Cisco 500 series Administration Manual page 366

Secure Sensitive Data
SSD Rules
NOTE
Cisco 500 Series Stackable Managed Switch Administration Guide
A device may not support all the channels defined by SSD.
Elements of an SSD Rule
An SSD rule includes the following elements:
• User type—The user types supported in order of most preference to least
preference are as follows: (If a user matches multiple SSD rules, the rule
with the most preference User Type will be applied).
- Specific—The rule applies to a specific user.
- Default User (cisco)—The rule applies to the default user (cisco).
- Level 15—The rule applies to users with privilege level 15.
- All—The rule applies to all users.
• User Name—If user type is Specific, a user name is required.
• Channel. Type of SSD management channel to which the rule is applied.
The channel types supported are:
- Secure—Specifies the rule applies only to secure channels. Depending
on the device, it may support some or all of the following secure
channels:
Console port interface, SCP, SSH, and HTTPS.
- Insecure—Specifies that this rule applies only to insecure channels.
Depending on the device, it may support some or all of the following
insecure channels:
Telnet, TFTP, and HTTP.
- Secure XML SNMP—Specifies that this rule applies only to XML over
HTTPS or SNMPv3 with privacy. A device may or may not support all of
the secure XML and SNMP channels.
- Insecure XML SNMP—Specifies that this rule applies only to XML over
HTTP or SNMPv1/v2 and SNMPv3 without privacy. A device may or
may not support all of the secure XML and SNMP channels.
• Read Permission—The read permissions associate with the rules. These
can be the following:
- (Lowest) Exclude—Users are not permitted to access sensitive data in
any form.
- (Middle) Encrypted Only—Users are permitted to access sensitive data
as encrypted only.
22
366