User guide

ManualsBrandsAruba ManualsComputer equipment620

Aruba Networks Security Target

Page 56 of 67

NDPP

Source

Requirement

Assurance

Family

as part of the establishment of a higher-level protocol, e.g., as part of a HTTPS

session. It is sufficient to observe (on the wire) the successful negotiation of a

ciphersuite to satisfy the intent of the test; it is not necessary to examine the

characteristics of the encrypted traffic in an attempt to discern the ciphersuite

being used (for example, that the cryptographic algorithm is 128-bit AES and not

256-bit AES).

16.

FCS_IPSE

C_EXT.1.2

The evaluator shall examine the TSS to verify that it describes how

"confidentiality only" ESP mode is disabled. The evaluator shall also examine

the operational guidance to determine that it describes any configuration

necessary to ensure that "confidentiality only" mode is disabled, and that an

advisory is present indicating that tunnel mode is the preferred ESP mode since

it protects the entire packet.

The evaluator shall examine the TSS to ensure that, in the description of the

IPsec protocol supported by the TOE, it states that aggressive mode is not used

for IKEv1 Phase 1 exchanges, and that only main mode is used. If this requires

configuration of the TOE prior to its operation, the evaluator shall check the

operational guidance to ensure that instructions for this configuration are

contained within that guidance. The evaluator shall also perform the following

tests:

Test 1: The evaluator shall configure the TOE as indicated in the operational

guidance, and attempt to establish a connection using an IKEv1 Phase 1

connection in aggressive mode. This attempt should fail. The evaluator should

then show that main mode exchanges are supported.

Test 2: The evaluator shall configure the TOE as indicated in the operational

guidance, and attempt to establish a connection using ESP in "confidentiality

only" mode. This attempt should fail. The evaluator shall then establish a

connection using ESP in confidentiality and integrity mode.

ASE_TSS

ATE_IND

17.

FCS_IPSE

C_EXT.1.3

The evaluator checks to ensure that the TSS describes how lifetimes for IKEv1

SAs (both Phase 1 and Phase 2) are established. If they are configurable, then

the evaluator verifies that the appropriate instructions for configuring these

values are included in the operational guidance. The evaluator also performs

the following test:

Test 1: The evaluator shall construct a test where a Phase 1 SA is established

and attempted to be maintained for more than 24 hours before it is renegotiated.

The evaluator shall observe that this SA is closed or renegotiated in 24 hours or

less. If such an action requires that the TOE be configured in a specific way, the

evaluator shall implement tests demonstrating that the configuration capability of

the TOE works as documented in the operational guidance.

Test 2: The evaluator shall perform a test similar to Test 1 for Phase 2 SAs,

except that the lifetime will be 8 hours instead of 24.

ASE_TSS

ATE_IND

18.

FCS_IPSE

C_EXT.1.4

The evaluator checks to ensure that the TSS describes how lifetimes for IKEv1

Phase 2 SAs—with respect to the amount of traffic that is allowed to flow using a

given SA--are established. If the value is configurable, then the evaluator

verifies that the appropriate instructions for configuring these values are included

in the operational guidance. The evaluator also performs the following test:

Test 1: The evaluator shall construct a test where a Phase 2 SA is established

ASE_TSS

ATE_IND