Details

Sets a local username and password

Rationale:

Default device configuration does not require strong user authentication enabling unfettered access to an attacker that can reach the device. Creating a local account with a strong password enforces login authentication and provides a fallback authentication mechanism in case remote centralized authentication, authorization and accounting services are unavailable

Solution

Run the following to set a local username and password.

hostname(config)#username password privilege

The privilege level is chosen between 0 and 15. If the privilege is not configured, the default one is 2.

Default Value:

The default username used for the first SSH connection or aaa authentication telnet console is asa but for versions from 8.4(2) and above, there is no default username

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/3246

This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Cisco.

References

• 800-53|IA-5(1)
• CSCv7|4.4

Source

• Tenable.com/audits