Cisco CISCO881W-GN-A-K9 Especificaciones descargar pdf (Pagina 21)

Cisco ISR-800 Security Target

• All identification and authentication;

• All audit functionality of the TOE;

• All TOE cryptographic functionality;

• The timestamps maintained by the TOE;

• Update to the TOE and verification of the updates;

• Configuration of IPsec functionality;

• TOE configuration file storage and retrieval.

The TOE supports two separate administrator roles: non-privileged administrator and privileged

administrator. Only the privileged administrator can perform the above security relevant

management functions. Management of the TSF data is restricted to Security Administrators.

The ability to enable, disable, determine and modify the behavior of all of the security functions

of the TOE is restricted to authenticated administrators.

Administrators can create configurable login banners to be displayed at time of login, and can

also define an inactivity timeout for each admin interface to terminate sessions after a set period

of inactivity.

1.6.6 Packet Filtering

The TOE provides packet filtering and secure IPsec tunneling. The tunnels can be established

between two trusted VPN peers. More accurately, these tunnels are sets of security associations

(SAs). The SAs define the protocols and algorithms to be applied to sensitive packets and

specify the keying material to be used. SAs are unidirectional and are established per the ESP

security protocol. An authorized administrator can define the traffic that needs to be protected

via IPsec by configuring access lists (permit, deny, log) and applying these access lists to

interfaces using crypto map sets.

1.6.7 Protection of the TSF

The TOE protects against interference and tampering by untrusted subjects by implementing

identification, authentication, and access controls to limit configuration to Authorized

Administrators. The TOE prevents reading of cryptographic keys and passwords.

Additionally Cisco IOS is not a general-purpose operating system and access to Cisco IOS

memory space is restricted to only Cisco IOS functions.

The TOE internally maintains the date and time. This date and time is used as the timestamp that

is applied to audit records generated by the TOE. Administrators can update the TOE’s clock

manually, or can configure the TOE to use NTP to synchronize the TOE’s clock with an external

time source. Finally, the TOE performs testing to verify correct operation of the router itself and

that of the cryptographic module.

The TOE is able to verify any software updates prior to the software updates being installed on

the TOE to avoid the installation of unauthorized software.

Whenever a failure occurs within the TOE that results in the TOE ceasing operation, the TOE

securely disables its interfaces to prevent the unintentional flow of any information to or from

the TOE and reloads.

1 2 ... 16 17 18 19 20 21 22 23 24 25 26 ... 63 64

Sin comentarios

Cisco CISCO881W-GN-A-K9 Especificaciones Pagina 21