Secure Sensitive Data
Configuration Files
Cisco Small Business 200 Series Smart Switch Administration Guide
•
If there is no passphrase in the SSD control block of the source
configuration file, all the encrypted sensitive data in the file must be
encrypted by either the key generated from the local passphrase, or the
key generated from the default passphrase, but not both. Otherwise, the
source file is rejected and the copy fails.
•
The device configures the passphrase, passphrase control, and file
integrity, if any, from the SSD Control Block in the source configuration file to
the Startup Configuration file. It configures the Startup Configuration file
with the passphrase that is used to generate the key to decrypt the
sensitive data in the source configuration file. Any SSD configurations that
are not found are reset to the default.
•
If there is an SSD control block in the source configuration file and the file
contains plaintext, sensitive data excluding the SSD configurations in the
SSD control block, the file is accepted.
Running Configuration File
A Running Configuration file contains the configuration currently being used by the
device. A user can retrieve the sensitive data encrypted or in plaintext from a
running configuration file, subject to the SSD read permission and the current SSD
read mode of the management session. The user can change the Running
Configuration by copying the Backup or Mirror Configuration files through other
management actions via CLI, XML, and so on.
A device applies the following rules when a user directly changes the SSD
configuration in the Running Configuration:
•
If the user that opened the management session does not have SSD
permissions (meaning read permissions of either Both or Plaintext Only), the
device rejects all SSD commands.
•
When copied from a source file, File SSD indicator, SSD Control Block
Integrity, and SSD File Integrity are neither verified nor enforced.
•
When copied from a source file, the copy will fail if the passphrase in the
source file is in plaintext. If the passphrase is encrypted, it is ignored.
•
When directly configuring the passphrase, (non file copy), in the Running
Configuration, the passphrase in the command must be entered in plaintext.
Otherwise, the command is rejected.
19
264