User guide

ManualsBrandsAruba ManualsComputer equipment620

Aruba Networks Security Target

Page 58 of 67

NDPP

Source

Requirement

Assurance

Family

this key to successfully establish an IPsec connection. While the evaluator is not

required to test that all of the special characters or lengths listed in the

requirement are supported, it is required that they justify the subset of those

characters chosen for testing, if a subset is indeed used.

23.

FCS_SSH_

EXT.1.2

The evaluator shall check to ensure that the TSS contains a description of the

public key algorithms that are acceptable for use for authentication, that this list

conforms to FCS_SSH_EXT.1.5, and ensure that password-based

authentication methods are also allowed. The evaluator shall also perform the

following tests:

Test 1: The evaluator shall, for each public key algorithm supported, show that

the TOE supports the use of that public key algorithm to authenticate a user

connection. Any configuration activities required to support this test shall be

performed according to instructions in the operational guidance.

Test 2: Using the operational guidance, the evaluator shall configure the TOE to

accept password-based authentication, and demonstrate that a user can be

successfully authenticated to the TOE over SSH using a password as an

authenticator.

ASE_TSS

ATE_IND

24.

FCS_SSH_

EXT.1.3

The evaluator shall check that the TSS describes how “large packets” in terms of

RFC 4253 are detected and handled. The evaluator shall also perform the

following test:

Test 1: The evaluator shall demonstrate that if the TOE receives a packet larger

than that specified in this component, that packet is dropped.

ASE_TSS

ATE_IND

25.

FCS_SSH_

EXT.1.4

The evaluator shall check the description of the implementation of this protocol in

the TSS to ensure that optional characteristics are specified, and the encryption

algorithms supported are specified as well. The evaluator shall check the TSS to

ensure that the encryption algorithms specified are identical to those listed for

this component.

The evaluator shall also check the operational guidance to ensure that it

contains instructions on configuring the TOE so that SSH conforms to the

description in the TSS (for instance, the set of algorithms advertised by the TOE

may have to be restricted to meet the requirements). The evaluator shall also

perform the following test:

Test 1: The evaluator shall establish a SSH connection using each of the

encryption algorithms specified by the requirement. It is sufficient to observe (on

the wire) the successful negotiation of a protocol to satisfy the intent of the test.

ASE_TSS

AGD_OPE

ATE_IND

26.

FCS_SSH_

EXT.1.5

The assurance activity associated with FCS_SSH_EXT.1.4 verifies this

requirement.

N/A

27.

FCS_SSH_

EXT.1.6

The evaluator shall check the TSS to ensure that it lists the supported data

integrity algorithms, and that that list corresponds to the list in this component.

The evaluator shall also check the operational guidance to ensure that it

contains instructions to the administrator on how to ensure that only the allowed

data integrity algorithms are used in SSH connections with the TOE (specifically,

that the “none” MAC algorithm is not allowed).

ASE_TSS