Specifications
Security Target Version 1.0 9/29/2014
74
into the controller using the “Certificate Manager” section of the Web-based user interface. The controller
supports loading of certificates in PEM, DER, or PFX format. Private keys may be loaded onto the
controller through a password-protected PFX file, or may originate on the controller at the time a
Certificate Signing Request (CSR) is generated.
• During runtime, certificates and private keys are stored in ramdisk, in volatile memory, in decrypted form.
This allows private keys to be accessed rapidly for high network load conditions. When powered off,
private keys are stored encrypted in non-volatile (flash) memory. The encryption method used is AES256
using the Private Key Encrypting Key (PKEK) described in the CSP table. The PKEK is ultimately
protected by hardware (TPM).
6.5 Security management
The TOE provides the administrator role the capability to enable the management of security attributes, TSF data
and security functions. The administrator can configure TOE security settings and policies using the Web Graphical
User Interface via HTTPS, or the command line interface via serial console locally or remotely using SSH. The Web
GUI is a just a front-end to the CLI (i.e., calls the CLI internally). It is provided as a user-friendly interface for the
administrator to manage the TOE. Every function that can be performed on the Web GUI, can also be performed
using the CLI but not vice versa. However, every security management function claimed can be done either using
the Web GUI or CLI.
The TOE supports role-based authentication. There are three types of roles: administrator
11
role, limited
administrator role, and wireless user role. The limited administrator role and wireless user role are not TOE Security
management roles. Administrators can manage the TOE using HTTPS Web GUI or CLI. Wireless clients cannot
access the TOE through the Web GUI or CLI interfaces and, therefore, do not have access to the management
functionalities of the TOE. The limited administrator role can perform non-security tasks which include the
following:
• Read-only role - This role permits access to CLI “show” commands or Web GUI monitoring pages only. It
does not allow user to perform any action such as copying files or rebooting the controller.
• Network operations role - This role permits access to Monitoring, Reports, and Events pages in the Web
GUI that are useful for monitoring the controller. This role can log into the CLI; however, user can only use
a subset of CLI commands to monitor the controller.
The remote administrator or limited administrator authenticates with a username and password or certificate via an
HTTPS connection or via the interactive command line. Once the administrator is authenticated, the TOE provides
management interfaces which can be used by the administrator to configure the TOE security functions. Local
administrators can also use the CLI via a serial console (direct) connection to the TOE by using username and
password. Remote administrators may use the Web GUI interface from the browser or may also use the CLI
interface via an SSH protocol connection from an SSH client. An administrator or limited administrator can log on
to the administrative interface (Web GUI or SSH) while connected to the network over wireless as long as
appropriate firewall policies have been configured.
The TOE provides to the administrator capabilities manage all security functions identified in this Security Target,
including configuring banner warnings and idle timeout limits. For more information about the management
interfaces, please refer to the ArubaOS User Guide documentation. To find out more information about the
cryptographic functionalities, please refer to the FIPS 140-2 Security Policies.
Note that there are no services available that do not require authentication. Furthermore, administrators can initiate
secure TOE updates in accordance with FPT_TUD_EXT.1.
The Security management function is designed to satisfy the following security functional requirements:
• FMT_MOF.1: Only authorized administrators in the administrator role can enable, disable, determine and
modify the behavior of the TOE security functions.
• FMT_MTD.1(1): Only authorized administrators in the administrator role can manage TSF data.
11
Some Aruba documents may refer to as the “root” and/or “crypto officer” role.