Security: Secure Sensitive Data Management
SSD Management Channels
NOTE
SSD Management Channels
Cisco Small Business 300 Series Managed Switch Administration Guide
If the device creating the configuration file is in Unrestricted passphrase control
mode, the device includes the passphrase in the file. As a result, the user can auto
configure the target devices, including devices that are out-of-the-box or in factory
default, with the configuration file without manually pre-configuring the target
devices with the passphrase. This is zero touch because the target devices learn
the passphrase directly from the configuration file.
Devices that are out-of-the-box or in factory default states use the default
anonymous user to access the SCP server.
Devices can be managed over management channels such as telnet, SSH, and
web. SSD categories the channels into the following types based on their security
and/or protocols: secured, insecure, secure-XML-SNMP, and insecure-XML-SNMP.
The following describes whether SSD considers each management channel to be
secure or insecure. If it is insecure, the table indicates the parallel secure channel.
Security of Management Channels
Management Channels
Management Channel
Console
Telnet
SSH
GUI/HTTP
GUI/HTTPS
XML/HTTP
XML/HTTPS
SNMPv1/v2/v3 without
privacy
SSD Management
Channel Type
Secure
Insecure
Secure
Insecure
Secure
Insecure-XML-
SNMP
Secure-XML-SNMP
Insecure-XML-
SNMP
18
Parallel Secured
Management Channel
SSH
GUI/HTTPS
XML/HTTPS
Secure-XML-SNMP
374