Specifications
Brocade MLXe® and NetIron® Family Devices with Multi-Service IronWare R05.7.00
Security Target Version 1., July 15, 2014
Page 48 of 50
The Security management function is designed to satisfy the following security functional requirements:
• FMT_MTD.1: The TOE restricts the access to manage TSF data that can affect the security functions of the
TOE to Authorized Administrator with Super User privilege (aka Security Administrator).
• FMT_SMF.1: The TOE includes the functions necessary to enable/disable available network services, to
manage the cryptomodule and associated functions, and to manage and verify updates of the TOE software
and firmware.
• FMT_SMR.2: The TOE includes roles associated with privileges. ‘Authorized Administrator with Super
User privilege’ corresponds to the required ‘Authorized Administrator’ also referred to as ‘Security
Administrator’ in some requirements.
6.6 Protection of the TSF
The TOE is an appliance and as such is designed to work independent of other components to a large extent. Secure
communication with third-party peers as addressed in section 6.8, Trusted path/channels, and secure communication
among multiple instances of the TOE is limited to a direct link between clustered switch appliances. Normally
clustered components are co-located and connected via a link that would not be exposed outside of the same
physical environment. As such, no additional protection (e.g., encryption) should be necessary in most operational
environments.
While the administrative interface is function rich, the TOE is designed specifically to not provide access to locally
stored passwords (which are protected using MD-5 hashing) and also, while cryptographic keys can be entered, the
TOE does not disclose any cryptographic keys stored in the TOE. The TOE is a hardware appliance that includes a
hardware-based real-time clock. The TOE’s embedded OS manages the clock and exposes administrator clock-
related functions. The TOE can be configured to periodically synchronize its clock with a time server, but the TOE
can only ensure its own reliability and not that of an external time mechanism. The TOE also implements the timing
elements through timeout functionality due to inactivity for terminating both local and remote sessions. Note that the
clock is used primarily to provide timestamp for audit records, but is also used to supporting timing elements of
cryptographic functions.
The TOE includes a number of built in diagnostic tests that are run during start-up to determine whether the TOE is
operating properly. An administrator can configure the TOE to reboot or to stop, with errors displayed, when an
error is encountered. When operating in FIPS mode, the power-on self-tests comply with the FIPS 140-2
requirements for self-testing. The module performs Cryptographic algorithm known answer tests, firmware integrity
tests using RSA signature verification and conditional self-tests for DRBG, Hardware RNG, Pair-wise consistency
tests on generation of RSA keys, and a Firmware load test (RSA signature verification). Upon failing any of its FIPS
mode power-on self-tests, the TOE will refuse to boot.
The TOE supports loading a new software image manually by the administrator using CLI commands. From the
CLI, an administrator can use SCP in order to download a software image, and the TOE, prior to actually installing
and using the new software image, will verify its digital certificate using the public key in the certificate configured
in the TOE. An unverified image cannot be installed. Note that the TOE comes preinstalled with an applicable
Brocade public certificate.
The Protection of the TSF function is designed to satisfy the following security functional requirements:
• FPT_SKP_EXT.1: The TOE does not offer any functions that will disclose to any users a stored
cryptographic key.
• FPT_APW_EXT.1: The TOE does not offer any functions that will disclose to any user a plain text
password. Furthermore, locally defined passwords are not stored in plaintext form.
• FPT_STM.1: The TOE includes its own hardware clock.
• FPT_TST_EXT.1: The TOE includes a number of power-on diagnostics that will serve to ensure the TOE
is functioning properly. The tests include ensure memory and flash can be accessed as expected, to ensure
that software checksums are correct, and also to test the presence and function of plugged devices.