Manualshelf

Hardware manual

ManualsBrandsBrocade Communications Systems ManualsComputer equipmentNetIron CER Series
41424344454647484950
Version 1.1, 03/31/2015
GSS CCT Evaluation Technical Report Page 47 of 56 © 2015 Gossamer Security Solutions, Inc.
Document: AAR-BrocadeNetIron5.8 All rights reserved.
2.8.1.3 FTP_ITC.1.3
TSS Assurance Activities: None Defined
Guidance Assurance Activities: None Defined
Testing Assurance Activities: None Defined
Component Assurance Activities: The evaluator shall examine the TSS to determine that, for all communications
with authorized IT entities identified in the requirement, each communications mechanism is identified in terms of
the allowed protocols for that IT entity. The evaluator shall also confirm that all protocols listed in the TSS are
specified and included in the requirements in the ST.
Section 6.8 indicates that TLS is required to communicate with a SYSLOG server and SCP (based on SSH) is used to
communicate with an update server. This is consistent with the choices made in FPT_ITC.1.
The TSS also states that in Common Criteria mode, the TOE prevents the use of TFTP to retrieve a new TOE
firmware image.
The evaluator shall confirm that the operational guidance contains instructions for establishing the allowed
protocols with each authorized IT entity, and that it contains recovery instructions should a connection be
unintentionally broken. The evaluator shall also perform the following tests:
a. Test 1: The evaluators shall ensure that communications using each protocol with each authorized IT entity is
tested during the course of the evaluation, setting up the connections as described in the operational guidance
and ensuring that communication is successful.
b. Test 2: For each protocol that the TOE can initiate as defined in the requirement, the evaluator shall follow the
operational guidance to ensure that in fact the communication channel can be initiated from the TOE.
c. Test 3: The evaluator shall ensure, for each communication channel with an authorized IT entity, the channel
data are not sent in plaintext.
d. Test 4: The evaluators shall, for each protocol associated with each authorized IT entity tested during test 1, the
connection is physically interrupted. The evaluator shall ensure that when physical connectivity is restored,
communications are appropriately protected.