HP A-Series Especificações descarregar pdf (Página 23)

Security Target Version 1.02, 08/16/2013

5.2.2.6 Cryptographic Operation (for keyed-hash message authentication) (FCS_COP.1(4))

FCS_COP.1(4).1 Refinement: The TSF shall perform keyed-hash message authentication in accordance

with a specified cryptographic algorithm HMAC-[SHA-1], key size [20 octets], and

message digest sizes [160] bits that meet the following: FIPS Pub 198-1, 'The Keyed-

Hash Message Authentication Code', and FIPS Pub 180-3, 'Secure Hash Standard.'

5.2.2.7 Explicit: IPSEC (FCS_IPSEC_EXT.1)

FCS_IPSEC_EXT.1.1 The TSF shall implement IPsec using the ESP protocol as defined by RFC 4303 using the

cryptographic algorithms AES-CBC-128, AES-CBC-256 (both specified by RFC 3602),

[no other algorithms] and using IKEv1 as defined in RFCs 2407, 2408, 2409, and RFC

4109; [no other method] to establish the security association.

FCS_IPSEC_EXT.1.2 The TSF shall ensure that IKEv1 Phase 1 exchanges use only main mode.

FCS_IPSEC_EXT.1.3 The TSF shall ensure that IKEv1 SA lifetimes are able to be limited to 24 hours for Phase

1 SAs and 8 hours for Phase 2 SAs.

FCS_IPSEC_EXT.1.4 The TSF shall ensure that IKEv1 SA lifetimes are able to be limited to [100] MB of

traffic for Phase 2 SAs.

FCS_IPSEC_EXT.1.5 The TSF shall ensure that all IKE protocols implement DH Groups 14 (2048-bit MODP),

and [ [DH Group 2 (1024-bit MODP), DH Group 5 (1536-bit MODP)]].

FCS_IPSEC_EXT.1.6 The TSF shall ensure that all IKE protocols implement Peer Authentication using the

[rDSA] algorithm.

FCS_IPSEC_EXT.1.7 The TSF shall support the use of pre-shared keys (as referenced in the RFCs) for use in

authenticating its IPsec connections.

FCS_IPSEC_EXT.1.8 The TSF shall support the following:

1. Pre-shared keys shall be able to be composed of any combination of upper and lower

case letters, numbers, and special characters: [“!”, “@”, “#”, “$”, “%”, “^”, “&”,

“*”, “(“, and “)”, [“'”, “+”, “,”, “-”, “.”, “/”, “:”, “;”, “<”, “=”, “>”, “[”, “\”, “]”,

“_”, “`”, “{”, “}”, and “~”]];

2. Pre-shared keys of 22 characters and [ [1-128 characters]].

5.2.2.8 Extended: Cryptographic Operation (Random Bit Generation) (FCS_RBG_EXT.1)

FCS_RBG_EXT.1.1 The TSF shall perform all random bit generation (RBG) services in accordance with

[FIPS Pub 140-2 Annex C: X9.31 Appendix 2.4 using AES] seeded by an entropy

source that accumulated entropy from [a software-based noise source and a TSF-

hardware-based noise source].

FCS_RBG_EXT.1.2 The deterministic RBG shall be seeded with a minimum of [128 bits] of entropy at least

equal to the greatest bit length of the keys and authorization factors that it will generate.

5.2.2.9 Explicit: SSH (FCS_SSH_EXT.1)

FCS_SSH_EXT.1.1 The TSF shall implement the SSH protocol that complies with RFCs 4251, 4252, 4253,

and 4254.

FCS_SSH_EXT.1.2 The TSF shall ensure that the SSH protocol implementation supports the following

authentication methods as described in RFC 4252: public key-based, password-based.

FCS_SSH_EXT.1.3 The TSF shall ensure that, as described in RFC 4253, packets greater than [256K] bytes

in an SSH transport connection are dropped.

FCS_SSH_EXT.1.4 The TSF shall ensure that the SSH transport implementation uses the following

encryption algorithms: AES-CBC-128, AES-CBC-256, [no other algorithms].

FCS_SSH_EXT.1.5 The TSF shall ensure that the SSH transport implementation uses SSH_RSA and [no

other public key algorithms] as its public key algorithm(s).

FCS_SSH_EXT.1.6 The TSF shall ensure that data integrity algorithms used in SSH transport connection is

[hmac-sha1, hmac-sha1-96].

FCS_SSH_EXT.1.7 The TSF shall ensure that diffie-hellman-group14-sha1 is the only allowed key exchange

method used for the SSH protocol.

1 2 ... 18 19 20 21 22 23 24 25 26 27 28 ... 65 66

Comentários a estes Manuais

Sem comentários

HP A-Series Especificações Página 23

Comentários a estes Manuais

Manuais e produtos relacionados com Barebones PC/estação de trabalho HP A-Series