Name: Cisco Small Business 200 Series
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

Security: Secure Sensitive Data Management

SSD Properties

Cisco Small Business 200 Series Smart Switch Administration Guide 297

The local passphrase can be configured to be either the default passphrase or a user-defined passphrase.

By default, the local passphrase and default passphrase are identical. It can be changed by administrative

actions from either the Command Line Interface (if available) or the web-based interface. It is automatically

changed to the passphrase in the startup configuration file, when the startup configuration becomes the

running configuration of the device. When a device is reset to factory default, the local passphrase is reset

to the default passphrase.

Configuration File Passphrase Control

File passphrase control provides additional protection for a user-defined passphrase, and the sensitive

data that are encrypted with the key generated from the user-defined passphrase, in text-based

configuration files.

The following are the existing passphrase control modes:

• Unrestricted (default)—The device includes its passphrase when creating a configuration file. This

enables any device accepting the configuration file to learn the passphrase from the file.

• Restricted—The device restricts its passphrase from being exported into a configuration file.

Restricted mode protects the encrypted sensitive data in a configuration file from devices that do not

have the passphrase. This mode should be used when a user does not want to expose the

passphrase in a configuration file.

After a device is reset to the factory default, its local passphrase is reset to the default passphrase. As a

result, the device will be not able to decrypt any sensitive data encrypted based on a user-defined

passphrase entered from a management session (GUI/CLI), or in any configuration file with restricted mode,

including the files created by the device itself before it is reset to factory default. This remains until the

device is manually reconfigured with the user-defined passphrase, or learns the user-defined passphrase

from a configuration file.

Configuration File Integrity Control

A user can protect a configuration file from being tampered or modified by creating the configuration file

with Configuration File Integrity Control. It is recommended that Configuration File Integrity Control be

enabled when a device uses a user-defined passphrase with Unrestricted Configuration File Passprhase

Control.

CAUTION Any modification made to a configuration file that is integrity protected is

considered tampering.

Cisco Small Business 200 Series Administration Guide

Other manuals for Cisco Small Business 200 Series