- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-16-2018 11:43 PM - edited 02-21-2020 07:53 AM
I need to implement strong encryption algorithm for Cisco IOS and ASA firewalls. How do I achieve this?
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-17-2018 12:25 AM
It sounds like, from this question and the other one you posted, that you've been audited or are preparing for an audit. It would be better if you learned some of the fundamentals and best practices rather than asking specific questions out of context.
In any event, ASA passwords since 9.7 can use a stronger pbkdf2 algorithm for hashing local passwords. Details are here:
IOS devices should be setup to use type 9 (where possible - vs. type 5 or 7) user passwords and "enable secret" passwords. If type 8/9 are not supported on your IOS then type 5 is the next-preferred method.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-18-2018 05:14 AM
What a lot of organizations do is implement an external aaa server (tacacs+ or radius) which stores the user accounts/passwords in a remote database (therefore not stored on the local router/switch).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-17-2018 12:25 AM
It sounds like, from this question and the other one you posted, that you've been audited or are preparing for an audit. It would be better if you learned some of the fundamentals and best practices rather than asking specific questions out of context.
In any event, ASA passwords since 9.7 can use a stronger pbkdf2 algorithm for hashing local passwords. Details are here:
IOS devices should be setup to use type 9 (where possible - vs. type 5 or 7) user passwords and "enable secret" passwords. If type 8/9 are not supported on your IOS then type 5 is the next-preferred method.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-17-2018 11:04 PM
When I define users on IOS/ASA, is it possible to hide/encrypt the username in the running config?
username Abc privilege 15 secret 5 $XXXXXXXXXXXXXXXXXXXXXXXXX
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-18-2018 05:14 AM
What a lot of organizations do is implement an external aaa server (tacacs+ or radius) which stores the user accounts/passwords in a remote database (therefore not stored on the local router/switch).
