Cisco SR224T Administration Guide - Page 253
SSD Rules, SSD Management
View all Cisco SR224T manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 253 highlights
Secure Sensitive Data SSD Rules 19 SSD grants read permission to sensitive data only to authenticated and authorized users, and according to SSD rules. A device authenticates and authorizes management access to users through the user authentication process. Whether or not SSD is used, it is recommended that an administrator should secure the authentication process by using the local authentication database, and/ or secure the communication to external authentication server (RADIUS and TACACS) used in the user authentication process. In summary, SSD protects sensitive data on a device with SSD rules, SSD properties, and user authentication. And SSD rules, SSD properties, and user authentication configurations of the device are themselves sensitive data protected by SSD. SSD Management SSD management includes a collection of configuration parameters that define the handling and security of sensitive data. The SSD configuration parameters themselves are sensitive data and are protected under SSD. All configuration of SSD is performed through the SSD pages that are only available to users with the correct permissions (see SSD Rules). SSD Rules SSD rules define the read permissions and default read mode given to a user session on a management channel. An SSD rule is uniquely identified by its user and SSD management channel. Different SSD rules might exist for the same user but for different channels, and conversely, different rules might exist for the same channel but for different users. Read permissions determine how sensitive data can be viewed: in only encrypted form, in only plaintext form, in both encrypted or plaintext, or no permission to view sensitive data. The SSD rules themselves are protected as sensitive data. A device can support a total of 32 SSD rules. A device grants a user the SSD read permission of the SSD rule that best matches the user identity/credential and the type of management channel from which the user is/will access the sensitive data. A device comes with a set of default SSD rules. An administrator can add, delete, and change SSD rules as desired. Cisco Small Business 200 Series Smart Switch Administration Guide 254