HP A-Series Spezifikationen PDF herunterladen (Seite 49)

Security Target Version 1.02, 08/16/2013

The Identification and authentication function is designed to satisfy the following security functional requirements:

 FIA_PMG_EXT.1: The TOE implements a configurable minimum password length and allows passwords

to be composed of any combination of upper and lower case letters, numbers and special characters, as

described above.

 FIA_UAU.7: The TOE does not echo passwords as they are entered.

 FIA_UAU_EXT.2: The TOE can be configured to utilize external RADIUS and TACACS authentication

servers.

 FIA_UIA_EXT.1: The TOE doesn’t offer any services or access to its functions without requiring a user to

be identified and authenticated.

6.5 Security management

The TOE supports four privilege levels (i.e., roles): Visit, Monitor, System, and Manage. Manage is the highest

privilege level followed closely by the system privilege level and, given limited differences, for the purpose of this

Security Target both are considered instances of the ‘Security Administrator’ as defined in the NDPP. The other two

privilege levels represent logical subsets of those security management roles, but do not offer any security relevant

configuration management capabilities.

Visit: Involves commands for network diagnosis and accessing an external device. Configuration of

commands at this level cannot survive a device restart. Upon device restart, the commands at this

level will be restored to the default settings. Commands at this level include ping, tracert, telnet

and ssh2.

Monitor: Involves commands for system maintenance and service fault diagnosis. Commands at this level

are not allowed to be saved after being configured. After the switch is restarted, the commands at

this level will be restored to the default settings. Commands at this level include debugging,

terminal, refresh, reset, and send.

System: Involves service configuration commands, such as routing configuration commands and

commands for configuring services at different network levels. By default, commands at this level

include all configuration commands except for those at the manage level.

Manage: Involves commands that influence the basic operation of the system and commands for

configuring system support modules. By default, commands at this level involve the configuration

commands of file system, SFTP, STELNET, user management, level setting, and parameter

settings within a system (which are not defined by any protocols or RFCs).

The System and Manage roles, and hence the Security Administrator, are the only roles capable of managing the

security functions of the TOE. The other roles are limited to non-security relevant functions and review of

information.

The TOE offers a command-line interface providing a range of security management functions for use by an

authorized administrator. Among these functions are those necessary to manage all aspects of the cryptographic

functions of the TOE, those necessary to enable or disable the network services offered by the TOE, and the

functions necessary to review the TOE versions, update the TOE components, and also to verify the validity of those

updates.

The Security management function is designed to satisfy the following security functional requirements:

 FMT_MTD.1: The TOE restricts the access to manage TSF data that can affect the security functions of the

TOE to Security Administrators (i.e., System and Manage roles).

 FMT_SMF.1: The TOE includes the functions necessary to enable/disable available network services, to

manage the cryptomodule and associated functions, and to manage and verify updates of the TOE software

and firmware.

 FMT_SMR.1: The TOE includes four defined roles, two of which correspond to the require ‘Security

Administrator’.

1 2 ... 44 45 46 47 48 49 50 51 52 53 54 ... 65 66

Kommentare zu diesen Handbüchern

Keine Kommentare

HP A-Series Spezifikationen Seite 49

Kommentare zu diesen Handbüchern

Verwandte Produkte und Handbücher für PC / Workstation Barebones HP A-Series