Security: Secure Sensitive Data Management
SSD Rules
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 441
21
- (Higher) Plaintext Only—Users are permitted to access sensitive data in
plaintext only. Users will also have read and write permission to SSD
parameters as well.
- (Highest) Both—Users have both encrypted and plaintext permissions
and are permitted to access sensitive data as encrypted and in
plaintext. Users will also have read and write permission to SSD
parameters as well.
Each management channel allows specific read permissions. The following
summarizes these.
• Default Read Mode—All default read modes are subjected to the read
permission of the rule. The following options exist, but some might be
rejected, depending on the read permission. If the user-defined read
permission for a user is Exclude (for example), and the default read mode is
Encrypted, the user-defined read permission prevails.
- Exclude—Do not allow reading sensitive data.
- Encrypted—Sensitive data is presented in encrypted form.
- Plaintext—Sensitive data is presented in plaintext form.
Each management channel allows specific read presumptions. The
following summarizes these.
* The Read mode of a session can be temporarily changed in the SSD
Properties page if the new read mode does not violate the read permission.
Management Channel Read Permission Options Allowed
Secure Both, Encrypted Only
Insecure Both, Encrypted Only
Secure XML SNMP Exclude, Plaintext Only
Insecure XML SNMP Exclude, Plaintext Only
Read Permission Default Read Mode Allowed
Exclude Exclude
Encrypted Only *Encrypted
Plaintext Only *Plaintext
Both *Plaintext, Encrypted
To Next Page
Loading...
