Ssd Properties - Cisco 350 Series Administration Manual

19

SSD Properties

368
SSD Default Read Mode Session Override
The system contains sensitive data in a session, as either encrypted or plaintext, based on the
read permission and the default read mode of the user.
The default read mode can be temporarily overridden as long it does not conflict with the SSD
read permission of the session. This change is effective immediately in the current session,
until one of the following occurs:
• User changes it again.
• Session is terminated.
• The read permission of the SSD rule that is applied to the session user is changed and
is no longer compatible with the current read mode of the session. In this case, the
session read mode returns to the default read mode of the SSD rule.
SSD properties are a set of parameters that, in conjunction with the SSD rules, define and
control the SSD environment of a device. The SSD environment consists of these properties:
• Controlling how the sensitive data is encrypted.
• Controlling the strength of security on configuration files.
• Controlling how the sensitive data is viewed within the current session.
Passphrase
A passphrase is the basis of the security mechanism in the SSD feature, and is used to generate
the key for the encryption and decryption of sensitive data. Devices that have the same
passphrase are able to decrypt each other's sensitive data encrypted with the key generated
from the passphrase.
A passphrase must comply with the following rules:
• Length—Between 8-16 characters, inclusive.
• Character Classes—The passphrase must have at least one upper case character, one
lower case character, one numeric character, and one special character e.g. #,$.
Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4
Security: Secure Sensitive Data Management
SSD Properties