User's Manual
Security: Secure Sensitive Data Management
SSD Rules
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)  443
21
is recommended that the user authentication process on a device is secured. To 
secure the user authentication process, you can use the local authentication 
database, as well as secure the communication through external authentication 
servers, such as a RADIUS server. The configuration of the secure communication 
to the external authentication servers are sensitive data and are protected under 
SSD. 
NOTE The user credential in the local authenticated database is already protected by a 
non SSD related mechanism
If a user from a channel issues an action that uses an alternate channel, the device 
applies the read permission and default read mode from the SSD rule that match 
the user credential and the alternate channel. For example, if a user logs in via a 
secure channel and starts a TFTP upload session, the SSD read permission of the 
user on the insecure channel (TFTP) is applied 
Default SSD Rules
The device has the following factory default rules: 
The default rules can be modified, but they cannot be deleted. If the SSD default 
rules have been changed, they can be restored. 
Table 3
Rule Key  Rule Action 
User Channel  Read 
Permission 
Default Read Mode 
Level 
15 
Secure XML 
SNMP 
Plaintext Only  Plaintext 
Level 
15 
Secure Both  Encrypted 
Level 
15 
Insecure Both  Encrypted 
All Insecure XML 
SNMP 
Exclude Exclude 
All Secure  Encrypted Only Encrypted 
All Insecure  Encrypted Only Encrypted 










