User guide

Aruba Networks Security Target

Page 14 of 67

3 Security Problem Definition

3.1 Threats

26 Table 1 and Table 2 identify the threats addressed by the TOE.

Table 4: Threats drawn from NDPP

Identifier

Description

T.ADMIN_ERROR

An administrator may unintentionally install or configure the

TOE incorrectly, resulting in ineffective security mechanisms.

T.TSF_FAILURE

Security mechanisms of the TOE may fail, leading to a

compromise of the TSF.

T.UNDETECTED_ACTIONS

Malicious remote users or external IT entities may take actions

that adversely affect the security of the TOE. These actions

may remain undetected and thus their effects cannot be

effectively mitigated.

T.UNAUTHORIZED_ACCESS

A user may gain unauthorized access to the TOE data and

TOE executable code. A malicious user, process, or external

IT entity may masquerade as an authorized entity in order to

gain unauthorized access to data or TOE resources. A

malicious user, process, or external IT entity may misrepresent

itself as the TOE to obtain identification and authentication

data.

T.UNAUTHORIZED_UPDATE

A malicious party attempts to supply the end user with an

update to the product that may compromise the security

features of the TOE.

T.USER_DATA_REUSE

User data may be inadvertently sent to a destination not

intended by the original sender.

3.2 Organizational Security Policies

27 Table 5 identifies the Organizational Security Policies (OSPs) that are addressed by

the TOE.

Table 5: OSPs drawn from NDPP

Identifier

Description

P.ACCESS_BANNER

The TOE shall display an initial banner describing restrictions of

use, legal agreements, or any other appropriate information to

which users consent by accessing the TOE.

3.3 Assumptions

28 Table 6 identifies the assumptions related to the TOE’s environment.