Brocade Communications Systems FCX Series User Manual download pdf (Page 32)

Version 1.1, 05/19/2014

GSS CCT Evaluation Technical Report Page 32 of 53

Document: AAR-BrocadeFastIron8010

for successfully logging on. If configuration is necessary to ensure the services provided before login are limited,

the evaluator shall determine that the operational guidance provides sufficient instruction on limiting the allowed

services.

The Local user accounts section of the Security Configuration Guide discusses the different logon options. It

clearly describes that a username and password are required for logging into the machine. The SSH2

authentication types section of the Security Configuration Guide explains how to setup and use SSH

authentication. It describes the process for creating a public-private key pair and how to provide the public key to

the user. The Configuring DSA or RSA challenge-response authentication section provides a step by step process

of the authentication process with SSH.

The evaluator shall perform the following tests for each method by which administrators access the TOE (local and

remote), as well as for each type of credential supported by the login method:

Test 1: The evaluator shall use the operational guidance to configure the appropriate credential supported for the

results in the ability to access the system, while providing incorrect information results in denial of access.

Test 2: The evaluator shall configure the services allowed (if any) according to the operational guidance, and then

determine the services available to an external remote entity. The evaluator shall determine that the list of

services available is limited to those specified in the requirement.

Test 3: For local access, the evaluator shall determine what services are available to a local administrator prior to

logging in, and make sure this list is consistent with the requirement.

The evaluator configured the TOE for local console access and for remote SSH access. The evaluator then

performed an unsuccessful and successful logon of each type using bad and good credentials respectively. The

evaluator was able to observe the TOE routed traffic on the traffic and it displayed a banner to the user before

the banner.

2.5 SECURITY MANAGEMENT (FMT)

2.5.1 MANAGEMENT OF TSF DATA (FOR GENERAL TSF DATA) (FMT_MTD.1)

2.5.1.1 FMT_MTD.1.1

TSS Assurance Activities: The evaluator shall examine the TSS to determine that, for each administrative function

identified in the operational guidance; those that are accessible through an interface prior to administrator log-in

1 2 ... 27 28 29 30 31 32 33 34 35 36 37 ... 52 53

No comments

Brocade Communications Systems FCX Series User Manual Page 32