Brocade Communications Systems NetIron CER Series Specifications download pdf (Page 47)

Brocade MLXe® and NetIron® Family Devices with Multi-Service IronWare R05.7.00

Security Target Version 1., July 15, 2014

Page 47 of 50

Similarly, the TOE’s MLX series offers a Web Management Interface that offers access to the same functions as the

CLI. While the Web Management Interface could be configured to be accessible via HTTP or HTTPS (using

TLSv1.0), the evaluated configuration only includes the use of HTTPS (note that the TOE does not support client

authentication) to ensure that the administrative session is not subject to modification or disclosure.

The following table provides the list of security-related commands used to configure or examine the TOE security

settings. The services listed here reflect the minimal set needed to properly configure the TOE to comply with the

requires of the Protection Profile for Network Devices, version 1.1, 8 June 2012 (NDPP) with Errata #2, 13 January

2014.

Command

Tested Command Variantts

Description

write

write memory

Write to persistent storage

crypto

crypto key generate

Invoke cryptographic functions

openssl

openssl s_server

Configure secure connections (e.g., with

syslog)

logging

logging host <ip-address> ssl-port <port>

Configure the audit logging host

reload

Reload the current flash image

console

console timeout <time>

Manage console properties

banner

banner motd +

Manage the login banner

exit

Logout or exit current session

ntp

Switch to ntp configuration mode

config

config t

Switch to configuration mode

username

username <user> password

Manage user accounts

clock

clock set <time>

Manage the internal clock

server

server <ntp server ip> minpoll <time>

Configure external services

crypto-ssl

crypto-ssl certificate generate

Manage web server properties

web-management

web-management session-timeout <time>

Manage web interface

fips

fips enable common-criteria

fips show

fips zeroize all

Manage FIPS and Common Criteria

configuration

ip ssh pub-key-file

ip ssh idle-time <time>

Manage ip connection (e.g., ssh)

configuration

aaa

aaa authentication

aaa authentication enable default tacacs+ local

aaa authentication login default tacacs+ local

aaa authentication web-server default local

Configure the aaa authentication functions

tacacs-server

tacacs-server host <ipaddr> ssl-auth-port <port>

default

tacacs-server retransmit <retransmit period>

tacacs-server timeout <timeout period>

tacacs-server key <key>

Configure TACACAS+ server

enable

enable aaa

enable password-min-length 15

enable user password-masking

Enable console login features

show

show flash

show ver

show clock

show ip client-pub-key

show ip ssl

show logging

show run | <options>

Show identified configuration information

Table 8 Security Related Configuration Commands

The TOE also provides a comprehensive set of network routing configuration commands. These commands were

not exercised as the above services in Table 8

represent the minimum set of commands needed to for proper

configuration.

1 2 ... 42 43 44 45 46 47 48 49 50

Comments to this Manuals

No comments

Brocade Communications Systems NetIron CER Series Specifications Page 47

Comments to this Manuals

Related products and manuals for Network switches Brocade Communications Systems NetIron CER Series