Manualshelf

User guide

ManualsBrandsAruba ManualsComputer equipment620
31323334353637383940
Aruba Networks Security Target
Page 34 of 67
requires RSA key sizes of 2048 bits or greater. The TOE supports an RSA
key size of 1024 bits in addition to 2048 bits. The administrator must not load
an RSA X.509 certificate with a key size smaller than 2048 bits when
operating in the Common Criteria evaluated configuration.
j) Pre-shared keys are manually entered during IKE policy configuration. The
pre-shared key is used in combination with an agreed DH secret key and an
exchanged nonce to generate session keys (SKEYs) which are used to
authenticate the two peers to each other as well as to encrypt subsequent IKE
exchanges.
k) Pre-shared keys conform to the character and length requirements at
FCS_IPSEC_EXT.1.8.
l) Only HMAC-SHA-1/256/384 are supported, with key and digest sizes of 160,
256, and 384 bits respectively. The TOE prevents configuration of MD5 while
operating in FIPS mode.
m) Random number generator services for IPsec are provided automatically by
the TOE and do not require administrator configuration.
6.1.1.3 SSH
Related SFRs: FCS_CKM.1(3), FCS_CKM_EXT.4, FCS_COP.1(1), FCS_COP.1(3),
FCS_COP.1(4), FCS_RBG_EXT.1(1), FPT_SKP_EXT.1, FTP_TRP.1,
FCS_SSH_EXT.1
47 The CLI can be accessed from an SSHv2 enabled client. The TOE’s SSH
implementation has the following characteristics:
a) SSHv2 is supported
b) Public key and password authentication is supported
[USER] Chapter 35, “Enabling Public Key Authentication for SSH
Access” provides more information.
c) The following algorithms are implemented: SSH_RSA for public keys, AES-
CBC-128 and AES-CBC-256 for encryption, HMAC-SHA1 and HMAC-SHA1-
96 for integrity. Note: The encryption and integrity algorithms used are not
configurable by the administrator.
d) Packets greater than 32,768 bytes in an SSH transport connection are
dropped.
e) All key exchanges for SSH are performed using DH group 14. This behavior is
hard-coded into the TOE.
f) No optional protocol characteristics are implemented.
6.1.2 Verifiable Updates
Related SFRs: FPT_TUD_EXT.1, FCS_COP.1(2), FCS_COP.1(3)
48 Administrators can update the TOE executable code using image files manually
downloaded from the Aruba support portal. The administrator may perform an
update from either the WebUI or CLI.
Upgrade instructions are documented in the release notes for each
software release, which will be posted in the same directory as the
image file on the support portal.