Security: Secure Sensitive Data Management
Configuration Files
372 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4
19
Startup Configuration File
The device currently supports copying from the Running, Backup, Mirror, and Remote
Configuration files to a Startup Configuration file. The configurations in the Startup
Configuration are effective and become the Running Configuration after reboot. A user can
retrieve the sensitive data encrypted or in plaintext from a startup configuration file, subject to
the SSD read permission and the current SSD read mode of the management session.
Read access of sensitive data in the startup configuration in any forms is excluded if the
passphrase in the Startup Configuration file and the local passphrase are different.
SSD adds the following rules when copying the Backup, Mirror, and Remote Configuration
files to the Startup Configuration file:
• After a device is reset to factory default, all of its configurations, including the SSD
rules and properties are reset to default.
• If a source configuration file contains encrypted sensitive data, but is missing an SSD
control block, the device rejects the source file and the copy fails.
• If there is no SSD control block in the source configuration file, the SSD configuration
in the Startup Configuration file is reset to default.
• If there is a passphrase in the SSD control block of the source configuration file, the
device will reject the source file, and the copy fails if there is encrypted sensitive data
in the file not encrypted by the key generated from the passphrase in the SSD control
block.
• If there is an SSD control block in the source configuration file and the file fails the
SSD integrity check, and/or file integrity check, the device rejects the source file and
fails the copy.
• If there is no passphrase in the SSD control block of the source configuration file, all
the encrypted sensitive data in the file must be encrypted by either the key generated
from the local passphrase, or the key generated from the default passphrase, but not
both. Otherwise, the source file is rejected and the copy fails.
• The device configures the passphrase, passphrase control, and file integrity, if any,
from the SSD Control Block in the source configuration file to the Startup
Configuration file. It configures the Startup Configuration file with the passphrase that
is used to generate the key to decrypt the sensitive data in the source configuration file.
Any SSD configurations that are not found are reset to the default.
• If there is an SSD control block in the source configuration file and the file contains
plaintext, sensitive data excluding the SSD configurations in the SSD control block,
the file is accepted.
To Next Page
Loading...
