Manualshelf

User guide

ManualsBrandsAruba ManualsComputer equipment620
21222324252627282930
Aruba Networks Security Target
Page 27 of 67
FCS_SSH_EXT.1.2 The TSF shall ensure that the SSH protocol implementation supports the
following authentication methods as described in RFC 4252: public key-
based, password-based.
FCS_SSH_EXT.1.3 The TSF shall ensure that, as described in RFC 4253, packets greater
than 32,768 bytes in an SSH transport connection are dropped.
FCS_SSH_EXT.1.4 The TSF shall ensure that the SSH transport implementation uses the
following encryption algorithms: AES-CBC-128, AES-CBC-256, no other
algorithms.
FCS_SSH_EXT.1.5 The TSF shall ensure that the SSH transport implementation uses
SSH_RSA and no other public key algorithms as its public key
algorithm(s).
FCS_SSH_EXT.1.6 The TSF shall ensure that data integrity algorithms used in SSH
transport connection is hmac-sha1, hmac-sha1-96.
FCS_SSH_EXT.1.7 The TSF shall ensure that diffie-hellman-group14-sha1 is the only
allowed key exchange method used for the SSH protocol.
5.3.3 User Data Protection (FDP)
FDP_RIP.2 Full Residual Information Protection
FDP_RIP.2.1 The TSF shall ensure that any previous information content of a resource
is made unavailable upon the deallocation of the resource from all
objects.
5.3.4 Identification and Authentication (FIA)
FIA_PMG_EXT.1 Password Management
FIA_PMG_EXT.1.1 The TSF shall provide the following password management capabilities
for administrative passwords:
1. Passwords shall be able to be composed of any combination of upper
and lower case letters, numbers, and the following special characters: “!”,
“@”, “#”, “$”, “%”, ^”, “&”, “*”, “_”, “<”, “>”, “{“, “}”, “[“, “]”, “:”, “.”, “|”, “+”.
“~”, “,”, “ ` ”;
2. Minimum password length shall settable by the Security Administrator,
and support passwords of 15 characters or greater;
5.3.5 User Identification and Authentication (FIA_UIA)
FIA_UIA_EXT.1 User Identification and Authentication
FIA_UIA_EXT.1.1 The TSF shall allow the following actions prior to requiring the non-TOE
entity to initiate the identification and authentication process:
Display the warning banner in accordance with FTA_TAB.1;
no other actions