Security: Secure Sensitive Data Management
SSD Management
319 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x
18
SSD grants read permission to sensitive data only to authenticated and authorized users, and
according to SSD rules. A device authenticates and authorizes management access to users
through the user authentication process.
Whether or not SSD is used, it is recommended that the administrator secure the authentication
process by using the local authentication database, and/or secure the communication to the
external authentication servers used in the user authentication process.
In summary, SSD protects sensitive data on a device with SSD rules, SSD properties, and user
authentication. And SSD rules, SSD properties, and user authentication configurations of the
device are themselves sensitive data protected by SSD.
SSD Management
SSD management includes a collection of configuration parameters that define the handling
and security of sensitive data. The SSD configuration parameters themselves are sensitive data
and are protected under SSD.
All configuration of SSD is performed through the SSD pages that are only available to users
with the correct permissions (see SSD Rules).
SSD Rules
SSD rules define the read permissions and default read mode given to a user session on a
management channel.
An SSD rule is uniquely identified by its user and SSD management channel. Different SSD
rules might exist for the same user but for different channels, and conversely, different rules
might exist for the same channel but for different users.
Read permissions determine how sensitive data can be viewed: in only encrypted form, in only
plaintext form, in both encrypted or plaintext, or no permission to view sensitive data. The
SSD rules themselves are protected as sensitive data.
A device can support a total of 32 SSD rules.
A device grants a user the SSD read permission of the SSD rule that best matches the user
identity/credential and the type of management channel from which the user is/will access the
sensitive data.
A device comes with a set of default SSD rules. An administrator can add, delete, and change
SSD rules as desired.
To Next Page
Loading...
