Cisco 300 Series Administration Manual page 479

Security: Secure Sensitive Data Management
SSD Rules
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
- (Higher) Plaintext Only—Users are permitted to access sensitive data in
plaintext only. Users will also have read and write permission to SSD
parameters as well.
- (Highest) Both—Users have both encrypted and plaintext permissions
and are permitted to access sensitive data as encrypted and in
plaintext. Users will also have read and write permission to SSD
parameters as well.
Each management channel allows specific read permissions. The following
summarizes these.
Management Channel
Secure
Insecure
Secure XML SNMP
Insecure XML SNMP
• Default Read Mode—All default read modes are subjected to the read
permission of the rule. The following options exist, but some might be
rejected, depending on the read permission. If the user-defined read
permission for a user is Exclude (for example), and the default read mode is
Encrypted, the user-defined read permission prevails.
- Exclude—Do not allow reading sensitive data.
- Encrypted—Sensitive data is presented in encrypted form.
- Plaintext—Sensitive data is presented in plaintext form.
Each management channel allows specific read presumptions. The
following summarizes these.
Read Permission
Exclude
Encrypted Only
Plaintext Only
Both
* The Read mode of a session can be temporarily changed in the SSD
Properties page if the new read mode does not violate the read permission.
Read Permission Options Allowed
Both, Encrypted Only
Both, Encrypted Only
Exclude, Plaintext Only
Exclude, Plaintext Only
Default Read Mode Allowed
Exclude
*Encrypted
*Plaintext
*Plaintext, Encrypted
21
441