HP A-Series Spezifikationen PDF herunterladen (Seite 35)

Security Target Version 1.02, 08/16/2013

Assurance Activity – Design

Assurance Activity - Guidance

Assurance Activity - Testing

FCS_SSH_EXT.1.2

The evaluator shall check to ensure that

the TSS contains a description of the

public key algorithms that are acceptable

for use for authentication, that this list

conforms to FCS_SSH_EXT.1.5, and

ensure that password-based

authentication methods are also allowed.

The evaluator shall also perform the following tests:

Test 1: The evaluator shall, for each public key

algorithm supported, show the TOE supports the use

of that public key algorithm to authenticate a user

connection. Any configuration activities required to

support this test shall be performed according to

instructions in the operational guidance.

Test 2: Using the operational guidance, the evaluator

shall configure the TOE to accept password-based

authentication, and demonstrate a user can be

successfully authenticated to the TOE over SSH using

a password as an authenticator.

FCS_SSH_EXT.1.3

The evaluator shall check that the TSS

describes how 'large packets' in terms of

RFC 4253 are detected and handled.

The evaluator shall also perform the following test:

Test 1: The evaluator shall demonstrate that if the

TOE receives a packet larger than specified in this

component, that packet is dropped.

FCS_SSH_EXT.1.4

The evaluator shall check the description

of the implementation of this protocol in

the TSS to ensure that optional

characteristics are specified, and the

encryption algorithms supported are

specified as well. The evaluator shall

check the TSS to ensure that the

encryption algorithms specified are

identical to those listed for this

component.

The evaluator shall also check the operational

guidance to ensure it contains instructions on

configuring the TOE so SSH conforms to the

description in the TSS (for instance, the set of

algorithms advertised by the TOE may have to

be restricted to meet the requirements).

The evaluator shall also perform the following test:

Test 1: The evaluator shall establish a SSH

connection using each of the encryption algorithms

specified by the requirement. It is sufficient to

observe (on the wire) the successful negotiation of a

protocol to satisfy the intent of the test.

FCS_SSH_EXT.1.5

The assurance activity associated with FCS_SSH_EXT.1.4 verifies this requirement.

FCS_SSH_EXT.1.6

The evaluator shall check the TSS to

ensure that it lists the supported data

integrity algorithms, and that the list

corresponds to the list in this component.

The evaluator shall also check the operational

guidance to ensure it contains instructions to the

administrator on how to ensure only the allowed

data integrity algorithms are used in SSH

connections with the TOE (specifically, that the

'none' MAC algorithm is not allowed).

FCS_SSH_EXT.1.7

If this capability is 'hard-coded' into the

TOE, the evaluator shall check the TSS

to ensure that this is stated in the

discussion of the SSH protocol.

The evaluator shall ensure operational guidance

contains configuration information that will

allow the security administrator to configure the

TOE so that all key exchanges for SSH are

performed using DH group 14.

The evaluator shall also perform the following test:

Test 1: The evaluator shall attempt to perform a

diffie-hellman-group1-sha1 key exchange, and

observe the attempt fails. The evaluator shall then

attempt to perform a diffie-hellman-group14-sha1 key

exchange, and observe the attempt succeeds.

1 2 ... 30 31 32 33 34 35 36 37 38 39 40 ... 65 66

Kommentare zu diesen Handbüchern

Keine Kommentare

HP A-Series Spezifikationen Seite 35

Kommentare zu diesen Handbüchern

Verwandte Produkte und Handbücher für PC / Workstation Barebones HP A-Series