Cisco Sg3008 Manual
Here you can view all the pages of manual Cisco Sg3008 Manual. The Cisco manuals for Switch are available online for free. You can easily download all the documents as PDF.
Page 481
Security: Secure Sensitive Data Management SSD Rules Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 443 21 is recommended that the user authentication process on a device is secured. To secure the user authentication process, you can use the local authentication database, as well as secure the communication through external authentication servers, such as a RADIUS server. The configuration of the secure communication to the external...
Page 482
Security: Secure Sensitive Data Management SSD Properties 444 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 21 SSD Default Read Mode Session Override The system contains sensitive data in a session, as either encrypted or plaintext, based on the read permission and the default read mode of the user. The default read mode can be temporarily overridden as long it does not conflict with the SSD read permission of the session. This change is effective...
Page 483
Security: Secure Sensitive Data Management SSD Properties Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 445 21 •Character Classes—The passphrase must have at least one upper case character, one lower case character, one numeric character, and one special character e.g. #,$. Default and User-defined Passphrases All devices come with a default, out-of-the box passphrase that is transparent to users. The default passphrase is never displayed in...
Page 484
Security: Secure Sensitive Data Management SSD Properties 446 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 21 •Unrestricted (default)—The device includes its passphrase when creating a configuration file. This enables any device accepting the configuration file to learn the passphrase from the file. •Restricted—The device restricts its passphrase from being exported into a configuration file. Restricted mode protects the encrypted sensitive data...
Page 485
Security: Secure Sensitive Data Management Configuration Files Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 447 21 Read Mode Each session has a Read mode. This determines how sensitive data appears. The Read mode can be either Plaintext, in which case sensitive data appears as regular text, or Encrypted, in which sensitive data appears in its encrypted form. Configuration Files A configuration file contains the configuration of a device. A...
Page 486
Security: Secure Sensitive Data Management Configuration Files 448 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 21 The SSD indicator in a file is set according to the user ’s instruction, during copy, to include encrypted, plaintext or exclude sensitive data from a file. SSD Control Block When a device creates a text-based configuration file from its Startup or Running Configuration file, it inserts an SSD control block into the file if a user...
Page 487
Security: Secure Sensitive Data Management Configuration Files Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 449 21 •If there is an SSD control block in the source configuration file and the file fails the SSD integrity check, and/or file integrity check, the device rejects the source file and fails the copy. •If there is no passphrase in the SSD control block of the source configuration file, all the encrypted sensitive data in the file must...
Page 488
Security: Secure Sensitive Data Management Configuration Files 450 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 21 •Configuration commands with encrypted sensitive data, that are encrypted with the key generated from the local passphrase, are configured into the Running Configuration. Otherwise, the configuration command is in error, and is not incorporated into the Running Configuration file. Backup and Mirror Configuration File A device...
Page 489
Security: Secure Sensitive Data Management Configuration Files Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 451 21 Sensitive Data Zero-Touch Auto Configuration SSD Zero-touch Auto Configuration is the auto configuration of target devices with encrypted sensitive data, without the need to manually pre-configure the target devices with the passphrase whose key is used to encrypted the sensitive data. The device currently supports Auto...
Page 490
Security: Secure Sensitive Data Management SSD Management Channels 452 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 21 SSD Management Channels Devices can be managed over management channels such as telnet, SSH, and web. SSD categories the channels into the following types based on their security and/or protocols: secured, insecure, secure-XML-SNMP, and insecure-XML-SNMP. The following describes whether SSD considers each management channel to be...