User guide
Aruba Networks Security Target
Page 35 of 67
49 A SHA-256 hash of each update image is digitally signed using Aruba’s code signing
certificate (RSA 2048 bit). When an update is initiated, the TOE verifies the digital
signature with a stored certificate (stored in Boot ROM).
50 Upon successful verification, the TOE boots using the new image. Should
verification fail, the TOE will enter into an error state. The TOE’s error state will allow
direct console access only, where an administrator can change to a new file partition
or TFTP a new image and re-boot.
6.1.3 System Monitoring
Related SFRs: FAU_GEN.1, FAU_GEN.2, FAU_STG_EXT.1, FPT_STM.1
51 The TOE maintains an audit log of administrative and security relevant events. Logs
can optionally be delivered to a Syslog server. The administrator can configure the
TOE to protect Syslog messages using IPSec as described in section 6.1.1.2.
Further detail regarding Syslog and audit messages is provided in the guidance
document: ArubaOS 6.3 Syslog Messages, Ref 0510838-01.
[USER] Chapter 35, Management Access->Configuring Logging
provides more details on configuring to use Syslog. Select all
Categories and all Subcategories. Set the logging level to “Warning”
for all Categories and Subcategories to generate all of the security
event logs as defined in FAU_GEN.1 Table 15.
If Syslog has been enabled, all audit logs are simultaneously written
to both the local audit log and the syslog server.
52 Note: The command “show audit-trail” as documented in [CLI] is used to show a log
of all administrative actions. By default, only commands which change system
behaviour are logged. By setting the configuration parameter “audit-trail all”, all
commands will be logged including commands which do not alter system behaviour.
53 The TOE uses an internal system clock to provide reliable timestamps for audit logs.
The system clock can be set manually or by configuring the TOE to use a Network
Time Protocol (NTP) server to synchronize its system clock with a central time
source. If connectivity to the NTP server is lost, the TOE continues to maintain time
using the internal system clock and re-synchronizes with the NTP server once
connectivity is re-established.
[USER] Chapter 35, Management Access->Setting the System Clock
provides instructions on setting the system clock.
54 In the event that a TOE network interface is overwhelmed by traffic the TOE will drop
packets. An administrator can examine interface counters (using the ‘show interface’
command) to determine if the TOE has dropped packets due to being overwhelmed
by traffic.
55 The TOE’s local audit log consists of three files (for each audit category) that are
31,768 bytes each. The log files are filled consecutively. Once the last file is full, the
TOE will begin overwriting the first log file. The log files may only be access by an
Authorized Administrator – described in the following section.
6.1.4 Secure Administration
Related SFRs: FIA_UIA_EXT.1, FIA_UIA_EXT.2, FIA_PMG_EXT.1, FIA_UAU.7, FMT_MTD.1,
FMT_SMF.1, FMT_SMR.2, FPT_APW_EXT.1, FTA_SSL_EXT.1, FTA_SSL.3,
FTA_SSL.4, FTA_TAB.1, FPT_STM.1
56 Initial configuration of the TOE is performed using a question-and-answer dialog
presented through the console port after the TOE is powered on for the first time, or