NSA shares Cisco password best practices
On February 17, the National Security Agency published guidance to help administrators secure network infrastructure devices and their credentials. The “Cisco Password Types: Best Practices” Cybersecurity Information Sheet analyzes Cisco’s wide variety of password encryption and hashing schemes to secure passwords stored in configuration files. NSA provides recommendations based on each password type and best practices to help administrators secure sensitive credentials.
Cisco devices are used globally to secure network infrastructure devices, including across the Department of Defense, National Security Systems, and the Defense Industrial Base. Each device has plaintext configuration files that contain settings that control device behavior, determine how to direct network traffic, and store pre-shared keys and user authentication information. Any credentials within Cisco configuration files could be at risk of compromise if strong password types are not used.
The Cybersecurity Information Sheet reviews Cisco’s password type options and evaluates how difficult each password type is to crack, its vulnerability severity, and lists NSA’s recommendation for use.
NSA recommends that Type 8 passwords be enabled and used for all Cisco devices running software developed after 2013. Devices running software from before 2013 should be immediately updated. Type 6 passwords should be used when reversible encryption must be used.
NSA also recommends using privilege levels to restrict access and using multi-factor authentication for administrators managing critical devices.
Read the full Cybersecurity Information Sheet.
Like IC News? Then please consider subscribing. You’ll get full access to our searchable library of 10,000+ articles, plus new articles each weekday.