Cisco Cisco Email Security Appliance C170
5
Release Notes for AsyncOS 9.0 for Cisco Email Security Appliances
Changes in Behavior
Changes in Behavior
•
•
•
•
•
•
•
•
Deprecated Commands
The
disk_usage
subcommand under
diagnostics
has been deprecated. To view and configure disk
space quotas, use the
diskquotaconfig
command instead.
More secure AsyncOS
updates and upgrades
updates and upgrades
For enhanced security, AsyncOS now uses a stronger hashing algorithm,
SHA-384, to verify the received updates and upgrades.
SHA-384, to verify the received updates and upgrades.
Configurable CLI
Session Timeout
Session Timeout
You can now specify how long a user can be logged into the Email Security
appliance’s CLI before AsyncOS logs the user out due to inactivity.
appliance’s CLI before AsyncOS logs the user out due to inactivity.
Note
The CLI session timeout applies only to the connections using Secure
Shell (SSH), SCP, and direct serial connection.
Shell (SSH), SCP, and direct serial connection.
Enhanced security for
DKIM Signing Keys in
FIPS mode
DKIM Signing Keys in
FIPS mode
For enhanced security, if encryption of sensitive data in the appliance is
enabled in FIPS mode,
enabled in FIPS mode,
•
Private keys are not displayed in plain text while editing an existing
signing key.
signing key.
•
Signing keys are encrypted while exporting.
Enhanced security for
DSA Host Keys in FIPS
mode
DSA Host Keys in FIPS
mode
For enhanced security, in FIPS mode, AsyncOS for Email uses a 2048-bit
DSA host key.
DSA host key.
Enhanced security for
Demonstration
Certificate
Demonstration
Certificate
The demonstration certificate is updated to use keys of size 2048 bits and
1024 bits for FIPS mode and non-FIPS mode, respectively.
1024 bits for FIPS mode and non-FIPS mode, respectively.
Enhanced URL
Defanging
Defanging
Message and content filters for URL defanging now accounts for DNS
spoofing and replaces a “.” (dot) in the URL with “[.]”. For example, after
defanging, www.defangurl.com becomes
BLOCKEDwww[.]defangurl[.]comBLOCKED.
spoofing and replaces a “.” (dot) in the URL with “[.]”. For example, after
defanging, www.defangurl.com becomes
BLOCKEDwww[.]defangurl[.]comBLOCKED.
Feature
Description