Name: Cisco 300 Series
Brand: Cisco
Rating: 5 (1 reviews)

To Next Page

To Previous Page

Security: Secure Sensitive Data Management

SSD Rules

442 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)

NOTE Note the following:

• The default Read mode for the Secure XML SNMP and Insecure XML SNMP

management channels must be identical to their read permission.

• Read permission Exclude is allowed only for Secure XML SNMP and

Insecure XML SNMP management channels; Exclude is not allowed for

regular secure and insecure channels.

• Exclude sensitive data in secure and Insecure XML-SNMP management

channels means that the sensitive data is presented as a 0 (meaning null

string or numeric 0). If the user wants to view sensitive data, the rule must

be changed to plaintext.

• By default, an SNMPv3 user with privacy and XML-over-secure channels

permissions is considered to be a level-15 user.

• SNMP users on Insecure XML and SNMP (SNMPv1,v2, and v3 with no

privacy) channel are considered as All users.

• SNMP community names are not used as user names to match SSD rules.

• Access by a specific SNMPv3 user can be controlled by configuring an

SSD rule with a user name matching the SNMPv3 user name.

• There must always be at least one rule with read permission: Plaintext Only

or Both, because only users with those permissions are able to access the

SSD pages.

• Changes in the default read mode and read permissions of a rule will

become effective, and will be applied to the affected user(s) and channel of

all active management sessions immediately, excluding the session making

the changes even if the rule is applicable. When a rule is changed (add,

delete, edit), a system will update all the affected CLI/GUI sessions.

NOTE When the SSD rule applied upon the session login is changed from

within that session, the user must log out and back in to see the change.

NOTE When doing a file transfer initiated by an XML or SNMP command, the

underlying protocol used is TFTP. Therefore, the SSD rule for insecure

channel will apply.

SSD Rules and User Authentication

SSD grants SSD permission only to authenticated and authorized users and

according to the SSD rules. A device depends on its user authentication process

to authenticate and authorize management access. To protect a device and its

data including sensitive data and SSD configurations from unauthorized access, it

Cisco 300 Series Administration Guide

Other manuals for Cisco 300 Series