Cisco IPS4345 Manual de usuario descargar pdf (Pagina 43)

Cisco Intrusion Prevention System Security Target

TOE SFRs

How the SFR is Satisfied

the event occurred, the outcome of the event, and the type of event that occurred.

Auditable events related to failure to establish secure sessions include:

 SSH client: failures to negotiate SSH version, or session parameters

including cipher, hmac, or dh group.

 SSH server: login failures including: invalid user, or invalid password/key;

or failure to negotiate SSH version; or failures to negotiate parameters

including cipher, hmac, or dh group.

 TLS/HTTPS server: authentication failures including: invalid user, invalid

password, or invalid certificate.

FAU_GEN.2

The TOE shall ensure that each auditable event is associated with the username that

triggered the event and as a result they are traceable to a specific user. For example

a human user, user identity, or related session ID would be included in the audit

record. For an IT entity or device, the IP address, or other configured identification

is presented. Refer to the Guidance documentation for configuration syntax and

information.

FAU_STG_EXT.1

The TOE is configured to allow audit logs to be retrieved by a remote audit server.

The TOE protects communications with an external audit server via TLS/HTTPS.

The TOE stores audit records locally on the TOE, and continues to do so after audit

logs are retrieved (pulled) by a remote audit server. The local event store holds a

maximum of 30MB (on all platforms). When event store is full, the oldest events

will be overwritten by new events.

Only authorized administrators are able to clear the local logs, and local audit

records are stored in a directory that does not allow administrators to modify the

contents.

FCS_CKM.1

The TOE implements a random number generator for Diffie-Hellman key

establishment (conformant to NIST SP 800-56A), and for RSA key establishment

schemes (conformant to NIST SP 800-56B). Refer to Annex A of this document for

more detailed compliance information relative to NIST SP 800-56.

The TOE can create a RSA public-private key pair and generate a self-signed

certificate, and functions as its own Certificate Authority (CA).

FCS_CKM_EXT.4

The TOE meets all requirements specified in FIPS 140-2 for destruction of keys and

Critical Security Parameters (CSPs) in that none of the symmetric keys, pre-shared

keys, or private keys are stored in plaintext form. Further zeroization details are

provided in Annex A of this document. (FIPS #1668)

FCS_COP.1(1)

The TOE provides symmetric encryption and decryption capabilities using AES in

CBC mode (128, 256 bits) as described in NIST SP 800-38A. (FIPS #1668 and

#1758)

FCS_COP.1(2)

The TOE will provide cryptographic signature services using RSA with key size of

2048 and greater as specified in FIPS PUB 186-3, “Digital Signature Standard” and

FIPS PUB 186-2, “Digital Signature Standard”. (FIPS #1668 and #876)

FCS_COP.1(3)

The TOE provides cryptographic hashing services using SHA-1 as specified in FIPS

Pub 180-3 “Secure Hash Standard.” (FIPS #1668 and #1544)

FCS_COP.1(4)

The TOE provides keyed-hashing message authentication services using HMAC-

SHA-1 as specified in FIPS Pub 198-1,"The Keyed-Hash Message Authentication

Code,” and FIPS 180-3, “Secure Hash Standard.” (FIPS #1668 and #1031)

FCS_HTTPS_EXT.1

The TOE implements HTTPS conformant to RFC 2818. HTTPS is essentially

1 2 ... 38 39 40 41 42 43 44 45 46 47 48 ... 60 61

Comentarios a estos manuales

Sin comentarios

Cisco IPS4345 Manual de usuario Pagina 43

Comentarios a estos manuales

Relacionado con productos y manuales para Redes Cisco IPS4345