Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Questions about Cisco IOS

I work for the U.S. Government, government regulations require us to meet certain requirements. Are Cisco products capable of loading an Anti Virus/Malware application to protect the IOS while not quarantining traffic or clients? Also, will the IOS enforce a password with a minimum of 6 characters, including a combination of alpha, numeric and special characters, and also force an annual password change?

Everyone's tags (1)
8 REPLIES
Silver

Questions about Cisco IOS

g.lafreniere wrote:

I work for the U.S. Government, government regulations require us to meet certain requirements. Are Cisco products capable of loading an Anti Virus/Malware application to protect the IOS while not quarantining traffic or clients? Also, will the IOS enforce a password with a minimum of 6 characters, including a combination of alpha, numeric and special characters, and also force an annual password change?

No and no.

The US government is stupid if it tries to apply restrictions on software to hardware which is not succeptable to problems in the first palce. IOS doesn't process the information contained in passed traffic beyond the header analysis required to make routing/forwarding decisions. In 30 years in IT I've never heard of a virus or piece of malware embedded in the network protocol (layer 1/2/3) header.

Despite the "OS' in the name, IOS is not an "operating system" in the sense the idiots who drafted such inflexable regulations intended. I wonder if Cisco senior management know of such stupid "requirements"?

Caveat : You can have a Cisco device run an in-line virus/malware checker in the form of IDP modules - but they don't protect the "IOS" - they scan the traffic being passed by the device.

Hall of Fame Super Gold

Re: Questions about Cisco IOS

Hey Darren,

Maybe they (US Government) meant iOS instead of IOS. 

Silver

Questions about Cisco IOS

leolaohoo wrote:

Hey Darren,

Maybe they (US Government) meant iOS instead of IOS. 

+5 Leo, +5. :-)

Darren

Hall of Fame Super Gold

Questions about Cisco IOS

LOL

New Member

Questions about Cisco IOS

This reminds me about the 2 most funniest tickets I've seen last year:

1. Description of the ticket: "HELP."

2. Open by a server guy: port not found, please open the port on the firewall. Please check the attachement.

Attachement was a screenshot of a notepad searching with FIND in the text for a certain port, and string "1531" was not found in that document.

Hall of Fame Super Gold

Questions about Cisco IOS

2. Open by a server guy: port not found, please open the port on the firewall. Please check the attachement.

Attachement was a screenshot of a notepad searching with FIND in the text for a certain port, and string "1531" was not found in that document.

Awesome!  (+5)

This is better than the design doco prepared by a "CCIE" which revolves around a rack-full of servers which will be powered up using 3750E PoE!

Hall of Fame Super Gold

Questions about Cisco IOS

Also, will the IOS enforce a password with a minimum of 6 characters, including a combination of alpha, numeric and special characters, and also force an annual password change?

Not Cisco IOS.  Any RADIUS/TACACs proggie can.  Depends on the network admin if he/she is lazy enough.

Purple

Questions about Cisco IOS

  You can specify a password length but not special characters etc..

security passwords min-length

To ensure that all configured passwords are at least a specified length, use the security passwords min-length command in global configuration mode. To disable this functionality, use the no form of this command.

security passwords min-length length

no security passwords min-length length

Syntax Description


length

Minimum length of a configured password. The default is six characters.

Defaults

Six characters

Command Modes

Global configuration

Command History


Release
Modification

12.3(1)

This command was introduced.

Usage Guidelines

The security passwords min-length command  provides enhanced security access to the router by allowing you to  specify a minimum password length, eliminating common passwords that are  prevalent on most networks, such as "lab" and "cisco." This command  affects user passwords, enable passwords and secrets, and line  passwords. After this command is enabled, any password that is less than  the specified length will fail.

Examples

The following example shows both how to specify a minimum password  length of six characters and what happens when the password does not  adhere to the minimum length:

security password min-length 6

enable password lab

% Password too short - must be at least 6 characters. Password not configured.
778
Views
10
Helpful
8
Replies