Security: Secure Sensitive Data Management
SSD Rules
567 Cisco 500 Series Stackable Managed Switch Administration Guide
26
is recommended that the user authentication process on a device is secured. To
secure the user authentication process, you can use the local authentication
database, as well as secure the communication through external authentication
servers, such as a RADIUS server. The configuration of the secure communication
to the external authentication servers are sensitive data and are protected under
SSD.
NOTE The user credential in the local authenticated database is already protected by a
non SSD related mechanism
If a user from a channel issues an action that uses an alternate channel, the device
applies the read permission and default read mode from the SSD rule that match
the user credential and the alternate channel. For example, if a user logs in via a
secure channel and starts a TFTP upload session, the SSD read permission of the
user on the insecure channel (TFTP) is applied
Default SSD Rules
The device has the following factory default rules:
The default rules can be modified, but they cannot be deleted. If the SSD default
rules have been changed, they can be restored.
Table 8
Rule Key Rule Action
User Channel Read
Permission
Default Read Mode
Level
15
Secure XML
SNMP
Plaintext Only Plaintext
Level
15
Secure Both Encrypted
Level
15
Insecure Both Encrypted
All Insecure XML
SNMP
Exclude Exclude
All Secure Encrypted Only Encrypted
All Insecure Encrypted Only Encrypted
To Next Page
Loading...
Need help?
General
