Cisco Cisco Email Security Appliance C170

Release Notes for AsyncOS 9.0 for Cisco Email Security Appliances

Changes in Behavior

•

Deprecated Commands, page 5

•

Disk Space for Quarantines, page 6

•

Changes in Password Change Options, page 6

•

Changes in Local User Account and Password Settings, page 6

•

Opening a Support Case from the Appliance, page 6

•

New Log for URL Filtering, page 6

•

Stricter Password Rules, page 6

•

Removal of Option to Enable Telnet for Appliance Access, page 6

Deprecated Commands

The

disk_usage

subcommand under

diagnostics

has been deprecated. To view and configure disk

space quotas, use the

diskquotaconfig

command instead.

More secure AsyncOS
updates and upgrades

For enhanced security, AsyncOS now uses a stronger hashing algorithm,
SHA-384, to verify the received updates and upgrades.

Configurable CLI
Session Timeout

You can now specify how long a user can be logged into the Email Security
appliance’s CLI before AsyncOS logs the user out due to inactivity.

Note

The CLI session timeout applies only to the connections using Secure
Shell (SSH), SCP, and direct serial connection.

Enhanced security for
DKIM Signing Keys in
FIPS mode

For enhanced security, if encryption of sensitive data in the appliance is
enabled in FIPS mode,

•

Private keys are not displayed in plain text while editing an existing
signing key.

•

Signing keys are encrypted while exporting.

Enhanced security for
DSA Host Keys in FIPS
mode

For enhanced security, in FIPS mode, AsyncOS for Email uses a 2048-bit
DSA host key.

Enhanced security for
Demonstration
Certificate

The demonstration certificate is updated to use keys of size 2048 bits and
1024 bits for FIPS mode and non-FIPS mode, respectively.

Enhanced URL
Defanging

Message and content filters for URL defanging now accounts for DNS
spoofing and replaces a “.” (dot) in the URL with “[.]”. For example, after
defanging, www.defangurl.com becomes
BLOCKEDwww[.]defangurl[.]comBLOCKED.

Feature

Description