Security: Secure Sensitive Data Management
SSD Rules
Cisco 350XG & 550XG Series 10G Stackable Managed Switches
•
Read Permission—The read permissions associate with the rules. These
can be the following:
-
(Lowest) Exclude—Users are not permitted to access sensitive data in
any form.
-
(Middle) Encrypted Only—Users are permitted to access sensitive data
as encrypted only.
-
(Higher) Plaintext Only—Users are permitted to access sensitive data in
plaintext only. Users will also have read and write permission to SSD
parameters as well.
-
(Highest) Both—Users have both encrypted and plaintext permissions
and are permitted to access sensitive data as encrypted and in
plaintext. Users will also have read and write permission to SSD
parameters as well.
Each management channel allows specific read permissions. The following
summarizes these.
Management Channel
Secure
Insecure
Secure XML SNMP
Insecure XML SNMP
•
Default Read Mode—All default read modes are subjected to the read
permission of the rule. The following options exist, but some might be
rejected, depending on the read permission. If the user-defined read
permission for a user is Exclude (for example), and the default read mode is
Encrypted, the user-defined read permission prevails.
-
Exclude—Do not allow reading sensitive data.
-
Encrypted—Sensitive data is presented in encrypted form.
-
Plaintext—Sensitive data is presented in plaintext form.
Each management channel allows specific read presumptions. The
following summarizes these.
Read Permission Options Allowed
Both, Encrypted Only
Both, Encrypted Only
Exclude, Plaintext Only
Exclude, Plaintext Only
21
467