Tech QOTD – Password Security (Security+)


Take a look at the figure. Here we have an Cisco SG200 Switch What are the security issues that you can see? (Click the image to enlarge.)


(see answer below and video response)

This is just one of hundreds of questions and answers included with my Security+ Cert Guide.



The most glaring problem is that the Password Complexity Settings checkbox is not enabled. By default on a switch such as this it would be enabled, but you should always check just in case. Without complexity, a person could set very weak passwords for a user account allowed to login to this switch. This doesn’t affect other computers but it does affect all user accounts on this switch.

Once that is enabled, the options below it become configurable. Note that the current minimum password length of 4 characters is not nearly enough. Cisco recommends 8, but you might find 10 or even 15 as your organization’s minimum. In addition, the allowed character repetition is much too high, and the minimal number of character classes is too low. You should opt for either 3 (the default here) or all 4.

Finally, your organization might decide that 180 days is too long for password aging time, and that passwords should be changed more frequently. In fact, this might be necessary for compliance with various third-party auditing organizations.

See the video solution for more.

Video Solution:

Answer at 0:36.

Do you enjoy learning by watching? Then check out the CompTIA Security+ (SY0-401) Complete Video Course by fellow instructor Michael J Shannon.