Security: Secure Sensitive Data Management
SSD Rules
Cisco Small Business 200 Series Smart Switch Administration Guide 293
22
• Default Read Mode—All default read modes are subjected to the read permission of the rule. The
following options exist, but some might be rejected, depending on the read permission. If the user-
defined read permission for a user is Exclude (for example), and the default read mode is Encrypted,
the user-defined read permission prevails.
- Exclude—Do not allow reading sensitive data.
- Encrypted—Sensitive data is presented in encrypted form.
- Plaintext—Sensitive data is presented in plaintext form.
Each management channel allows specific read presumptions. The following summarizes these.
* The Read mode of a session can be temporarily changed in the SSD Properties page if the new
read mode does not violate the read permission.
NOTE Note the following:
• The default Read mode for the Secure XML SNMP and Insecure XML SNMP management channels
must be identical to their read permission.
• Read permission Exclude is allowed only for Secure XML SNMP and Insecure XML SNMP
management channels; Exclude is not allowed for regular secure and insecure channels.
• Exclude sensitive data in secure and Insecure XML-SNMP management channels means that the
sensitive data is presented as a 0 (meaning null string or numeric 0). If the user wants to view
sensitive data, the rule must be changed to plaintext.
• By default, an SNMPv3 user with privacy and XML-over-secure channels permissions is considered
to be a level-15 user.
Insecure Both, Encrypted Only
Secure XML SNMP Exclude, Plaintext Only
Insecure XML SNMP Exclude, Plaintext Only
Read Permission Default Read Mode Allowed
Exclude Exclude
Encrypted Only *Encrypted
Plaintext Only *Plaintext
Both *Plaintext, Encrypted
Management Channel Read Permission Options Allowed
To Next Page
Loading...
