Security: Secure Sensitive Data Management
SSD Rules
289 Cisco Small Business 200 Series Smart Switch Administration Guide
19
- (Higher) Plaintext Only—Users are permitted to access sensitive data in
plaintext only. Users will also have read and write permission to SSD
parameters as well.
- (Highest) Both—Users have both encrypted and plaintext permissions
and are permitted to access sensitive data as encrypted and in
plaintext. Users will also have read and write permission to SSD
parameters as well.
Each management channel allows specific read permissions. The following
summarizes these.
• Default Read Mode—All default read modes are subjected to the read
permission of the rule. The following options exist, but some might be
rejected, depending on the read permission. If the user-defined read
permission for a user is Exclude (for example), and the default read mode is
Encrypted, the user-defined read permission prevails.
- Exclude—Do not allow reading sensitive data.
- Encrypted—Sensitive data is presented in encrypted form.
- Plaintext—Sensitive data is presented in plaintext form.
Each management channel allows specific read presumptions. The
following summarizes these.
Table1 Read Permissions Allowed per Management Channel
Management Channel Read Permission Options Allowed
Secure Both, Encrypted Only
Insecure Both, Encrypted Only
Secure XML SNMP Exclude, Plaintext Only
Insecure XML SNMP Exclude, Plaintext Only
Table 2 Default Read Modes for Read Permissions
Read Permission Default Read Mode Allowed
Exclude Exclude
Encrypted Only *Encrypted
Plaintext Only *Plaintext