Brocade Communications Systems NetIron CER Series Specifications download pdf (Page 8)

Brocade MLXe® and NetIron® Family Devices with Multi-Service IronWare R05.7.00

Security Target Version 1., July 15, 2014

Page 8 of 50

NetIron (unlike the Broacde FastIron series, which provides no SSL encryption for external authentication servers)

provides SSL encrypted TACACS+ authentication but does not provide SSL encrypted RADIUS. Thus, the use of

RADIUS external authentication services are excluded from the evaluated configuration of the TOE. NetIron’s

TACACS+ supports password authentication only and does not support SSH public-ley authentication.

1.4.1.2 Logical Boundaries

This section summarizes the security functions provided by the Brocade MLXe® and NetIron® Family Devices

with Multi-Service IronWare R05.7.00: The TOE logical boundary consists of the security functionality of the

products summarized in the following subsections

• Security audit

• Cryptographic support

• User data protection

• Identification and authentication

• Security management

• Protection of the TSF

• TOE access

• Trusted path/channels

Note that use of the following features is limited in the evaluated TOE:

1. The use of SNMP has not been subject to evaluation. Note that SNMP can be used only to monitor as

SNMP cannot access any security related parameters.

2. The Strict Password Enforcement setting is assumed to be enabled in the evaluated configuration.

3. The TOE will be operated in Common Criteria mode (a more restricted mode than FIPS mode).

Given that this Security Target conforms to the NDPP, the security claims focus on the TOE as a secure network

infrastructure device and do not focus on other key functions provided by the TOE, such as controlling the flow of

network packets among the attached networks. However, those functions can be freely used without affecting the

claimed and evaluated security functions; they simply have not been evaluated to work correctly themselves.

The TOE protects itself from tampering and bypass by offering only a limited and controlled set of functions at each

of its physical interfaces to its environment. Communication via those interfaces is either directed at the TOE for the

purpose of administration or is directed through the TOE for communication among network devices. In both cases

the TOE implements a set of policies to control the services available and those services are designed to protect and

ensure the secure operation of the TOE.

The TOE includes the ability to communicate with a SYSLOG server in its environment to access its services. The

TOE is designed to interact with each of those servers in accordance with their respective protocols, including

security capabilities where applicable.

1.4.1.2.1 Security audit

The TOE is designed to be able to generate logs for a wide range of security relevant events. The TOE can be

configured to store the logs locally so they can be accessed by an administrator and also to send the logs to a

designated log server using TLS to protect the logs while in transit on the network.

1.4.1.2.2 Cryptographic support

The TOE is a FIPS-validated cryptographic module that provides key management, random bit generation,

encryption/decryption, digital signature and secure hashing and key-hashing features in support of higher level

cryptographic protocols including SSH and TLS/HTTPS.

1 2 3 4 5 6 7 8 9 10 11 12 13 ... 49 50

Comments to this Manuals

No comments

Brocade Communications Systems NetIron CER Series Specifications Page 8

Comments to this Manuals

Related products and manuals for Network switches Brocade Communications Systems NetIron CER Series