I was thinking about the same

g.lafreniere · ‎02-14-2012

I work for the U.S. Government, government regulations require us to meet certain requirements. Are Cisco products capable of loading an Anti Virus/Malware application to protect the IOS while not quarantining traffic or clients? Also, will the IOS enforce a password with a minimum of 6 characters including a combination of alpha, numeric and special characters and force an annual password change?

Marvin Rhoads · ‎02-14-2012

There is no IOS antivirus / antimalware per se. Several Cisco products can redirect user traffic THROUGH them to such products.

If your router or switch is running IOS 12.3 or later, you can enforce local password minimum length:

rtr(config)#security password min-length ?

<0-16> Minimum length of all user/enable passwords

You cannot do the other password policies for local passwords, but you can with an external AAA server (like ACS).

Using the above features, systems can be certified and accredited at the highest levels.

mohammed hashim · ‎05-15-2014

I was thinking about the same thing too, because any OS connected to the network could get a virus infection !

some OSs do not get infection probably because of the most Virus writers write viruses for the most used OS like windows.

so still in the loop, does cisco IOS have a possibility for infection ?

thanks,

Marvin Rhoads · ‎05-16-2014

I'm not aware of any documented case of an "IOS virus".

IOS is targeted more for denial-of-service via things like syn or ping flooding. It is also commonly targeted for password cracking via brute force dictionary type attacks.

There are a number of countermeasures one can take to counter those type of attacks. They are described in depth in the CCNA Security and CCNP Security reference guides as well as numerous Cisco configuration guides and whitepapers.

Questions about Cisco IOS