Security: Secure Sensitive Data Management
SSD Management Channels
331 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x
18
If the configuration file was generated with a user passphrase and SSD file passphrase control
is Restricted, the resulting configuration file can be auto-configured to the desired target
devices. However, for auto configuration to succeed with a user-defined passphrase, the target
devices must be manually pre-configured with the same passphrase as the device that
generates the files, which is not zero touch.
If the device creating the configuration file is in Unrestricted passphrase control mode, the
device includes the passphrase in the file. As a result, the user can auto configure the target
devices, including devices that are out-of-the-box or in factory default, with the configuration
file without manually pre-configuring the target devices with the passphrase. This is zero
touch because the target devices learn the passphrase directly from the configuration file.
NOTE Devices that are out-of-the-box or in factory default states use the default anonymous user to
access the SCP server.
SSD Management Channels
Devices can be managed over management channels such as telnet, SSH, and web. SSD
categories the channels into the following types based on their security and/or protocols:
secured, insecure, secure-XML-SNMP, and insecure-XML-SNMP.
The following describes whether SSD considers each management channel to be secure or
insecure. If it is insecure, the table indicates the parallel secure channel.
Management Channel SSD Management
Channel Type
Parallel Secured Management
Channel
Console Secure
Telnet Insecure SSH
SSH Secure
GUI/HTTP Insecure GUI/HTTPS
GUI/HTTPS Secure
XML/HTTP Insecure-XML-SNMP XML/HTTPS
XML/HTTPS Secure-XML-SNMP
SNMPv1/v2/v3 without
privacy
Insecure-XML-SNMP Secure-XML-SNMP
SNMPv3 with privacy Secure-XML-SNMP
(level-15 users)
To Next Page
Loading...
