Cisco Cisco Email Security Appliance X1070 User Guide
1-2
Cisco AsyncOS 8.0.2 for Email User Guide
Chapter 1 Getting Started with the Cisco Email Security Appliance
What’s New in This Release
New Features
Feature
Description
Configurable SSL Settings in FIPS
Mode
Mode
In FIPS mode, you can now configure the Cipher Suites in the
SSL settings, using the
SSL settings, using the
sslconfig
command in CLI. For more
information, see Cisco AsyncOS 8.0.2 for Email CLI Reference
Guide.
Guide.
Note
You cannot change server and client methods in FIPS
mode.
mode.
Configurable SSH Server Settings
You can now configure the following SSH server settings using
the
the
sshconfig
command in CLI:
•
Public Key Authentication Algorithms
•
Cipher Algorithms
•
KEX Algorithms
•
MAC Methods
•
Minimum Server Key Size
See
Encrypt Sensitive Data in FIPS Mode In FIPS mode, you can now encrypt:
•
Critical security parameters in your appliance
•
Swap space in your appliance.
This helps to prevent any unauthorized access or forensic
attacks when the physical security of the appliance is
compromised.
attacks when the physical security of the appliance is
compromised.
Use the
fipsconfig
command in CLI to enable encryption of
sensitive data in the appliance. See
Encrypt Sensitive Data in
Configuration Files
Configuration Files
You can now encrypt the critical security parameters in the
appliance configuration file while exporting, emailing, or
displaying it.
appliance configuration file while exporting, emailing, or
displaying it.
See
.
Permanently Delete Sensitive Data in
the Appliance
the Appliance
You can now permanently delete sensitive data (critical
security parameters) in your appliance using one of the
following commands in CLI:
security parameters) in your appliance using one of the
following commands in CLI:
•
wipedata
•
diagnostic > reload
See Cisco AsyncOS 8.0.2 for Email CLI Reference Guide.
More Secure AsyncOS Updates and
Upgrades
Upgrades
For enhanced security, AsyncOS now uses a stronger hashing
algorithm, SHA-384, to verify the received updates and
upgrades.
algorithm, SHA-384, to verify the received updates and
upgrades.