Cisco Cisco SG300-28 28-Port Gigabit Managed Switch Maintenance Manual
Security: Secure Sensitive Data Management
SSD Rules
501
Cisco 300 Series Managed Switches Administration Guide
21
is recommended that the user authentication process on a device is secured. To
secure the user authentication process, you can use the local authentication
database, as well as secure the communication through external authentication
servers, such as a RADIUS server. The configuration of the secure communication
to the external authentication servers are sensitive data and are protected under
SSD.
secure the user authentication process, you can use the local authentication
database, as well as secure the communication through external authentication
servers, such as a RADIUS server. The configuration of the secure communication
to the external authentication servers are sensitive data and are protected under
SSD.
NOTE
The user credential in the local authenticated database is already protected by a
non SSD related mechanism
non SSD related mechanism
If a user from a channel issues an action that uses an alternate channel, the device
applies the read permission and default read mode from the SSD rule that match
the user credential and the alternate channel. For example, if a user logs in via a
secure channel and starts a TFTP upload session, the SSD read permission of the
user on the insecure channel (TFTP) is applied
applies the read permission and default read mode from the SSD rule that match
the user credential and the alternate channel. For example, if a user logs in via a
secure channel and starts a TFTP upload session, the SSD read permission of the
user on the insecure channel (TFTP) is applied
Default SSD Rules
The device has the following factory default rules:
The default rules can be modified, but they cannot be deleted. If the SSD default
rules have been changed, they can be restored.
rules have been changed, they can be restored.
Table 4
Rule Key
Rule Action
User Channel
Read
Permission
Permission
Default Read Mode
Level
15
15
Secure XML
SNMP
SNMP
Plaintext Only
Plaintext
Level
15
15
Secure Both
Encrypted
Level
15
15
Insecure Both
Encrypted
All Insecure
XML
SNMP
Exclude Exclude
All Secure
Encrypted
Only
Encrypted
All Insecure
Encrypted
Only
Encrypted