the password does not  adhere to the minimum length:

security password min-length 6

enable password lab

% Password too short - must be at least 6 characters. Password not configured.

Actions

Login or Register to take actions

This Discussion

Posted February 14, 2012 at 2:31 PM
Stats:
Replies:8 Avg. Rating:5
Views:710 Votes:0
Shares:0
Tags: ios
+

Related Content

Discussions Leaderboard

Rank Username Points
1 15,007
2 8,150
3 7,725
4 7,083
5 6,742
Rank Username Points
165
82
69
65
55