Manualshelf

Specifications

ManualsBrandsAruba ManualsComputer equipment620
71727374757677787980
Security Target Version 1.0 9/29/2014
77
Monitoring > Controller > Clients
Monitoring > WLAN > [ESSID_NAME] > Access Points
Monitoring > WLAN > [ESSID_NAME] > Clients
Monitoring > Debug > Local Clients
Monitoring > Debug > Process Logs
Maintenance > WLAN > Program AP
Maintenance > WLAN > Reboot AP
The TOE assesses wireless user inactivity as the cessation of network traffic arriving from the wireless client. It
should be noted that processes acting on behalf of the user may send protocol network packets to the mobility
controller, even when the user is not interacting directly, e.g. pressing keys.
To change the session idle timeout, the administrator can use the “loginsession timeout” command of the CLI. The
“web-server session-timeout” command applies to the WebUI. The default value of the session idle timeout is 15
minutes.
Of course, administrators can terminate their own sessions at any time simply by using the CLI or web GUI function
to log off. Wireless users can also disconnect at any time, terminating their session.
In order to limit access to the administrative functions, the TOE can be configured to deny wireless clients and
administrative sessions based on the time/date, IP address (location), as well as information retained in a blacklist.
Firewall rules are used to restrict access, and can be configured to blacklist clients when a rule is violated. Unlike
the other properties, the blacklist is dynamically managed by the TOE identifying potentially undesirable network
devices based on observed activities. If a device is actively identified in the blacklist, it cannot be used to connect to
an administrative interface.
The TOE access function is designed to satisfy the following security functional requirements:
FTA_SSL.3: By default, the TOE will terminate inactive user session after 15 minutes and require users to
login again. The timeout period can be changed only by administrator.
FTA_SSL.4: Administrative users can log off at any time by issuing the applicable command.
FTA_SSL_EXT.1: Local inactive administrator sessions are terminated, just like remote inactive
administrator sessions, after the configured timeout period.
FTA_TAB.1: The TOE displays an advisory warning banner regarding use of the TOE prior to establishing
an administrator session. The administrator can configure the warning message displayed in the banner.
FTA_TSE.1: The TOE can deny establishment of a wireless client session based on location, time, day, and
blacklist state.
6.9 Trusted path/channels
The TOE provides trusted paths for remote administration and trusted channels for communication between itself
and peers in the operating environment including authentication, audit, and NTP servers.
For remote administrators, the TOE uses HTTPS/TLS to offer secure remote web GUI-based administration and
SSH to offer a secure remote administration CLI.
For wireless users using an open system connection, the TOE provides an IPsec/IKE VPN trusted path from the
TOE to the wireless users for authentication of the wireless users. A pre-shared key or certificate is distributed using
an out-of-band method and is the basis for initial authentication. The user then optionally authenticates to the
external authentication server using a username and password.
For wireless users operating in a Robust Security Network (RSN), IEEE 802.11-2007 is used to provide a trusted
channel between the TOE and wireless clients.