435
• Password complexity checking policy
A less complicated password such as a password containing the username or repeated
characters is more likely to be cracked. For higher security, you can configure a password
complexity checking policy to make sure all user passwords are relatively complicated. With
such a policy configured, when a user configures a password, the system checks the
complexity of the password. If the password is complexity-incompliant, the system refuses the
password and displays a password configuration failure message.
You can apply the following password complexity requirements:
{ A password cannot contain the username or the reverse of the username. For example, if
the username is abc, a password such as abc982 or 2cba is not complex enough.
{ No character of the password is repeated three or more times consecutively. For example,
password a111 is not complex enough.
• Password display in the form of a string of asterisks (*)
For security purposes, the password a user enters is displayed in the form of a string of
asterisks (*).
• Authentication timeout management
Authentication timeout management is only for Telnet and Terminal users.
The authentication period is from when the server obtains the username to when the server
finishes authenticating the user's password. If a user fails to log in within the configured period
of time, the system tears down the connection.
• Maximum account idle time
You can set the maximum account idle time to make accounts idle for this period of time
become invalid and unable to log in again. For example, if you set the maximum account idle
time to 60 days and the user with the account test has not logged in successfully within 60 days
after the last successful login, the account becomes invalid and the user is unable to log in
again.
• Logging
The system logs all successful password changing events and the events of adding users to the
password control blacklist.
FIPS compliance
Table 23 shows the support of MSR routers for the FIPS mode that complies with NIST FIPS 140-2
requirements. Support for features, commands, and parameters might differ in FIPS mode and
non-FIPS mode. For more information about FIPS mode, see "Configuring FIPS."
Table 23 Hardware and FIPS mode compatibility matrix
Hardware FIPS mode
MSR900 No
MSR93X No
MSR20-1X No
MSR20 Yes
MSR30
Supported on all MSR30 series except for
MSR30-16
MSR50 Yes
MSR1000 Yes
To Next Page
Loading...
Need help?
General
