Cisco SR224T Administration Guide - Page 258

Secure Sensitive Data SSD Properties 19 SSD Default Read Mode Session Override The system displays sensitive data in a session, as either encrypted or plaintext, based on the read permission and the default read mode of the user. The default read mode can be temporarily overridden as long it does not conflict with the SSD read permission of the session. This change is effective immediately in the current session, until one of the following occurs: • User changes it again. • Session is terminated. • The read permission of the SSD rule that is applied to the session user is changed and is no longer compatible with the current read mode of the session. In this case, the session read mode returns to the default read mode of the SSD rule. SSD Properties SSD properties are a set of parameters that, in conjunction with the SSD rules, define and control the SSD environment of a device. The SSD environment consists of these properties: • Controling how the sensitive data is encrypted. • Controling the strength of security on configuration files. • Controling how the sensitive data is viewed within the current session. Passphrase A passphrase is the basis of the security mechanism in the SSD feature, and is used to generate the key for the encryption and decryption of sensitive data. Sx200, Sx300, Sx500, and SG500x series switches that have the same passphrase are able to decrypt each other's sensitive data encrypted with the key generated from the passphrase. A passphrase must comply with the following rules: • Length-Between 8-16 characters. • Character Classes-The passphrase must have at least one upper case character, one lower case character, one numeric character, and one special character e.g. #,$. Cisco Small Business 200 Series Smart Switch Administration Guide 259