Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsHousehold Appliances8
21222324252627282930
Brocade Communications Systems, Inc. Page 29 of 48
6. TOE Summary Specification
This chapter describes the security functions and associated assurance measures.
6.1 TOE Security Functions
6.1.1 Audit
The TOE generates audit records for start-up and shutdown of the TOE, and for an unspecified level of audit. Audit
records include date and time of the event, type of event, user identity that caused the event to be generated, and the
outcome of the event. The TOE sends audit records to a syslog server in the environment. The environment is relied
on to provide interfaces to read from the audit trail. The auditable events include:
Requirement Component
Auditable event
FAU_GEN.1
start-up and shutdown of the audit functions
(specifically, of the TOE)
FIA_AFL.1
Locking and unlocking of an account as a result of
exceeding the maximum number of failed logons.
FIA_UAU.2
unsuccessful use of the authentication mechanism
FIA_UID.2
unsuccessful use of the user identification mechanism,
including the user identity provided
FMT_SMF.1
use of the management functions (specifically, zone
configuration , data encryption configuration, password
management configuration, authentication attempts
maximum configuration, TOE access filtering
configuration, and setting user attributes)
FMT_SMR.1
modifications to the group of users that are part of a role
Syslog protocol messages containing audit records have three parts. The first part is called the PRI, the second part
is the HEADER, and the third part is the MSG. The TOE generates syslog audit records as follows:
The TOE generates a complete audit record including the IP address of the TOE, the event details, and the
time the event occurred. The time stamp is provided by the underlying TOE appliance hardware.
Each audit record contains the following fields:
AUDIT, <Timestamp generated by TOE>, <Event Identifier>, <Severity>, <Event Class>,
<Username>/<Role>/<IP address>/<Interface>/<Application name>, <Admin
Domain>/<Switch name>, <Reserved field for future expansion>, <Message>
For example:
AUDIT, 2006/12/10-09:54:03 (GMT), [SEC-1000], WARNING, SECURITY,
JohnSmith/root/192.168.132.10/Telnet/CLI, Domain A/JohnsSwitch, , Incorrect password during
login attempt
The audit record is packaged into a syslog protocol message. The complete audit record is packaged into
the syslog MSG part. The PRI and HEADER are then added.
A network connection is established with the syslog server in the environment and the audit record is sent.
When the syslog server writes the audit record to the audit trail, it applies its own time stamp, placing the entire
TOE-generated syslog protocol message MSG contents into an encapsulating syslog record, as depicted below.