Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1263
Views
10
Helpful
8
Replies

Questions about Cisco IOS

g.lafreniere
Level 1
Level 1

‎02-14-2012 02:31 PM - edited ‎03-07-2019 04:56 AM

I work for the U.S. Government, government regulations require us to meet certain requirements. Are Cisco products capable of loading an Anti Virus/Malware application to protect the IOS while not quarantining traffic or clients? Also, will the IOS enforce a password with a minimum of 6 characters, including a combination of alpha, numeric and special characters, and also force an annual password change?

Labels:
0 Helpful
8 Replies 8

darren.g
Level 5
Level 5

‎02-14-2012 03:38 PM 

g.lafreniere wrote:
I work for the U.S. Government, government regulations require us to meet certain requirements. Are Cisco products capable of loading an Anti Virus/Malware application to protect the IOS while not quarantining traffic or clients? Also, will the IOS enforce a password with a minimum of 6 characters, including a combination of alpha, numeric and special characters, and also force an annual password change?

No and no.

The US government is stupid if it tries to apply restrictions on software to hardware which is not succeptable to problems in the first palce. IOS doesn't process the information contained in passed traffic beyond the header analysis required to make routing/forwarding decisions. In 30 years in IT I've never heard of a virus or piece of malware embedded in the network protocol (layer 1/2/3) header.

Despite the "OS' in the name, IOS is not an "operating system" in the sense the idiots who drafted such inflexable regulations intended. I wonder if Cisco senior management know of such stupid "requirements"?

Caveat : You can have a Cisco device run an in-line virus/malware checker in the form of IDP modules - but they don't protect the "IOS" - they scan the traffic being passed by the device.

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to darren.g

‎02-14-2012 04:55 PM

Hey Darren,

Maybe they (US Government) meant iOS instead of IOS. 

darren.g
Level 5
Level 5
In response to Leo Laohoo

‎02-14-2012 07:36 PM 

leolaohoo wrote:
Hey Darren, 
Maybe they (US Government) meant iOS instead of IOS. 

+5 Leo, +5. :-)

Darren

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to darren.g

‎02-14-2012 07:40 PM

LOL

0 Helpful

simionov.adrian
Level 1
Level 1
In response to Leo Laohoo

‎02-15-2012 01:57 AM

This reminds me about the 2 most funniest tickets I've seen last year:

1. Description of the ticket: "HELP."

2. Open by a server guy: port not found, please open the port on the firewall. Please check the attachement.

Attachement was a screenshot of a notepad searching with FIND in the text for a certain port, and string "1531" was not found in that document.

Leo Laohoo
Hall of Fame
Hall of Fame
In response to simionov.adrian

‎02-15-2012 01:51 PM 

2. Open by a server guy: port not found, please open the port on the firewall. Please check the attachement.
Attachement was a screenshot of a notepad searching with FIND in the text for a certain port, and string "1531" was not found in that document.

Awesome!  (+5)

This is better than the design doco prepared by a "CCIE" which revolves around a rack-full of servers which will be powered up using 3750E PoE!

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎02-15-2012 01:50 PM 

Also, will the IOS enforce a password with a minimum of 6 characters, including a combination of alpha, numeric and special characters, and also force an annual password change?

Not Cisco IOS.  Any RADIUS/TACACs proggie can.  Depends on the network admin if he/she is lazy enough.

0 Helpful

glen.grant
VIP Alumni
VIP Alumni

‎02-15-2012 02:04 PM

  You can specify a password length but not special characters etc..

security passwords min-length

To ensure that all configured passwords are at least a specified length, use the security passwords min-length command in global configuration mode. To disable this functionality, use the no form of this command.

security passwords min-length length

no security passwords min-length length

Syntax Description

length

Minimum length of a configured password. The default is six characters.

Defaults

Six characters

Command Modes

Global configuration

Command History
Release
Modification

12.3(1)

This command was introduced.

Usage Guidelines

The security passwords min-length command  provides enhanced security access to the router by allowing you to  specify a minimum password length, eliminating common passwords that are  prevalent on most networks, such as "lab" and "cisco." This command  affects user passwords, enable passwords and secrets, and line  passwords. After this command is enabled, any password that is less than  the specified length will fail.

Examples

The following example shows both how to specify a minimum password  length of six characters and what happens when the password does not  adhere to the minimum length: 

security password min-length 6


enable password lab


% Password too short - must be at least 6 characters. Password not configured.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card