Cisco Systems 200 Manual De Usuario
Security: Secure Sensitive Data Management
SSD Rules
287
Cisco Small Business 200 Series Smart Switch Administration Guide
19
SSD grants read permission to sensitive data only to authenticated and authorized users, and
according to SSD rules. A device authenticates and authorizes management access to users
through the user authentication process.
according to SSD rules. A device authenticates and authorizes management access to users
through the user authentication process.
Whether or not SSD is used, it is recommended that an administrator should
secure the authentication process by using the local authentication database, and/
or secure the communication to external authentication server (RADIUS and
TACACS) used in the user authentication process.
secure the authentication process by using the local authentication database, and/
or secure the communication to external authentication server (RADIUS and
TACACS) used in the user authentication process.
In summary, SSD protects sensitive data on a device with SSD rules, SSD properties, and user
authentication. And SSD rules, SSD properties, and user authentication configurations of the
device are themselves sensitive data protected by SSD
authentication. And SSD rules, SSD properties, and user authentication configurations of the
device are themselves sensitive data protected by SSD
.
SSD Management
SSD management includes a collection of configuration parameters that define
the handling and security of sensitive data. The SSD configuration parameters
themselves are sensitive data and are protected under SSD.
the handling and security of sensitive data. The SSD configuration parameters
themselves are sensitive data and are protected under SSD.
All configuration of SSD is performed through the SSD pages that are only
available to users with the correct permissions (see
available to users with the correct permissions (see
SSD Rules
SSD rules define the read permissions and default read mode given to a user
session on a management channel.
session on a management channel.
An SSD rule is uniquely identified by its user and SSD management channel.
Different SSD rules might exist for the same user but for different channels, and
conversely, different rules might exist for the same channel but for different users.
Different SSD rules might exist for the same user but for different channels, and
conversely, different rules might exist for the same channel but for different users.
Read permissions determine how sensitive data can be viewed: in only encrypted
form, in only plaintext form, in both encrypted or plaintext, or no permission to view
sensitive data. The SSD rules themselves are protected as sensitive data.
form, in only plaintext form, in both encrypted or plaintext, or no permission to view
sensitive data. The SSD rules themselves are protected as sensitive data.
A device can support a total of 32 SSD rules.
A device grants a user the SSD read permission of the SSD rule that best matches
the user identity/credential and the type of management channel from which the
user is/will access the sensitive data.
the user identity/credential and the type of management channel from which the
user is/will access the sensitive data.
A device comes with a set of default SSD rules. An administrator can add, delete,
and change SSD rules as desired.
and change SSD rules as desired.