Cisco IPS4345 Bedienungsanleitung PDF herunterladen (Seite 45)

Cisco Intrusion Prevention System Security Target

TOE SFRs

How the SFR is Satisfied

password length is settable by the Authorized Administrator, and can be configured

for minimum password lengths of 8 to 64 characters.

FIA_UIA_EXT.1

The TOE requires all administrators to be successfully identified and authenticated

before allowing any TSF mediated actions to be performed. Administrative access

to the TOE is facilitated through the TOE’s CLI (via console or SSHv2), and/or

through a remote GUI client such as IDM, CSM, or IME (all using TLS/HTTPS).

The TOE mediates all administrative actions through the CLI and GUI. Once a

potential administrative user attempts to access the TOE through either a directly

connected console or remotely through an SSHv2 or TLS/HTTPS connection, the

TOE prompts the user for a user name and password. Only after the administrative

user presents the correct authentication credentials will access to the TOE

administrative functionality be granted. No access is allowed to the administrative

functionality of the TOE until an administrator is successfully identified and

authenticated.

FIA_UAU_EXT.2

The TOE provides a local password-based authentication mechanism as well as

support for local public key-based authentication consistent with

FCS_SSH_EXT.1.2 using RSA keys for SSH.

The administrator authentication policies include authentication to the local user

database which must be populated with passwords, and supports being augmented

with RSA keys for account authentication when using SSH.

The process for authentication is the same for administrative access whether

administration is occurring via a directly connected console or remotely via SSHv2

or TLS/HTTPS. At initial login the administrative user must provide a valid

username with valid authentication credentials. The TOE then either grants

administrative access (if the combination of username and credentials is valid) or

indicates that the login was unsuccessful. The TOE does not provide the

unauthenticated end-user with the reason for login failure (such as wrong password

or invalid username).

FIA_UAU.7

When a user enters their password at the local console, via SSHv2, or via

TLS/HTTPS, the TOE does not echo any characters of the password or any

representation of the characters. This also prevents the number of characters in the

password from being gleaned by an onlooker.

FMT_MTD.1

The TOE provides the ability for authorized administrators to access TOE data, such

as audit data, configuration data, security attributes, IPS policies, routing tables,

cryptographic settings, etc. Each of the predefined administrative roles has a set of

permissions that grant users assigned to the role some level of access to the TOE

data. The TOE performs role-based authorization, using TOE platform authorization

mechanisms, to grant access to the appropriate privileges for their assigned role.

FMT_SMF.1

The TOE provides all the capabilities necessary to securely manage the TOE.

Guidance documentation provides instruction for use of each administrative

interface, including proper syntax, commands, and additional information about

administrative functions.

FMT_SMR.2

The Network Device Protection Profile only allows for defining one administrative

“role” for the purposes of evaluation. Cisco IPS provides more than one

administrative role, so in this Security Target the term “authorized administrator” is

used in this ST to refer to any authenticated (logged in) account assigned to any role.

There are four administrative roles (only three of which are permitted to be used in

the evaluated configuration):

1. Viewer: Can view configuration and events, but cannot modify any

1 2 ... 40 41 42 43 44 45 46 47 48 49 50 ... 60 61

Kommentare zu diesen Handbüchern

Keine Kommentare

Cisco IPS4345 Bedienungsanleitung Seite 45

Kommentare zu diesen Handbüchern

Verwandte Produkte und Handbücher für Vernetzung Cisco IPS4345