Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipment4404 - Wireless LAN Controller
21222324252627282930
25
external components such as the time server use for Controller clock updates. The APs, and
Controllers all use FIPS 140-2 validated cryptomodules, see the TSS for details.
The SFRs covered by this security function are FCS_BCM_(EXT).1, FCS_CKM.1(1),
FCS_CKM.1(2), FCS_CKM.2, FCS_CKM_(EXT).2, FCS_CKM.4, FCS_COP.1(1),
FCS_COP.1(2), FCS_COP.1(3), FCS_COP.1(4), FCS_COP_(EXT).1
2.4.4 Identification & Authentication (FIA)
The TOEs Identification and Authentication security function provides I&A support of all
wireless client hosts (WPA2 with preshared keys or WPA2 with 802.1X) connecting to the
trusted wired network from the wireless network along with providing I&A for all
administrators (username/password over HTTPS) prior to accessing TOE functionality.
Additionally the TOE components authenticate each other via certificates used inCAPWAP,
and Controllers authenticate environmental components with username and password
(SNMPv3), with shared secrets (RADIUS with AES key wrap), and certificates (syslog over
TLS, and NMSP to/from MSE).
The SFRs covered by this security function are FIA_AFL.1(1), FIA_ATD.1(1),
FIA_ATD.1(2), FIA_UAU.1, FIA_UAU_(EXT).5(1), FIA_UID.2, FIA_USB.1(1),
FIA_USB.1(2), FTA_TAB.1, FTP_ITT.1, FTP_ITC_(EXT).1, FTP_TRP.1
2.4.5 Information Flow Control (FDP)
The TOEs Information Flow Control security function provides control of information by
enforcing the wireless encryption scheme that has been administratively configured. This
encryption policy determines whether the APs and Controllers will encrypt and decrypt
communications with wireless clients.
The SFR covered by this security function is FDP_PUD_(EXT).1
2.4.6 Self Protection (FPT)
The TOE controls actions carried out by a user by controlling a user session and the actions
carried out during a user session. By maintaining and controlling a user session a user has
with the TOE the TOE protects itself from the actions of unauthorized users. The hardware
components of the TOE perform TSF tests during initial start-up of the component. These
include the cryptographic module testing on the APs and Controllers. The APs and
Controllers also perform an integrity check on the configuration files upon initial start up.
The results for these tests are reported at the console upon boot up. The Controller and APs
execute FIPS 140-2 power on self tests and conditional tests to ensure the proper operation of
the cryptographic functionality.
The SFRs covered by this security function are FDP_RIP.1(1), FPT_ITT.1,
FPT_TST_(EXT).1, FPT_TST.1(1), FPT_TST.1(2)
2.4.7 Wireless Intrusion Prevention System (IPS)
The wIPS functionality of the TOE provides IDS signature detection, generation of audit
messages related to IDS signature detection, measurement and collection of wireless signal
strength for us in wireless device location tracking (requires deployment of multiple APs and
an MSE), as well as IPS functionality including containment of rogue wireless devices
through transmission of targeted de-authentication attacks to prevent rogue devices from
connecting to other wireless devices. The APs of the TOE support Adaptive wIPS functions,