Specifications
Security Target Version 1.0 9/29/2014
61
6. TOE Summary Specification
This chapter describes the security functions:
• Security audit
• Cryptographic support
• User data protection
• Identification and authentication
• Security management
• Protection of the TSF
• Resource utilisation
• TOE access
• Trusted path/channels
Note that some Assurance Activities require information about design and implementation choices made in regard to
RFCs. The applicable information is included in tabular form at the end of this document in section 8.6.
6.1 Security audit
The TOE has an audit generation mechanism to record security and non-security relevant events. There are several
types of category for audit logs including Network, System, Security, Wireless, and User. The Network log category
can include all network packets, protocol packet dump, mobility, and DHCP events. The System log category can
include all system, configuration, SNMP, and web server events. The Security log category can include all security,
AAA, firewall, packet trace, VPN, 802.1x, and IKE events. The Wireless log category can include all wireless
events. The User log category can include all user, VPN, 802.1X, and RADIUS user events.
The events that can cause an audit record to be logged include starting and stopping the audit function, any use of an
administrator command via the CLI and Web interfaces, as well as all of the events identified in Table 2 Audit
Events.
The administrator can turn on or off (include or exclude) auditable events based on specific criteria. The
administrator can configure the logging level (event type) for each of the modules (AP, network, security, system,
user and wireless; no related to software modules) of the ArubaOS. Please note that only the MC generates audit
events. The inclusion and exclusion of audited events for the event type is performed by using the “logging”
command at the CLI. The Web GUI provides similar functionality through the Monitoring->Management->Logging
panel. There are a total of eight syslog logging levels and the default logging level for all categories is Warning. Set
the logging level to “Warning” for all Categories and Subcategories to generate all of the security event logs as
defined in FAU_GEN.1 Table 2. The logging levels are defined as followed:
Emergency
Panic conditions that occur when the system becomes unusable.
Alert
Any condition requiring immediate attention and correction.
Critical
Any critical conditions such as a hard drive error.
Errors
Error conditions
Warning
Warning messages
Notice
Significant events of a non-critical and normal nature.
Informational
Messages of general interest to system users.
Debug
Messages containing information useful for debugging.
The TOE generates audit records for auditable events. The audit function is integrated into each module of
ArubaOS. In particular, when an auditable event occurs, the module executes a logging API call that records event
information to the external audit (syslog) server. The audit records are transmitted to the audit server over a trusted
channel and are stored and protected by the audit server. At the audit server, the administrator is provided with an