Manualshelf

Specifications

ManualsBrandsBrocade Communications Systems ManualsComputer equipmentNetIron CER Series
21222324252627282930
Brocade MLXand NetIron® Family Devices with Multi-Service IronWare R05.7.00
Security Target Version 1., July 15, 2014
Page 24 of 50
5.1.2.9 Explicit: SSH (FCS_SSH_EXT.1)
FCS_SSH_EXT.1.1
The TSF shall implement the SSH protocol that complies with RFCs 4251, 4252, 4253, 4254, and
[no other RFCs].
FCS_SSH_EXT.1.2
The TSF shall ensure that the SSH protocol implementation supports the following authentication
methods as described in RFC 4252: public key-based, password-based.
Assurance Activity:
The evaluator shall check to ensure that the TSS contains a description of the public key
algorithms that are acceptable for use for authentication, that this list conforms to
FCS_SSH_EXT.1.5, and ensure that password-based authentication methods are also allowed.
The evaluator shall also perform the following tests:
Test 1: The evaluator shall, for each public key algorithm supported, show that the TOE
supports the use of that public key algorithm to authenticate a user connection. Any
configuration activities required to support this test shall be performed according to
instructions in the operational guidance.
Test 2: Using the operational guidance, the evaluator shall configure the TOE to accept
password-based authentication, and demonstrate that a user can be successfully
authenticated to the TOE over SSH using a password as an authenticator.
FCS_SSH_EXT.1.3
The TSF shall ensure that, as described in RFC 4253, packets greater than [256K] bytes in an SSH
transport connection are dropped.
Assurance Activity:
The evaluator shall check that the TSS describes how 'large packets' in terms of RFC 4253 are
detected and handled. The evaluator shall also perform the following test:
Test 1: The evaluator shall demonstrate that if the TOE receives a packet larger than that
specified in this component, that packet is dropped.
FCS_SSH_EXT.1.4
The TSF shall ensure that the SSH transport implementation uses the following encryption
algorithms: AES-CBC-128, AES-CBC-256, [no other algorithms].
Assurance Activity:
The evaluator shall check the description of the implementation of this protocol in the TSS to
ensure that optional characteristics are specified, and the encryption algorithms supported are
specified as well. The evaluator shall check the TSS to ensure that the encryption algorithms
specified are identical to those listed for this component. The evaluator shall also check the
operational guidance to ensure that it contains instructions on configuring the TOE so that SSH
conforms to the description in the TSS (for instance, the set of algorithms advertised by the TOE
may have to be restricted to meet the requirements). The evaluator shall also perform the
following test:
Test 1: The evaluator shall establish a SSH connection using each of the encryption
algorithms specified by the requirement. It is sufficient to observe (on the wire) the
successful negotiation of the algorithm to satisfy the intent of the test.