HP A-Series Especificações descarregar pdf (Página 13)

Security Target Version 1.02, 08/16/2013

 Security audit

 Cryptographic support

 User data protection

 Identification and authentication

 Security management

 Protection of the TSF

 TOE access

 Trusted path/channels

2.2.3.1 Security audit

The TOE is designed to generate logs for a wide range of security relevant events. The TOE can be configured to

store the logs locally to be accessed by an administrator or alternately to send the logs to a designated log server.

2.2.3.2 Cryptographic support

The TOE includes FIPS-certified cryptographic algorithms that provide key management, random bit generation,

encryption/decryption, digital signature and secure hashing and key-hashing features in support of higher level

cryptographic protocols including IPsec and SSH.

2.2.3.3 User data protection

The TOE performs a wide variety of network switching and routing functions, passing network traffic among its

various physical and logical (e.g., VLAN) network connections. While implementing applicable network protocols

associated with network traffic forwarding, the TOE is designed to ensure it doesn’t inadvertently reuse data found

in network traffic.

2.2.3.4 Identification and authentication

The TOE requires users (i.e., administrators) to be successfully identified and authenticated before they can access

any security management functions available in the TOE. The TOE offers both a locally connected console as well

as network accessible interfaces (SSHv2) for interactive administrator sessions.

The TOE supports the local (i.e., on device) definition of administrators with usernames and passwords.

Additionally, the TOE can be configured to utilize the services of trusted RADIUS and TACACS servers in the

operational environment to support, for example, centralized user administration.

2.2.3.5 Security management

The TOE provides Command Line (CLI) commands to access the wide range of security management functions.

Security management commands are limited to administrators only after they have provided acceptable user

identification and authentication data to the TOE.

2.2.3.6 Protection of the TSF

The TOE implements a number of features design to protect itself to ensure the reliability and integrity of its

security features.

It protects particularly sensitive data such as stored passwords and cryptographic keys so they are not accessible

even by an administrator. It also provides its own timing mechanism to ensure reliable time information is available

(e.g., for log accountability).

From a communication perspective, it employs both dedicated communication channels (based on physically

separate networks and VLAN technology) and also cryptographic means (e.g., to prevent replays) to protect

communication between distributed TOE components as well as between TOE and other components in the

operation environment (e.g., administrator workstations). IRF communication is not considered communication

between distributed TOE components, but rather is communication among collocated components that logically

form an instance of the TOE. As such, since IRF communication channels are not protected using mechanisms such

as encryption, they need to be as protected as the TOE devices themselves.

1 2 ... 8 9 10 11 12 13 14 15 16 17 18 ... 65 66

Comentários a estes Manuais

Sem comentários

HP A-Series Especificações Página 13

Comentários a estes Manuais

Manuais e produtos relacionados com Barebones PC/estação de trabalho HP A-Series