HP A-Series Spezifikationen Seite 51
- Seite / 66
- Inhaltsverzeichnis
- LESEZEICHEN
Bewertet. / 5. Basierend auf Kundenbewertungen
Security Target Version 1.02, 08/16/2013
51
FPT_STM.1: The TOE includes its own hardware clock.
FPT_TST_EXT.1: The TOE includes a number of power-on diagnostics that will serve to ensure the TOE
is functioning properly. The tests include ensure memory and flash can be accessed as expected, to ensure
software checksums are correct, and also to test the presence and function of plugged devices.
FPT_TUD_EXT.1: The TOE provides functions to query and upgrade the versions of the boot ROM
program and system boot file (including installing hotfixes). Digital signatures are used to ensure the
integrity of each upgrade prior to performing the upgrade; this checking is optional for the boot ROM
program since special circumstances might require those checks to be disabled.
6.7 TOE access
The TOE can be configured to display administrator-configured advisory banners that will appear under a variety of
circumstances. A session banner can be configured to be displayed when a session is established. A login banner can
be configured to display welcome information in conjunction with login prompts. A message of the day can also be
configured to be displayed before authentication is completed. A legal banner can be configured to present legal
advisories prior to a user logging in and this banner waits, requiring the user to confirm whether they want to
continue with the authentication process. In each case, the banners will be displayed when accessing the TOE via the
console or SSH interfaces.
The TOE can be configured by an administrator to set an interactive session timeout value (any integer value in
minutes and also optionally in seconds, with 0 disabling the timeout) – the default timeout is 10 minutes. A remote
session that is inactive (i.e., no commands issuing from the remote client) for the defined timeout value will be
terminated. A local session that is similarly inactive for the defined timeout period will be terminated. The user will
be required to re-enter their user id and their password so they can establish a new session once a session is
terminated. If the user id and password match those of the user that was locked, the session is reconnected with the
console and normal input/output can again occur for that user.
The TOE access function is designed to satisfy the following security functional requirements:
FTA_SSL.3: The TOE terminates remote sessions that have been inactive for an administrator-configured
period of time.
FTA_SSL.4: The TOE provides the function to logout (or terminate) the both local and remote user
sessions as directed by the user.
FTA_SSL_EXT.1: The TOE terminates local sessions that have been inactive for an administrator-
configured period of time.
FTA_TAB.1: The TOE can be configured to display administrator-defined advisory banners when
administrators successfully establish interactive sessions with the TOE.
6.8 Trusted path/channels
The TOE can be configured to export audit records to an external SYSLOG server. In order to protect exported audit
records from disclosure or modification, the TOE can be configured to utilize IPsec connections and can also be
configured to utilize dedicated VLANs for this purpose. Of course, the SYSLOG server would need to be configured
to also use IPsec and to be on the dedicated VLAN in the operational environment. If the SYSLOG server is
adjacent to the TOE, the VLAN configuration would directly ensure audit records are sent only to the SYSLOG
server. If the SYSLOG server is not adjacent to the TOE, it is assumed other trusted switches similarly configured to
recognize the dedicated VLAN would ensure audit records sent on the dedicated VLAN remain only on that VLAN
and will be sent to the configured SYSLOG server appropriately. Regardless, IPsec would ensure SYSLOG records
are not disclosed even if they are not restricted to only protected network segments.
Other remote peers, such as SNMP, NTP, RADIUS, and TACACS servers, could also be configured to utilize IPsec
or to be on dedicated VLANs if deemed necessary in a given operational environment.
- Switches Security Target 1
- 1.2 Conformance Claims 5
- 1.3 Conventions 6
- 2. TOE Description 6
- 2.1 TOE Overview 7
- 2.2 TOE Architecture 11
- 2.2.2 Physical Boundaries 12
- 2.2.3 Logical Boundaries 12
- 2.3 TOE Documentation 14
- 3.1 Organizational Policies 15
- 3.2 Threats 15
- 3.3 Assumptions 15
- 4. Security Objectives 17
- 5.1 Extended Requirements 19
- 5.2.1 Security audit (FAU) 20
- 5.2.7 TOE access (FTA) 25
- 5.3.1 Development (ADV) 27
- 5.3.4 Tests (ATE) 28
- 6.1 Security audit 42
- 6.2 Cryptographic support 42
- 6.3 User data protection 48
- 6.5 Security management 49
- 6.6 Protection of the TSF 50
- 6.7 TOE access 51
- 6.8 Trusted path/channels 51
- 8. Rationale 54
Verwandte Produkte und Handbücher für PC / Workstation Barebones HP A-Series
(6 Seiten)© 2020, manymanuals.de. Alle Rechte vorbehalten. | 0.041 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Kommentare zu diesen Handbüchern