Cisco CISCO881W-GN-A-K9 Especificaciones descargar pdf (Pagina 20)

Cisco ISR-800 Security Target

The TOE can act as a certification authority thus signing and issuing certificates to other devices.

The TOE can also use the X.509v3 certificate for securing IPsec and SSH, sessions.

1.6.3 Full Residual Information Protection

The TOE ensures that all information flows from the TOE do not contain residual information

from previous traffic. Packets are padded with zeroes. Residual data is never transmitted from

the TOE.

1.6.4 Identification and authentication

The TOE performs two types of authentication: device-level authentication of the remote device

(VPN peers) and user authentication for the Authorized Administrator of the TOE. Device-level

authentication allows the TOE to establish a secure channel with a trusted peer. The secure

channel is established only after each device authenticates the other. Device-level authentication

is performed via IKE/IPsec mutual authentication. The TOE supports use of IKEv1 (ISAKMP)

and IKEv2 pre-shared keys for authentication of IPsec tunnels. The IKE phase authentication for

the IPsec communication channel between the TOE and authentication server and between the

TOE and syslog server is considered part of the Identification and Authentication security

functionality of the TOE.

The TOE provides authentication services for administrative users to connect to the TOE’s

secure CLI administrator interface. The TOE requires Authorized Administrators to authenticate

prior to being granted access to any of the management functionality. The TOE can be

configured to require a minimum password length of 15 characters as well as mandatory

password complexity rules. The TOE provides administrator authentication against a local user

database. Password-based authentication can be performed on the serial console or SSH

interfaces. The SSHv2 interface also supports authentication using SSH keys. The TOE

optionally supports use of a RADIUS or TACACS+ AAA server (part of the IT Environment)

for authentication of administrative users attempting to connect to the TOE’s CLI.

The TOE provides an automatic lockout when a user attempts to authenticate and enters invalid

information. After a defined number of authentication attempts fail exceeding the configured

allowable attempts, the user is locked out until an authorized administrator can enable the user

account.

The TOE uses X.509v3 certificates as defined by RFC 5280 to support authentication for IPsec,

and SSH connections.

1.6.5 Security Management

The TOE provides secure administrative services for management of general TOE configuration

and the security functionality provided by the TOE. All TOE administration occurs either

through a secure SSHv2 session or via a local console connection. The TOE provides the ability

to securely manage:

• Administration of the TOE locally and remotely;

• All TOE administrative users;

1 2 ... 15 16 17 18 19 20 21 22 23 24 25 ... 63 64

Sin comentarios

Cisco CISCO881W-GN-A-K9 Especificaciones Pagina 20