For local accounts using password authentication (i.e., the root account and the account of last resort), the Juniper SRX Services Gateway must enforce password complexity by setting the password change type to character sets.

From Juniper SRX SG NDM Security Technical Implementation Guide

Associated with: CCI-000192

SV-81007r1_rule For local accounts using password authentication (i.e., the root account and the account of last resort), the Juniper SRX Services Gateway must enforce password complexity by setting the password change type to character sets.

Vulnerability discussion

Use of a complex passwords helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. The password change-type command specifies whether a minimum number of character-sets or a minimum number of character-set transitions are enforced. The DoD requires this setting be set to character-sets.

Check content

Verify the default local password enforces password complexity by setting the password change type to character sets [edit] show system login password If the password change-type is not set to character-sets, this is a finding.

Fix text

Configure the default local password to enforce password complexity by setting the password change type to character sets [edit] set system login password change-type character-sets

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.