Home > Cisco > Switch > Cisco Sg3008 Manual

Cisco Sg3008 Manual

Here you can view all the pages of manual Cisco Sg3008 Manual. The Cisco manuals for Switch are available online for free. You can easily download all the documents as PDF.

Page 481

Security: Secure Sensitive Data Management
SSD Rules
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)  443
21
 
is recommended that the user authentication process on a device is secured. To 
secure the user authentication process, you can use the local authentication 
database, as well as secure the communication through external authentication 
servers, such as a RADIUS server. The configuration of the secure communication 
to the external...

Page 482

Security: Secure Sensitive Data Management
SSD Properties
444 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 
21
SSD Default Read Mode Session Override 
The system contains sensitive data in a session, as either encrypted or plaintext, 
based on the read permission and the default read mode of the user.
The default read mode can be temporarily overridden as long it does not conflict 
with the SSD read permission of the session. This change is effective...

Page 483

Security: Secure Sensitive Data Management
SSD Properties
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)  445
21
 
•Character Classes—The passphrase must have at least one upper case 
character, one lower case character, one numeric character, and one special 
character e.g. #,$. 
Default and User-defined Passphrases 
All devices come with a default, out-of-the box passphrase that is transparent to 
users. The default passphrase is never displayed in...

Page 484

Security: Secure Sensitive Data Management
SSD Properties
446 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 
21
•Unrestricted (default)—The device includes its passphrase when creating a 
configuration file. This enables any device accepting the configuration file 
to learn the passphrase from the file. 
•Restricted—The device restricts its passphrase from being exported into a 
configuration file. Restricted mode protects the encrypted sensitive data...

Page 485

Security: Secure Sensitive Data Management
Configuration Files
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)  447
21
 
Read Mode
Each session has a Read mode. This determines how sensitive data appears. The 
Read mode can be either Plaintext, in which case sensitive data appears as 
regular text, or Encrypted, in which sensitive data appears in its encrypted form.
Configuration Files
A configuration file contains the configuration of a device. A...

Page 486

Security: Secure Sensitive Data Management
Configuration Files
448 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 
21
The SSD indicator in a file is set according to the user ’s instruction, during copy, to 
include encrypted, plaintext or exclude sensitive data from a file. 
SSD Control Block
When a device creates a text-based configuration file from its Startup or Running 
Configuration file, it inserts an SSD control block into the file if a user...

Page 487

Security: Secure Sensitive Data Management
Configuration Files
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)  449
21
 
•If there is an SSD control block in the source configuration file and the file 
fails the SSD integrity check, and/or file integrity check, the device rejects 
the source file and fails the copy. 
•If there is no passphrase in the SSD control block of the source 
configuration file, all the encrypted sensitive data in the file must...

Page 488

Security: Secure Sensitive Data Management
Configuration Files
450 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 
21
•Configuration commands with encrypted sensitive data, that are encrypted 
with the key generated from the local passphrase, are configured into the 
Running Configuration. Otherwise, the configuration command is in error, 
and is not incorporated into the Running Configuration file. 
Backup and Mirror Configuration File
A device...

Page 489

Security: Secure Sensitive Data Management
Configuration Files
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)  451
21
 
Sensitive Data Zero-Touch Auto Configuration 
SSD Zero-touch Auto Configuration is the auto configuration of target devices with 
encrypted sensitive data, without the need to manually pre-configure the target 
devices with the passphrase whose key is used to encrypted the sensitive data. 
The device currently supports Auto...

Page 490

Security: Secure Sensitive Data Management
SSD Management Channels
452 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 
21
SSD Management Channels
Devices can be managed over management channels such as telnet, SSH, and 
web. SSD categories the channels into the following types based on their security 
and/or protocols: secured, insecure, secure-XML-SNMP, and insecure-XML-SNMP.
The following describes whether SSD considers each management channel to be...
Start reading Cisco Sg3008 Manual

Related Manuals for Cisco Sg3008 Manual

All Cisco manuals