Cisco Small Business 200 Series Administration Manual page 295
Small business 200 series smart switch
Hide thumbs
Also See for Small Business 200 Series:
- User manual (428 pages) ,
- Administration manual (202 pages) ,
- Quick start manual (72 pages)
Table of Contents
Advertisement
Security: Secure Sensitive Data Management
SSD Rules
•
SNMP users on Insecure XML and SNMP (SNMPv1,v2, and v3 with no privacy) channel are
considered as All users.
•
SNMP community names are not used as user names to match SSD rules.
•
Access by a specific SNMPv3 user can be controlled by configuring an SSD rule with a user name
matching the SNMPv3 user name.
•
There must always be at least one rule with read permission: Plaintext Only or Both, because only
users with those permissions are able to access the SSD pages.
•
Changes in the default read mode and read permissions of a rule will become effective, and will be
applied to the affected user(s) and channel of all active management sessions immediately, excluding
the session making the changes even if the rule is applicable. When a rule is changed (add, delete,
edit), a system will update all the affected CLI/GUI sessions.
When the SSD rule applied upon the session login is changed from within that session, the user
NOTE
must log out and back in to see the change.
When doing a file transfer initiated by an XML or SNMP command, the underlying protocol used
NOTE
is TFTP. Therefore, the SSD rule for insecure channel will apply.
SSD Rules and User Authentication
SSD grants SSD permission only to authenticated and authorized users and according to the SSD rules. A
device depends on its user authentication process to authenticate and authorize management access. To
protect a device and its data including sensitive data and SSD configurations from unauthorized access, it is
recommended that the user authentication process on a device is secured. To secure the user
authentication process, you can use the local authentication database, as well as secure the communication
through external authentication servers, such as a RADIUS server. The configuration of the secure
communication to the external authentication servers are sensitive data and are protected under SSD.
NOTE
If a user from a channel issues an action that uses an alternate channel, the device applies the read
permission and default read mode from the SSD rule that match the user credential and the alternate
channel. For example, if a user logs in via a secure channel and starts a TFTP upload session, the SSD read
permission of the user on the insecure channel (TFTP) is applied
Cisco Small Business 200 Series Smart Switch Administration Guide
The user credential in the local authenticated database is already protected by a
non SSD related mechanism
22
294
Hide quick links:
Advertisement
Table of Contents
