Cisco SR224T Administration Guide - Page 260
Configuration File Integrity Control, Read Mode
View all Cisco SR224T manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 260 highlights
Secure Sensitive Data SSD Properties 19 • Restricted-The device restricts its passphrase from being exported into a configuration file. Restricted mode protects the encrypted sensitive data in a configuration file from devices that do not have the passphrase. This mode should be used when a user does not want to expose the passphrase in a configuration file. After a device is reset to the factory default, its local passphrase is reset to the default passphrase. As a result, the device will be not able to decrypt any sensitive data encrypted based on a user-defined passphrase entered from a management session (GUI/CLI), or in any configuration file with restricted mode, including the files created by the device itself before it is reset to factory default. This remains until the device is manually reconfigured with the user-defined passphrase, or learns the user-defined passphrase from a configuration file. Configuration File Integrity Control A user can protect a configuration file from being tampered or modified by creating the configuration file with Configuration File Integrity Control. It is recommended that Configuration File Integrity Control be enabled when a device uses a user-defined passphrase with Unrestricted Configuration File Passprhase Control. ! CAUTION Any modification made to a configuration file that is integrity protected is considered tampering. A device determines whether the integrity of a configuration file is protected by examining the File Integrity Control command in the file's SSD Control block. If a file is integrity protected but a device finds the integrity of the file is not intact, the device rejects the file. Otherwise, the file is accepted for further processing. A device checks for the integrity of a text-based configuration file when the file is downloaded or copied to the Startup Configuration file. Read Mode Each session has a Read mode. This determines how sensitive data is displayed. The Read mode can be either Plaintext, in which case sensitive data is displayed as regular text, or Encrypted, in which sensitive data is displayed in its encrypted form. Cisco Small Business 200 Series Smart Switch Administration Guide 261