Security: Secure Sensitive Data Management
Configuration Files
Cisco Small Business 200 Series Smart Switch Administration Guide 299
22
The SSD indicator in a file is set according to the user’s instruction, during copy, to include encrypted,
plaintext or exclude sensitive data from a file.
SSD Control Block
When a device creates a text-based configuration file from its Startup or Running Configuration file, it
inserts an SSD control block into the file if a user requests the file is to include sensitive data. The SSD
control block, which is protected from tampering, contains SSD rules and SSD properties of the device
creating the file. A SSD control block starts and ends with "ssd-control-start" and "ssd-control-end"
respectively.
Startup Configuration File
The device currently supports copying from the Running, Backup, Mirror, and Remote Configuration files to
a Startup Configuration file. The configurations in the Startup Configuration are effective and become the
Running Configuration after reboot. A user can retrieve the sensitive data encrypted or in plaintext from a
startup configuration file, subject to the SSD read permission and the current SSD read mode of the
management session.
Read access of sensitive data in the startup configuration in any forms is excluded if the passphrase in the
Startup Configuration file and the local passphrase are different.
SSD adds the following rules when copying the Backup, Mirror, and Remote Configuration files to the
Startup Configuration file:
• After a device is reset to factory default, all of its configurations, including the SSD rules and
properties are reset to default.
• If a source configuration file contains encrypted sensitive data, but is missing an SSD control block,
the device rejects the source file and the copy fails.
• If there is no SSD control block in the source configuration file, the SSD configuration in the Startup
Configuration file is reset to default.
• If there is a passphrase in the SSD control block of the source configuration file, the device will reject
the source file, and the copy fails if there is encrypted sensitive data in the file not encrypted by the
key generated from the passphrase in the SSD control block.
• If there is an SSD control block in the source configuration file and the file fails the SSD integrity
check, and/or file integrity check, the device rejects the source file and fails the copy.
• If there is no passphrase in the SSD control block of the source configuration file, all the encrypted
sensitive data in the file must be encrypted by either the key generated from the local passphrase, or
the key generated from the default passphrase, but not both. Otherwise, the source file is rejected
and the copy fails.
To Next Page
Loading...
Need help?
General