Secure Sensitive Data
Configuration Files
Configuration Files
Cisco Small Business 200 Series Smart Switch Administration Guide
A configuration file contains the configuration of a device. A device has a Running
Configuration file, a Startup Configuration file, a Mirror Configuration file
(optionally), and a Backup Configuration file. A user can manually upload and
download a configuration file to and from a remote file-server. A device can
automatically download its Startup Configuration from a remote file server during
the auto configuration stage using DHCP. Configuration files stored on remote file
servers are referred to as remote configuration files.
A Running Configuration file contains the configuration currently being used by a
device. The configuration in a Startup Configuration file becomes the Running
Configuration after reboot. Running and Startup Configuration files are formatted
in internal format. Mirror, Backup, and the remote configuration files are text-based
files usually kept for archive, records, or recovery. During copying, uploading, and
downloading a source configuration file, a device automatically transforms the
source content to the format of the destination file if the two files are of different
formats.
File SSD Indicator
When copying the Running or Startup Configuration file into a text-based
configuration file, the device generates and places the file SSD indicator in the
text-based configuration file to indicate whether the file contains encrypted
sensitive data, plaintext sensitive data or excludes sensitive data.
•
The SSD indicator, if it exists, must be in the configuration header file.
•
A text-based configuration that does not include an SSD indicator is
considered not to contain sensitive data.
•
The SSD indicator is used to enforce SSD read permissions on text-based
configuration files, but is ignored when copying the configuration files to the
Running or Startup Configuration file.
The SSD indicator in a file is set according to the user's instruction, during copy, to
include encrypted, plaintext or exclude sensitive data from a file.
19
262