Ssd Properties - Cisco 300 Series Administration Manual

21

SSD Properties

444
SSD Default Read Mode Session Override
The system contains sensitive data in a session, as either encrypted or plaintext,
based on the read permission and the default read mode of the user.
The default read mode can be temporarily overridden as long it does not conflict
with the SSD read permission of the session. This change is effective immediately
in the current session, until one of the following occurs:
• User changes it again.
• Session is terminated.
• The read permission of the SSD rule that is applied to the session user is
changed and is no longer compatible with the current read mode of the
session. In this case, the session read mode returns to the default read
mode of the SSD rule.
SSD properties are a set of parameters that, in conjunction with the SSD rules,
define and control the SSD environment of a device. The SSD environment
consists of these properties:
• Controlling how the sensitive data is encrypted.
• Controlling the strength of security on configuration files.
• Controlling how the sensitive data is viewed within the current session.
Passphrase
A passphrase is the basis of the security mechanism in the SSD feature, and is
used to generate the key for the encryption and decryption of sensitive data.
Sx200, Sx300, Sx500, and SG500X/SG500XG/ESW2-550X series switches that
have the same passphrase are able to decrypt each other's sensitive data
encrypted with the key generated from the passphrase.
A passphrase must comply with the following rules:
• Length—Between 8-16 characters.
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
Security: Secure Sensitive Data Management
SSD Properties