Specifications

Brocade MLXe® and NetIron® Family Devices with Multi-Service IronWare R05.7.00

Security Target Version 1., July 15, 2014

Page 49 of 50

• FPT_TUD_EXT.1: The TOE provides function to query the version and upgrade the software embedded in

the TOE appliance. When installing updated software, digital signatures are used to authenticate the update

to ensure it is the update intended and originated by Brocade.

6.7 TOE access

The TOE can be configured to display an administrator-configured message of the day banner that will be displayed

before authentication is completed (before the user enters his password). The banner will be displayed when

accessing the TOE via the console, SSH, or TLS/HTTPS interfaces.

The TOE can be configured by an administrator to set a session timeout value (any value up to 240 minutes, with 0

disabling the timeout) – the default timeout is disabled. A session (local or remote) that is inactive (i.e., no

commands issuing from the remote client) for the defined timeout value will be terminated. Upon exceeding the

session timeout (if set), the TOE logs the user off, but leaves the user’s console displaying the last contents.

The user will be required to login in after any session has been terminated due to inactivity or after voluntary

termination. Of course, administrators can logout of local or remote sessions at any time.

The TOE access function is designed to satisfy the following security functional requirements:

• FTA_SSL.3: The TOE terminates remote sessions that have been inactive for an administrator-configured

period of time.

• FTA_SSL.4: The TOE provides the function to logout (or terminate) the both local and remote user

sessions as directed by the user.

• FTA_SSL_EXT.1: The TOE terminates local sessions that have been inactive for an administrator-

configured period of time.

• FTA_TAB.1: The TOE can be configured to display administrator-defined advisory banners when

administrators successfully establish interactive sessions with the TOE, allowing administrators to

terminate their session prior to performing any functions.

6.8 Trusted path/channels

The TOE implements SSHv2 and HTTPS (using TLSv1.0) which are required to be used for remote administration.

When an administrator attempts to connect to the TOE, the TOE attempts to negotiate a session. If the session

cannot be negotiated, the connection is dropped.

When a client attempts to connect using SSH or TLS/HTTPS, the TOE and the client will negotiate the most secure

algorithms available at both ends to protect that session. SSH_RSA is the only public key authentication algorithm

used by the SSH transport implementation, and DH group 14 is the only Diffie-Hellman group the TOE supports

when configured in Common Criteria mode.

In each case, AES-CBC with 128-bit or 256-bit keys is implemented for encryption and decryption and RSA using

up to 2048-bit keys are implemented for key exchange and authentication (i.e., distribution).

Note that the product includes other cryptographic algorithms, but since they are not FIPS certified they are not

recommended for use and excluded from the scope of evaluation.

Remote connection to SYSLOG servers is protected using TLS (as specified earlier).

In all cases, the endpoints are assured by virtue of the certificates installed, trusted, and reviewable when connecting

and by virtue of user authentication.

The TOE update service is secured using SCP, as when operating in FIPS (or Common Criteria) Mode, the TOE

prevents the use of TFTP to retrieve a new TOE firmware image.

The Trusted path/channels function is designed to satisfy the following security functional requirements: