Chapter 22: Security: Secure Sensitive Data Management; Introduction - Cisco Small Business 200 Series Administration Manual

Security: Secure Sensitive Data Management
Secure Sensitive Data (SSD) is an architecture that facilitates the protection of sensitive data on a device,
such as passwords and keys. The facility makes use of passphrases, encryption, access control, and user
authentication to provide a secure solution to managing sensitive data.
The facility is extended to protect the integrity of configuration files, to secure the configuration process,
and to support SSD zero-touch auto configuration.
•

Introduction

• SSD Rules
• SSD Properties
• Configuration Files
• SSD Management Channels
• Menu CLI and Password Recovery
• Configuring SSD
Introduction
SSD protects sensitive data on a device, such as passwords and keys, permits and denies access to
sensitive data encrypted and in plain text based on user credentials
configuration files containing sensitive data from being tampered with.
In addition, SSD enables the secure backup and sharing of configuration files containing sensitive data.
SSD provides users with the flexibility to configure the desired level of protection on their sensitive data;
no protection with sensitive data in plaintext, minimum protection with encryption based on the default passphrase,
from
and better protection with encryption based on user-defined passphrase.
SSD grants read permission to sensitive data only to authenticated and authorized users, and according to SSD rules. A
device authenticates and authorizes management access to users through the user authentication process.
Cisco Small Business 200 Series Smart Switch Administration Guide
22
and SSD rules
, and protects
290