Security: Secure Sensitive Data Management
SSD Rules
366 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4
19
* The Read mode of a session can be temporarily changed in the SSD Properties page
if the new read mode does not violate the read permission.
NOTE Note the following:
• The default Read mode for the Secure XML SNMP and Insecure XML SNMP
management channels must be identical to their read permission.
• Read permission Exclude is allowed only for Secure XML SNMP and Insecure XML
SNMP management channels; Exclude is not allowed for regular secure and insecure
channels.
• Exclude sensitive data in secure and Insecure XML-SNMP management channels
means that the sensitive data is presented as a 0 (meaning null string or numeric 0). If
the user wants to view sensitive data, the rule must be changed to plaintext.
• By default, an SNMPv3 user with privacy and XML-over-secure channels permissions
is considered to be a level-15 user.
• SNMP users on Insecure XML and SNMP (SNMPv1,v2, and v3 with no privacy)
channel are considered as All users.
• SNMP community names are not used as user names to match SSD rules.
• Access by a specific SNMPv3 user can be controlled by configuring an SSD rule with
a user name matching the SNMPv3 user name.
• There must always be at least one rule with read permission: Plaintext Only or Both,
because only users with those permissions are able to access the SSD pages.
• Changes in the default read mode and read permissions of a rule will become effective,
and will be applied to the affected user(s) and channel of all active management
sessions immediately, excluding the session making the changes even if the rule is
applicable. When a rule is changed (add, delete, edit), a system will update all the
affected CLI/GUI sessions.
NOTE When the SSD rule applied upon the session login is changed from within that session, the user
must log out and back in to see the change.
NOTE When doing a file transfer initiated by an XML or SNMP command, the underlying protocol
used is TFTP. Therefore, the SSD rule for insecure channel will apply.
To Next Page
Loading...
Need help?
General
