Brocade Communications Systems NetIron CER Series Manual download pdf (Page 29)

Version 1.1, 03/31/2015

Test 1 - The connection between the syslog server and the TOE is secured using TLS. The evaluator established a

connection between the two machine using each of the claimed ciphersuites. The evaluator repeated this test with

the management connection on the MLX machine.

Test 2 – The evaluator created a TLS connection between the TOE and a test server. The evaluator then created

packets that modified each of the required options. In all cases the negotiation failed as indicated in packet

captures.

2.3 USER DATA PROTECTION (FDP)

2.3.1 FULL RESIDUAL INFORMATION PROTECTION (FDP_RIP.2)

2.3.1.1 FDP_RIP.2.1

TSS Assurance Activities: 'Resources' in the context of this requirement are network packets being sent through

(as opposed to 'to', as is the case when a security administrator connects to the TOE) the TOE. The concern is that

once a network packet is sent, the buffer or memory area used by the packet still contains data from that packet,

and that if that buffer is re-used, those data might remain and make their way into a new packet. The evaluator

shall check to ensure that the TSS describes packet processing to the extent that they can determine that no data

will be reused when processing network packets. The evaluator shall ensure that this description at a minimum

describes how the previous data are zeroized/overwritten, and at what point in the buffer processing this occurs.

Section 6.3 indicates that when packets are sent they are placed in a buffer pool and subsequently overwritten. If a

packet exceeds the size of a buffer, the residual space is overwritten with zeros (i.e., padded).

Guidance Assurance Activities: None Defined

Testing Assurance Activities: None Defined

2.4 IDENTIFICATION AND AUTHENTICATION (FIA)

2.4.1 PASSWORD MANAGEMENT (FIA_PMG_EXT.1)

1 2 ... 24 25 26 27 28 29 30 31 32 33 34 ... 55 56

No comments

Brocade Communications Systems NetIron CER Series Manual Page 29