Cisco Cisco Email Security Appliance X1070 Mode D'Emploi
1-5
Cisco AsyncOS 8.0.1 for Email User Guide
Chapter 1 Getting Started with the Cisco Email Security Appliance
What’s New in This Release
FIPS 140-2 Level
1 Compliance
1 Compliance
The Cisco Email Security appliance uses the CiscoSSL Cryptographic Toolkit, a
GGSG-approved cryptography suite, to comply with FIPS 140-2 Level 1 standard.
CiscoSSL contains an enhanced version of OpenSSL as well as the FIPS-compliant
Cisco Common Cryptography Module.
GGSG-approved cryptography suite, to comply with FIPS 140-2 Level 1 standard.
CiscoSSL contains an enhanced version of OpenSSL as well as the FIPS-compliant
Cisco Common Cryptography Module.
Administrators can turn FIPS mode on or off using the
fipsconfig
CLI command.
In addition to using CiscoSSL, AsyncOS 8.0 for Email has the following
enhancements to when the appliance is in FIPS mode:
enhancements to when the appliance is in FIPS mode:
•
AsyncOS restricts the types of certificates and keys used by the appliance in
FIPS mode.
FIPS mode.
•
AsyncOS has dropped support for version 1 of the SSH protocol for incoming
and outcoming connections, including pushing logs by SCP.
and outcoming connections, including pushing logs by SCP.
•
RSA keys for DKIM signing can only be 1024, 1536, and 2048 bits. DKIM
verification will return
verification will return
permfail
for certificates that aren’t FIPS-compliant.
•
Serial port sessions to the Email Security appliance time out 30 minutes after
the connection to the port is terminated.
the connection to the port is terminated.
•
The following communication between the appliance and other servers will be
FIPS compliant, including LDAPS, remote mail hosts, Cisco servers, and the
web interface.
FIPS compliant, including LDAPS, remote mail hosts, Cisco servers, and the
web interface.
•
Features that do not need to use CiscoSSL for communication or do not send
customer data do not need to be FIPS-compliant. These features include: other
clustered appliances, RSA Enterprise Manager (DLP), Cisco update servers,
and encryption.
customer data do not need to be FIPS-compliant. These features include: other
clustered appliances, RSA Enterprise Manager (DLP), Cisco update servers,
and encryption.
Note
As part of FIPS compliance, AsyncOS for Email no longer supports SSH
version 1.
version 1.
Warning
If you have upgraded from AsyncOS 7.3, the appliance will no longer be
running in FIPS mode. You will need to import or generate new
certificates and keys after the upgrade.
running in FIPS mode. You will need to import or generate new
certificates and keys after the upgrade.
FIPS is available on both the physical and virtual Email Security appliances.
for more information.
My Favorites list Add the pages you use most to a quick-access menu of your favorite pages.
for more information.
Download
upgrades in the
background
upgrades in the
background
You can now download upgrades in the background and install them later, allowing
you to minimize interruption of service.
you to minimize interruption of service.
for more information.
Reporting
enhancements
enhancements
Reporting enhancements let you:
•
Create a custom report page with the charts and tables you reference most.
•
Click links in reports to view the Message Tracking data for messages that
violate Data Loss Prevention or Content Filtering policies. This enhancement
will simplify investigating patterns and root causes of such violations.
violate Data Loss Prevention or Content Filtering policies. This enhancement
will simplify investigating patterns and root causes of such violations.
for more information.
Feature
Description