HP A-Series Especificações Página 50
- Página / 66
- Índice
- MARCADORES
Avaliado. / 5. Com base em avaliações de clientes
Security Target Version 1.02, 08/16/2013
50
6.6 Protection of the TSF
The TOE is an appliance and as such is designed to work independent of other components to a large extent. Secure
communication with third-party peers as addressed in section 6.8, Trusted path/channels, and secure communication
among multiple instances of the TOE is limited to a direct link between redundant switch appliances deployed in a
high-availability configuration. Normally redundant components are co-located and connected via a link that would
not be exposed outside of the same physical environment. As such, no additional protection (e.g., encryption) should
be necessary in most operational environments.
IRF groups are not considered peer switches in the IPsec (or VPN) sense. Rather IRF groups effectively form a
logical instance of the TOE comprised of up to nine distinct Network devices. All those devices must be collocated
and the IRF connections among them must be protected to the same degree as the devices themselves.
While the administrative interface is function rich, the TOE is designed specifically to provide access only to
locally-stored hashed (and not plain text) passwords and also, while cryptographic keys can be entered, the TOE
does not disclose any keys stored in the TOE. Stored passwords are hashed using SHA-256. See Table 9 Key/CSP
Zeroization Summary for more information about stored keys and passwords; while some keys and passwords occur
in plain text in RAM, that is only while they are in use and are not accessible by any user from RAM.
The TOE utilizes SSHv2 for secure communications. This protocol includes built-in capabilities to detect and
appropriately handle (e.g., reject) replayed network traffic.
The TOE is a hardware appliance that includes a hardware-based real-time clock. The TOE’s embedded OS
manages the clock and exposes administrator clock-related functions. The clock is used for audit record time stamps,
measuring session activity for termination, and for cryptographic operations based on time/date.
The TOE includes a number of built-in diagnostic tests that are run during start-up to determine whether the TOE is
operating properly. An administrator can configure the TOE to reboot or to stop, with errors displayed, when an
error is encountered. The built-in self-tests include basic read-write memory (i.e., each memory location is written
with a non-zero value and read to ensure it is stored as expected), flash read, software checksum tests, and device
detection tests. Furthermore, the TOE is designed to query each pluggable module which in turn includes its own
diagnostics that will serve to help identify any failing modules. When operating in FIPS mode, the power-on self-
tests comply with the FIPS 140-2 requirements for self-testing.
The TOE is designed to support upgrades to the boot ROM program and system boot file as well as to support
software hotfixes. The TOE provides interfaces so an administrator can query the current boot ROM program or
system boot file versions as well as to identify any installed patches. Both the boot ROM program and system boot
file can be upgraded via the Boot ROM menu or the command line interface, but a reboot is required in each case.
Hotfixes, which can affect only the system boot file, can be installed via the command line interface and do not
require a reboot to become effective.
The TOE includes a validity checking function that can be enabled when upgrading the boot ROM program, while
system boot files and software patches are always validated prior to installation. In each case, the upgrade version
will be checked to ensure it is appropriate and the upgrade file will be verified using an embedded (HP authorized)
digital signature verified against a configured pair of hard-coded keys embedded in the TOE. If the version is
incorrect or the signature cannot be verified, the upgrade will not proceed to protect the integrity of the TOE. More
specifically, each update includes a header and data. The header includes a SHA-256 secure hash of the data that is
signed (using rDSA/RSA 2048) by HP. In order to verify the data, the TOE generates its own SHA-256 secure has
of the update data, compares it with the signed hash in the update header to ensure they match, and verifies the hash
signature using its configured public key.
The Protection of the TSF function is designed to satisfy the following security functional requirements:
FPT_APW_EXT.1: The TOE does not offer any functions that will disclose to any user a plain text
password. Passwords are stored in hashed from within the TOE FLASH.
FPT_SKP_EXT.1: The TOE does not offer any functions that will disclose to any users a stored
cryptographic key.
- Switches Security Target 1
- 1.2 Conformance Claims 5
- 1.3 Conventions 6
- 2. TOE Description 6
- 2.1 TOE Overview 7
- 2.2 TOE Architecture 11
- 2.2.2 Physical Boundaries 12
- 2.2.3 Logical Boundaries 12
- 2.3 TOE Documentation 14
- 3.1 Organizational Policies 15
- 3.2 Threats 15
- 3.3 Assumptions 15
- 4. Security Objectives 17
- 5.1 Extended Requirements 19
- 5.2.1 Security audit (FAU) 20
- 5.2.7 TOE access (FTA) 25
- 5.3.1 Development (ADV) 27
- 5.3.4 Tests (ATE) 28
- 6.1 Security audit 42
- 6.2 Cryptographic support 42
- 6.3 User data protection 48
- 6.5 Security management 49
- 6.6 Protection of the TSF 50
- 6.7 TOE access 51
- 6.8 Trusted path/channels 51
- 8. Rationale 54
Manuais e produtos relacionados com Barebones PC/estação de trabalho HP A-Series
Barebones PC/estação de trabalho HP All-in-One G1-2000 - Desktop PC Especificações Rápidas
(43 páginas)
(43 páginas)
Barebones PC/estação de trabalho HP Compaq Presario,Presario 5270 Informações Técnicas
(146 páginas)
(146 páginas)
© 2020, manymanuals-pt.com. Todos os direitos reservados. | 0.184 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentários a estes Manuais