HP A-Series Especificações Página 33
- Página / 66
- Índice
- MARCADORES
Avaliado. / 5. Com base em avaliações de clientes
Security Target Version 1.02, 08/16/2013
33
Assurance Activity – Design
Assurance Activity - Guidance
Assurance Activity - Testing
FCS_IPSEC_EXT.1.2
The evaluator shall examine the TSS to
verify that it describes how
"confidentiality only" ESP mode is
disabled.
The evaluator shall examine the TSS to
ensure that, in the description of the
IPsec protocol supported by the TOE, it
states that aggressive mode is not used
for IKEv1 Phase 1 exchanges, and that
only main mode is used.
The evaluator shall also examine the operational
guidance to determine that it describes any
configuration necessary to ensure
"confidentiality only" mode is disabled, and that
an advisory is present indicating that tunnel
mode is the preferred ESP mode since it
protects the entire packet.
If this requires configuration of the TOE prior to
its operation, the evaluator shall check the
operational guidance to ensure instructions for
this configuration are contained within that
guidance.
The evaluator shall also perform the following tests:
Test 1: The evaluator shall configure the TOE as
indicated in the operational guidance, and attempt to
establish a connection using an IKEv1 Phase 1
connection in aggressive mode. This attempt should
fail. The evaluator should then show that main mode
exchanges are supported.
Test 2: The evaluator shall configure the TOE as
indicated in the operational guidance, and attempt to
establish a connection using ESP in "confidentiality
only" mode. This attempt should fail. The evaluator
shall then establish a connection using ESP in
confidentiality and integrity mode.
FCS_IPSEC_EXT.1.3
The evaluator checks to ensure that the
TSS describes how lifetimes for IKEv1
SAs (both Phase 1 and Phase 2) are
established.
If they are configurable, then the evaluator
verifies that the appropriate instructions for
configuring these values are included in the
operational guidance.
The evaluator also performs the following test:
Test 1: The evaluator shall construct a test where a
Phase 1 SA is established and attempted to be
maintained for more than 24 hours before it is
renegotiated. The evaluator shall observe this SA is
closed or renegotiated in 24 hours or less. If such an
action requires the TOE be configured in a specific
way, the evaluator shall implement tests
demonstrating the configuration capability of the
TOE works as documented in the operational
guidance.
Test 2: The evaluator shall perform a test similar to
Test 1 for Phase 2 SAs, except that the lifetime will
be 8 hours instead of 24.
FCS_IPSEC_EXT.1.4
The evaluator checks to ensure that the
TSS describes how lifetimes for IKEv1
Phase 2 SAs--with respect to the amount
of traffic that is allowed to flow using a
given SA--are established.
If the value is configurable, then the evaluator
verifies that the appropriate instructions for
configuring these values are included in the
operational guidance.
The evaluator also performs the following test:
Test 1: The evaluator shall construct a test where a
Phase 2 SA is established and attempted to be
maintained while more data than is specified in the
above assignment flows over the connection. The
evaluator shall observe this SA is closed or
renegotiated before the amount of data specified is
exceeded. If such an action requires the TOE be
configured in a specific way, the evaluator shall
implement tests demonstrating the configuration
capability of the TOE works as documented in the
operational guidance.
FCS_IPSEC_EXT.1.5
The evaluator shall check to ensure that
the DH groups specified in the
requirement are listed as being supported
in the TSS. If there is more than one DH
group supported, the evaluator checks to
ensure the TSS describes how a
particular DH group is
specified/negotiated with a peer.
The evaluator shall also perform the following test:
Test 1: For each supported DH group, the evaluator
shall test to ensure all IKE protocols can be
successfully completed using that particular DH
group.
FCS_IPSEC_EXT.1.6
The evaluator shall check that the TSS
contains a description of the IKE peer
authentication process used by the TOE,
and that this description covers the use of
the signature algorithm or algorithms
specified in the requirement.
The evaluator shall also perform the following test:
Test 1: For each supported signature algorithm, the
evaluator shall test that peer authentication using the
algorithm can be successfully achieved.
- Switches Security Target 1
- 1.2 Conformance Claims 5
- 1.3 Conventions 6
- 2. TOE Description 6
- 2.1 TOE Overview 7
- 2.2 TOE Architecture 11
- 2.2.2 Physical Boundaries 12
- 2.2.3 Logical Boundaries 12
- 2.3 TOE Documentation 14
- 3.1 Organizational Policies 15
- 3.2 Threats 15
- 3.3 Assumptions 15
- 4. Security Objectives 17
- 5.1 Extended Requirements 19
- 5.2.1 Security audit (FAU) 20
- 5.2.7 TOE access (FTA) 25
- 5.3.1 Development (ADV) 27
- 5.3.4 Tests (ATE) 28
- 6.1 Security audit 42
- 6.2 Cryptographic support 42
- 6.3 User data protection 48
- 6.5 Security management 49
- 6.6 Protection of the TSF 50
- 6.7 TOE access 51
- 6.8 Trusted path/channels 51
- 8. Rationale 54
Manuais e produtos relacionados com Barebones PC/estação de trabalho HP A-Series
Barebones PC/estação de trabalho HP All-in-One G1-2000 - Desktop PC Especificações Rápidas
(43 páginas)
(43 páginas)
Barebones PC/estação de trabalho HP Compaq Presario,Presario 5270 Informações Técnicas
(146 páginas)
(146 páginas)
© 2020, manymanuals-pt.com. Todos os direitos reservados. | 0.098 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentários a estes Manuais