Cisco IPS4345 Bedienungsanleitung PDF herunterladen (Seite 16)

Cisco Intrusion Prevention System Security Target

1.6.2 Cryptographic support

The TOE provides cryptography in support of other Cisco IPS security functionality. This

cryptography has been validated for conformance to the requirements of FIPS 140-2 Level 2.

The TOE provides cryptography in support of remote administrative management via SSHv2 and

TLSv1.0, TLSv1.1, and TLSv1.2. The cryptographic services provided by the TOE are

described in Table 5 below.

Table 5: TOE Provided Cryptography

Cryptographic Method

Use within the TOE

RSA Signature Services

Used in SSH session establishment.

SP 800-90 RBG

Used in SSH session establishment.

SHS

Used to provide traffic integrity verification for SSH and TLS.

AES

Used to encrypt session traffic for SSH and TLS.

1.6.3 Full residual information protection

The TOE ensures that all information flows from the TOE do not contain residual information

from previous traffic. Packets are padded with zeros. Residual data is never transmitted from

the TOE.

1.6.4 Identification and authentication

The TOE provides authentication services for administrative users wishing to connect to the

TOEs secure CLI administrator interface. The TOE requires authorized administrators to

authenticate prior to being granted access to any of the management functionality. The TOE

provides authentication of administrators to use a local user database, supporting password-based

authentication at either the serial console, or SSH interfaces. The SSHv2 interface also supports

authentication using SSH keys.

1.6.5 Security Management

The TOE provides secure administrative services for management of general TOE configuration

and the security functionality provided by the TOE. All TOE administration occurs either

through a secure SSHv2 session or via a local console connection. The TOE provides the ability

to securely manage all TOE administrative users; all identification and authentication; all audit

functionality of the TOE; all TOE cryptographic functionality; the timestamps maintained by the

TOE; and TOE configuration file storage and retrieval. All of the security relevant management

functionality described in the paragraph above can only be performed by an authorized

administrator.

Administrators can create configurable login banners to be displayed at time of login, and can

also define an inactivity timeout for each admin interface to terminate sessions after a set period

of inactivity.

1 2 ... 11 12 13 14 15 16 17 18 19 20 21 ... 60 61

Keine Kommentare

Cisco IPS4345 Bedienungsanleitung Seite 16