Manualshelf

Specifications

ManualsBrandsAruba ManualsComputer equipment620
11121314151617181920
Security Target Version 1.0 9/29/2014
17
3. Security Problem Definition
The Security Problem Definition (composed of organizational policies, threat statements, and assumption) has been
drawn from the Protection Profile for Wireless Local Area Network (WLAN) Access Systems, version 1.0, 01
December 2011 (WLASPP). The WLASPP offers additional information about the identified threats, but that has
not been reproduced here and the WLASPP should be consulted if there is interest in that material.
In general, the WLASPP has presented a Security Problem Definition appropriate for network infrastructure devices
and as such is applicable to the Mobility Controller and Access Point Series TOE.
3.1 Organizational Policies
P.ACCESS_BANNER
The TOE shall display an initial banner describing restrictions of use, legal agreements, or
any other appropriate information to which users consent by accessing the TOE.
P.ACCOUNTABILITY
The authorized users of the TOE shall be held accountable for their actions within the TOE.
P.ADMIN_ACCESS
Administrators shall be able to administer the TOE both locally and remotely through
protected communications channels.
P.COMPATIBILITY
The TOE must meet Request for Comments (RFC) requirements for implemented protocols to
facilitate inter-operation with other network equipment (e.g., certificate authority, NTP
server) using the same protocols.
P.EXTERNAL_SERVERS
The TOE must support standardized (RFCs) protocols for communication with a centralized
audit server and a RADIUS authentication server.
3.2 Threats
T.ADMIN_ERROR
An administrator may unintentionally install or configure the TOE incorrectly, resulting in
ineffective security mechanisms.
T.RESOURCE_EXHAUSTION
A process or user may deny access to TOE services by exhausting critical resources on the
TOE.
T.TSF_FAILURE
Security mechanisms of the TOE may fail, leading to a compromise of the TSF.
T.UNAUTHORIZED_ACCESS
A user may gain unauthorized access to the TOE data and TOE executable code. A malicious
user, process, or external IT entity may masquerade as an authorized entity in order to gain
unauthorized access to data or TOE resources. A malicious user, process, or external IT entity
may misrepresent itself as the TOE to obtain identification and authentication data.
T.UNAUTHORIZED_UPDATE
A malicious party attempts to supply the end user with an update to the product that may
compromise the security features of the TOE.