HP A-Series Especificações descarregar pdf (Página 48)

Security Target Version 1.02, 08/16/2013

 FCS_CKM.1: See table above.

 FCS_CKM_EXT.4: Keys are zeroized when they are no longer needed by the TOE.

 FCS_COP.1(1): See table above.

 FCS_COP.1(2): See table above.

 FCS_COP.1(3): See table above.

 FCS_COP.1(4): See table above.

 FCS_IPSEC_EXT.1: The TOE supports IPsec cryptographic network communication protection.

 FCS_RBG_EXT.1: See table above.

 FCS_SSH_EXT.1: The TOE supports SSHv2 interactive command-line secure administrator sessions as

indicated above.

6.3 User data protection

The TOE is designed to ensure its own internal integrity as well as to protect user data from potential, unintended

reuse by clearing resources (e.g., memory) as they are allocated to create objects used in the implementation of the

TOE operations. Volatile memory is the primary resource involved in normal TOE execution while its persistent

storage is based on non-volatile flash memory.

When a network packet is sent, the buffer used by the packet is recalled and managed by the buffer pool. After that,

if a new packet acquires a buffer from the buffer pool, the new packet data will be used to overwrite any previous

data in the buffer. If an allocated buffer exceeds the size of the packet, and additional space will be overwritten

(padded) with zeros.

The User data protection function is designed to satisfy the following security functional requirements:

 FDP_RIP.2: The TOE always overwrites resources when allocated for use in objects.

6.4 Identification and authentication

The TOE is designed to require users to be identified and authenticated before they can access any of the TOE

functions. The normal switching of network traffic is not considered accessing TOE functions in this regard.

In the evaluated configuration, users can connect to the TOE via a local console or remotely using SSHv2. For each

session, the user is required to log in prior to successfully establishing a session through which TOE functions can

be exercised.

In order to log in, the user must provide an identity and also authentication data (e.g., password or RSA credentials

used in conjunction with an SSH session) that matches the provided identity. Users can be defined locally within the

TOE with a user identity, password, and privilege level. Alternately, users can be defined within an external

RADIUS or TACACS server configured to be used by the TOE each of which also defined the user’s privilege level

in the TOE. Locally defined users are authenticated directly by the TOE, while remotely defined users are

authenticated by the external server and the result is enforced by the TOE. In either case, any resulting session is

dependent upon successful authentication and established sessions are associated with the privilege level (see

section 6.5) assigned to the user.

When logging in, the TOE will not echo passwords so passwords are not inadvertently displayed to the user and any

other users that might be able to view the login display.

Should a console user have their session terminated (e.g., due to inactivity), they are required to successfully

authenticate, by reentering their identity and authentication data, in order to regain access to a new session.

When changing passwords, they can be composed of upper and lower case letters, numbers and special characters

including blank space and ~`!@#$%^&*()_+-={}|[]\:”;’<>,./. Also, new passwords have to satisfy a configurable

(from 8 to 32 characters) minimum password length and, if configured, the new password cannot match any of the

passwords retained within the scope of the configured history.

1 2 ... 43 44 45 46 47 48 49 50 51 52 53 ... 65 66

Comentários a estes Manuais

Sem comentários

HP A-Series Especificações Página 48

Comentários a estes Manuais

Manuais e produtos relacionados com Barebones PC/estação de trabalho HP A-Series