Security: Secure Sensitive Data Management
SSD Management Channels
Cisco Small Business 200 Series Smart Switch Administration Guide 302
22
If the configuration file was generated with a user passphrase and SSD file passphrase control is
Restricted, the resulting configuration file can be auto-configured to the desired target devices. However,
for auto configuration to succeed with a user-defined passphrase, the target devices must be manually pre-
configured with the same passphrase as the device that generates the files, which is not zero touch.
If the device creating the configuration file is in Unrestricted passphrase control mode, the device includes
the passphrase in the file. As a result, the user can auto configure the target devices, including devices that
are out-of-the-box or in factory default, with the configuration file without manually pre-configuring the
target devices with the passphrase. This is zero touch because the target devices learn the passphrase
directly from the configuration file.
NOTE Devices that are out-of-the-box or in factory default states use the default
anonymous user to access the SCP server.
SSD Management Channels
Devices can be managed over management channels such as telnet, SSH, and web. SSD categories the
channels into the following types based on their security and/or protocols: secured, insecure, secure-XML-
SNMP, and insecure-XML-SNMP.
The following describes whether SSD considers each management channel to be secure or insecure. If it is
insecure, the table indicates the parallel secure channel.
Management Channel SSD Management
Channel Type
Parallel Secured
Management Channel
GUI/HTTP Insecure GUI/HTTPS
GUI/HTTPS Secure
XML/HTTP Insecure-XML-
SNMP
XML/HTTPS
XML/HTTPS Secure-XML-SNMP
SNMPv1/v2/v3 without
privacy
Insecure-XML-
SNMP
Secure-XML-SNMP
SNMPv3 with privacy Secure-XML-SNMP
(level-15 users)
TFTP Insecure SCP
SCP (Secure Copy) Secure
To Next Page
Loading...
Need help?
General