Cisco IPS4345 Manual de usuario descargar pdf (Pagina 18)

Cisco Intrusion Prevention System Security Target

Excluded Functionality

Exclusion Rationale

Use of RADIUS and TACACS+

The NDPPv1.1 requires all communications with remote

AAA servers to be tunneled in one of IPsec, SSH, or TLS.

The Cisco IPS does not support tunneling, so remote AAA

servers cannot be used in the certified configuration.

Use of some TLS ciphersuites including:

TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

The NDPPv1.1 defines a list of TLS ciphersuites that are

either ‘mandatory’ or ‘optional’ in a certified configuration.

The Cisco IPS supports all of the mandatory ciphersuites, and

some of the optional ciphersuites, but the configuration option

in the Cisco IPS that would enable the supported optional

ciphersuites would result in enabling other ciphersuites that

are not allowed by the NDPP.

This functionality will be disabled by configuration. The exclusion of this functionality does not

affect compliance to the U.S. Government Protection Profile for Security Requirements for

Network Devices. All other functionality supported in the Cisco IPS product can be used in the

evaluated configuration without interfering with the evaluated functionality of the TOE.

1 2 ... 13 14 15 16 17 18 19 20 21 22 23 ... 60 61

Sin comentarios

Cisco IPS4345 Manual de usuario Pagina 18