Security: Secure Sensitive Data Management
SSD Rules
NOTE
Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3
A device may not support all the channels defined by SSD.
Elements of an SSD Rule
An SSD rule includes the following elements:
•
User type—The user types supported in order of most preference to least
preference are as follows: (If a user matches multiple SSD rules, the rule
with the most preference User Type will be applied).
-
Specific—The rule applies to a specific user.
-
Default User (cisco)—The rule applies to the default user (cisco).
-
Level 15—The rule applies to users with privilege level 15.
-
All—The rule applies to all users.
•
User Name—If user type is Specific, a user name is required.
•
Channel. Type of SSD management channel to which the rule is applied.
The channel types supported are:
-
Secure—Specifies the rule applies only to secure channels. Depending
on the device, it may support some or all of the following secure
channels:
Console port interface, SCP, SSH, and HTTPS.
-
Insecure—Specifies that this rule applies only to insecure channels.
Depending on the device, it may support some or all of the following
insecure channels:
Telnet, TFTP, and HTTP.
-
Secure XML SNMP—Specifies that this rule applies only to XML over
HTTPS or SNMPv3 with privacy. A device may or may not support all of
the secure XML and SNMP channels.
-
Insecure XML SNMP—Specifies that this rule applies only to XML over
HTTP or SNMPv1/v2 and SNMPv3 without privacy. A device may or may
not support all of the secure XML and SNMP channels.
•
Read Permission—The read permissions associate with the rules. These
can be the following:
-
(Lowest) Exclude—Users are not permitted to access sensitive data in
any form.
-
(Middle) Encrypted Only—Users are permitted to access sensitive data
as encrypted only.
23
442