Руководство Пользователя для Cisco Cisco Email Security Appliance C170
1-4
Cisco AsyncOS 9.0 for Email User Guide
Chapter 1 Getting Started with the Cisco Email Security Appliance
What’s New in This Release
Configurable SSH
Server Settings
Server Settings
You can now configure the following SSH server settings using the
sshconfig
command in CLI:
•
Public Key Authentication Algorithms
•
Cipher Algorithms
•
KEX Algorithms
•
MAC Methods
•
Minimum Server Key Size
See
Encrypt Sensitive Data
in FIPS Mode
in FIPS Mode
In FIPS mode, you can now encrypt:
•
Critical security parameters in your appliance
•
Swap space in your appliance.
This helps to prevent any unauthorized access or forensic attacks when the
physical security of the appliance is compromised.
physical security of the appliance is compromised.
Use the
fipsconfig
command in CLI to enable encryption of sensitive data
in the appliance. See
Encrypt Sensitive Data
in Configuration Files
in Configuration Files
You can now encrypt the critical security parameters in the appliance
configuration file while exporting, emailing, or displaying it.
configuration file while exporting, emailing, or displaying it.
See
Permanently Delete
Sensitive Data in the
Appliance
Sensitive Data in the
Appliance
You can now permanently delete sensitive data (critical security parameters)
in your appliance using one of the following commands in CLI:
in your appliance using one of the following commands in CLI:
•
wipedata
•
diagnostic > reload
See Cisco AsyncOS for Email CLI Reference Guide.
More Secure AsyncOS
Updates and Upgrades
Updates and Upgrades
For enhanced security, AsyncOS now uses a stronger hashing algorithm,
SHA-384, to verify the received updates and upgrades.
SHA-384, to verify the received updates and upgrades.
Configurable CLI
Session Timeout
Session Timeout
You can now specify how long a user can be logged into the Email Security
appliance’s CLI before AsyncOS logs the user out due to inactivity. See
appliance’s CLI before AsyncOS logs the user out due to inactivity. See
Note
The CLI session timeout applies only to the connections using Secure
Shell (SSH), SCP, and direct serial connection.
Shell (SSH), SCP, and direct serial connection.
Enhanced Security for
DKIM Signing Keys in
FIPS Mode
DKIM Signing Keys in
FIPS Mode
For enhanced security, if encryption of sensitive data in the appliance is
enabled in FIPS mode,
enabled in FIPS mode,
•
Private keys are not displayed in plain text while editing an existing
signing key. See
signing key. See
.
•
Signing keys are encrypted while exporting. See
Enhanced Security for
DSA Host Keys in FIPS
Mode
DSA Host Keys in FIPS
Mode
For enhanced security, in FIPS mode, AsyncOS for Email uses a 2048-bit
DSA host key.
DSA host key.
Feature
Description