Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
33-18
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 33 Distributing Administrative Tasks
Passphrases
Step 5
Submit and commit your changes.
What To Do Next
If you selected List of words to disallow in passphrases, create and upload the described text file.
External Authentication
If you store user information in an LDAP or RADIUS directory on your network, you can configure your
Cisco appliance to use the external directory to authenticate users who log in to the appliance. To set up
the appliance to use an external directory for authentication, use the System Administration > Users page
in the GUI or the
Cisco appliance to use the external directory to authenticate users who log in to the appliance. To set up
the appliance to use an external directory for authentication, use the System Administration > Users page
in the GUI or the
userconfig
command and the
external
subcommand in the CLI.
Passphrase Rules:
List of words to disallow in
passphrases
passphrases
You can create a list of words to disallow in passphrases.
Make this file a text file with each forbidden word on a separate line.
Save the file with the name
Save the file with the name
forbidden_password_words.txt
and use
SCP or FTP to upload the file to the appliance.
If this restriction is selected but no word list is uploaded, this
restriction is ignored.
restriction is ignored.
Passphrase Strength
You can display a passphrase-strength indicator when an admin or user
enters a new passphrase.
enters a new passphrase.
This setting does not enforce creation of strong passphrases, it merely
shows how easy it is to guess the entered passphrase.
shows how easy it is to guess the entered passphrase.
Select the roles for which you wish to display the indicator. Then, for
each selected role, enter a number greater than zero. A larger number
means that a passphrase that registers as strong is more difficult to
achieve. This setting has no maximum value.
each selected role, enter a number greater than zero. A larger number
means that a passphrase that registers as strong is more difficult to
achieve. This setting has no maximum value.
Examples:
•
If you enter
30
, then an 8 character passphrase with at least one
upper- and lower-case letter, number, and special character will
register as a strong passphrase.
register as a strong passphrase.
•
If you enter
18
, then an 8 character passphrase with all lower case
letters and no numbers or special characters will register as strong.
Passphrase strength is measured on a logarithmic scale. Evaluation is
based on the U.S. National Institute of Standards and Technology rules
of entropy as defined in NIST SP 800-63, Appendix A.
based on the U.S. National Institute of Standards and Technology rules
of entropy as defined in NIST SP 800-63, Appendix A.
Generally, stronger passphrases:
•
Are longer
•
Include upper case, lower case, numeric, and special characters
•
Do not include words in any dictionary in any language.
To enforce passphrases with these characteristics, use the other
settings on this page.
settings on this page.
Setting
Description