Technical data
Brocade Communications Systems, Inc. Page 13 of 48
• Trusted path
There is no distinction between the product and the TOE.
2.2.2.1 Security audit
The TOE generates audit events for numerous activities including policy enforcement, system management and
authentication. A syslog server in the environment is relied on to store audit records generated by the TOE. The
TOE generates a complete audit record including the IP address of the TOE, the event details, and the time the event
occurred. The time stamp is provided by the TOE appliance hardware. When the syslog server writes the audit
record to the audit trail, it applies its own time stamp, placing the entire TOE-generated syslog protocol message
MSG contents into an encapsulating syslog record.
2.2.2.2 User data protection
Host bus adapters can only access storage devices that are members of the same zone. The TOE enforces an access
control policy called the SAN Fabric SFP to accomplish this. The SAN Fabric SFP is implemented using hardware-
enforced zoning (also called “hard zoning” or simply “zoning”) that prevents a host bus adapter from accessing a
device the host bus adapter is not authorized to access. A zone is a region within the fabric
3
where a specified group
of fabric-connected devices (called zone members) have access to one another. Zone members do not have access to
any devices outside the zone and devices outside the zone do not have access to devices inside the zone.
Some models of the TOE support encryption of user data for specified storage devices. A storage device configured
to host encrypted data receives only encrypted data from the TOE and the TOE decrypts data received from the
storage device. The encryption of the data exchanged between the TOE and an encrypted storage device is called
“user data encryption”. A CryptoTarget container is a configuration of “virtual devices” that is created for each
storage device hosted on the TOE. A LUN is simply a number assigned to an addressable logical unit within a
storage device. A CryptoTarget container identifies individual LUNs within a storage device as either encrypted or
cleartext.
2.2.2.3 Identification and authentication
The TOE authenticates administrative users. In order for an administrative user to access the TOE, a user account
including a user name and password must be created for the user, and an administrative role must be assigned. Either
the TOE performs the validation of the login credentials or the information is passed to a RADIUS or LDAP Server
to perform the validation and the TOE enforces the decision. The administrator can configure the order in which the
external authentication provider and the local credentials are checked.
2.2.2.4 Security management
The TOE provides both serial terminal- and Ethernet network-based management interfaces. Each of the three types
of interfaces provides equivalent management functionality. The TOE provides administrative interfaces to
configure hard zoning, as well as to set and reset administrator passwords. By default, host bus adapters do not have
access to storage devices.
2.2.2.5 Protection of the TSF
Protection of the TSF is provided primarily by virtue of the fact that the TOE is a hardware appliance that is
physically protected in the environment. On most models, the TOE does not encrypt data written to or read from
storage devices by host bus adapters. Encryption of this data is called “user data encryption” and is available only
on a subset of the models of the TOE being evaluated (see 6.1.2.1 for more details). The TOE relies instead on the
environment to physically protect the network between the HBA and the TOE, and between the TOE and the storage
device. Separate appliance ports are relied on to physically separate connected HBAs. The appliance’s physical
location between HBAs and storage devices is relied on to ensure TOE interfaces cannot be bypassed. The TOE
encrypts commands sent from terminal applications by administrators using SSH or HTTPS. Further, TOE requires
administrators to login after a SSH or HTTPS connection has been established. The TOE provides a reliable time
stamp for audit records.
3
When more than one instance of the TOE is interconnected (i.e. installed and configured to work together), they
are referred to collectively as a “SAN fabric” or simply a “fabric.”