Hewlett-Packard Company Network Switches Security Target Version 1.02 08/16/2013 Prepared for: Hewlett-Packard Development Compan
Security Target Version 1.02, 08/16/2013 10 HP 9500 48-port Gig-T REB Module HP 9500 16-port GbE SFP/8-port GbE Combo LEB Module HP
Security Target Version 1.02, 08/16/2013 11 2.2 TOE Architecture The HP Network switches share a common software code base, called
Security Target Version 1.02, 08/16/2013 12 queue management, semaphore management, time management, IPC, RPC, module loading management and c
Security Target Version 1.02, 08/16/2013 13 Security audit Cryptographic support User data protection Identification and authentic
Security Target Version 1.02, 08/16/2013 14 The TOE includes functions to perform self-tests so it might detect when it is failing. It also in
Security Target Version 1.02, 08/16/2013 15 3. Security Problem Definition The Security Problem Definition (composed of organizational polici
Security Target Version 1.02, 08/16/2013 16 A.NO_GENERAL_PURPOSE It is assumed that there are no general-purpose computing capabiliti
Security Target Version 1.02, 08/16/2013 17 4. Security Objectives Like the Security Problem Definition, the Security Objectives hav
Security Target Version 1.02, 08/16/2013 18 OE.PHYSICAL Physical security, commensurate with the value of the TOE and the data it
Security Target Version 1.02, 08/16/2013 19 5. IT Security Requirements This section defines the Security Functional Requirements (SF
Security Target Version 1.02, 08/16/2013 2 1. SECURITY TARGET INTRODUCTION ...
Security Target Version 1.02, 08/16/2013 20 5.2 TOE Security Functional Requirements The following table describes the SFRs that are satisfie
Security Target Version 1.02, 08/16/2013 21 b) For each audit event type, based on the auditable event definitions of the functional component
Security Target Version 1.02, 08/16/2013 22 Requirement Auditable Events Additional Audit Record Contents Termination of the trusted channel
Security Target Version 1.02, 08/16/2013 23 5.2.2.6 Cryptographic Operation (for keyed-hash message authentication) (FCS_COP.1(4)) FCS_COP.1
Security Target Version 1.02, 08/16/2013 24 5.2.3 User data protection (FDP) 5.2.3.1 Full Residual Information Protection (FDP_RIP.2) FDP_R
Security Target Version 1.02, 08/16/2013 25 FMT_SMR.2.2 The TSF shall be able to associate users with roles. FMT_SMR.2.3 The TSF shall ens
Security Target Version 1.02, 08/16/2013 26 5.2.7.4 Default TOE Access Banners (FTA_TAB.1) FTA_TAB.1.1 Refinement: Before establishing an a
Security Target Version 1.02, 08/16/2013 27 5.3 TOE Security Assurance Requirements The security assurance requirements for the TOE are the E
Security Target Version 1.02, 08/16/2013 28 AGD_OPE.1.6c The operational user guidance shall, for each user role, describe the security measu
Security Target Version 1.02, 08/16/2013 29 AVA_VAN.1.3e The evaluator shall conduct penetration testing, based on the identified potential v
Security Target Version 1.02, 08/16/2013 3 8.1.1 Security Objectives Rationale for the TOE and Environment ...
Security Target Version 1.02, 08/16/2013 30 5.4 Explicit Assurance Activities The following tables (Table 5 NDPP Security Functional
Security Target Version 1.02, 08/16/2013 31 Assurance Activity – Design Assurance Activity - Guidance Assurance Activity - Testing FAU_STG_EX
Security Target Version 1.02, 08/16/2013 32 Assurance Activity – Design Assurance Activity - Guidance Assurance Activity - Testing FCS_CKM_EX
Security Target Version 1.02, 08/16/2013 33 Assurance Activity – Design Assurance Activity - Guidance Assurance Activity - Testing FCS_IPSEC_
Security Target Version 1.02, 08/16/2013 34 Assurance Activity – Design Assurance Activity - Guidance Assurance Activity - Testing FCS_IPSEC_
Security Target Version 1.02, 08/16/2013 35 Assurance Activity – Design Assurance Activity - Guidance Assurance Activity - Testing FCS_SSH_EX
Security Target Version 1.02, 08/16/2013 36 Assurance Activity – Design Assurance Activity - Guidance Assurance Activity - Testing FDP_RIP.2.
Security Target Version 1.02, 08/16/2013 37 Assurance Activity – Design Assurance Activity - Guidance Assurance Activity - Testing FIA_UAU_EX
Security Target Version 1.02, 08/16/2013 38 Assurance Activity – Design Assurance Activity - Guidance Assurance Activity - Testing FPT_TUD_(E
Security Target Version 1.02, 08/16/2013 39 Assurance Activity – Design Assurance Activity - Guidance Assurance Activity - Testing FTA_TAB.1.
Security Target Version 1.02, 08/16/2013 4 1. Security Target Introduction This section identifies the Security Target (ST) and Target of Eva
Security Target Version 1.02, 08/16/2013 40 Assurance Activity ADV_FSP There are no specific assurance activities associated with these SA
Security Target Version 1.02, 08/16/2013 41 Assurance Activity ATE_IND The evaluator shall prepare a test plan and report documenting the te
Security Target Version 1.02, 08/16/2013 42 6. TOE Summary Specification This chapter describes the security functions: Security audit
Security Target Version 1.02, 08/16/2013 43 Functions Standards Certificates Asymmetric key generation Domain parameter generation NIST S
Security Target Version 1.02, 08/16/2013 44 The TOE uses a software-based random bit generator that complies with FIPS 140-2 ANSI x9.31 Rando
Security Target Version 1.02, 08/16/2013 45 Identifier Name Generation/ Algorithm Purpose Storage Location Zeroization Summary CSP6 SSH Sessio
Security Target Version 1.02, 08/16/2013 46 Identifier Name Generation/ Algorithm Purpose Storage Location Zeroization Summary CSP13 IKE Encry
Security Target Version 1.02, 08/16/2013 47 being received, the TOE uses a buffer to build all packet information. Once complete,
Security Target Version 1.02, 08/16/2013 48 FCS_CKM.1: See table above. FCS_CKM_EXT.4: Keys are zeroized when they are no longer needed
Security Target Version 1.02, 08/16/2013 49 The Identification and authentication function is designed to satisfy the following security funct
Security Target Version 1.02, 08/16/2013 5 Product Series Specific Devices HP 5800‐24G‐SFP Switch HP 5800‐48G‐PoE Switch HP 5800‐48G Switch H
Security Target Version 1.02, 08/16/2013 50 6.6 Protection of the TSF The TOE is an appliance and as such is designed to work independent of
Security Target Version 1.02, 08/16/2013 51 FPT_STM.1: The TOE includes its own hardware clock. FPT_TST_EXT.1: The TOE includes a number
Security Target Version 1.02, 08/16/2013 52 To support secure remote administration, the TOE includes an implementation of SSHv2. In each cas
Security Target Version 1.02, 08/16/2013 53 7. Protection Profile Claims This ST is conformant to the Security Requirements for Network Devic
Security Target Version 1.02, 08/16/2013 54 8. Rationale This section provides the rationale for completeness and consistency of the Security
Security Target Version 1.02, 08/16/2013 55 8.1.1.1 P.ACCESS_BANNER The TOE shall display an initial banner describing restrictions
Security Target Version 1.02, 08/16/2013 56 8.1.1.6 T.UNDETECTED_ACTIONS Malicious remote users or external IT entities may take actions t
Security Target Version 1.02, 08/16/2013 57 O.DISPLAY_BANNER O.PROTECTED_COMMUNICATIONS O.RESIDUAL_INFORMATION_CLEARING O.SESSION_LOCK O
Security Target Version 1.02, 08/16/2013 58 This TOE Security Objective is satisfied by ensuring: FTA_TAB.1: The TOE is required to display
Security Target Version 1.02, 08/16/2013 59 This TOE Security Objective is satisfied by ensuring: FAU_GEN.1: The TOE is required to be abl
Security Target Version 1.02, 08/16/2013 6 reproduced in this Security Target to ensure they are within scope of the corresponding evaluati
Security Target Version 1.02, 08/16/2013 60 FCS_COP.1(3): The TOE is required to either use digital signatures or cryptographic hashes to e
Security Target Version 1.02, 08/16/2013 61 ST Requirement CC Dependencies ST Dependencies FTP_ITC.1 none none FTP_TRP.1 none none AD
Security Target Version 1.02, 08/16/2013 62 Security audit Cryptographic support User data protection Identification and authentication
Security Target Version 1.02, 08/16/2013 63 Appendix A: Documentation for A Series Switches This Appendix provides a list of the product docum
Security Target Version 1.02, 08/16/2013 64 The following documents for the 5500 HI Switch series can be found under the General Reference sec
Security Target Version 1.02, 08/16/2013 65 R1211-HP 5820X & 5800 Switch Series Layer-3 IP Services Command Reference, 8 Jan 2013 http:
Security Target Version 1.02, 08/16/2013 66 H3C S9500E Series Routing Switches Network Management and Monitoring Configuration Guide, 1 Dec
Security Target Version 1.02, 08/16/2013 7 2.1 TOE Overview The HP Network switches are Gigabit Ethernet switch appliances which co
Security Target Version 1.02, 08/16/2013 8 optionally be used since they do not affect any of the claimed security functions but rather serve
Security Target Version 1.02, 08/16/2013 9 HP 7510 768Gbps Fabric/Main Processing Unit HP 7500 384Gbps Fabric/Main Processing Unit
Kommentare zu diesen Handbüchern