Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipment4404 - Wireless LAN Controller
31323334353637383940
32
T.WIRELESS_INTRUSION
Rogue APs and malicious wireless clients may attempt to subvert
the wireless network.
P.WIRELESS_LOCATION_POLICY
In concordance with the DOD 8100.2 Wireless LAN Policy, the
TOE will support location tracking for all 802.11 devices
transmitting within the RF environment.
O.WIPS_FUNCTIONS
The TOE will provide the capability to identify wIPS events,
create records based on the observed actions from specific IT
System resources; and deny unauthorized traffic and contain
rogue access points and clients.
The TOE evaluated configuration requires that wireless clients that are configured to allow storage of
TOE authentication credentials be physically and/or technologically protected such that an
unauthorized user cannot attempt to use the stored credentials.
T.CLIENT_INSECURE
An unauthorised user may attempt to gain access to an authorised
client with saved credentials and attempt to subvert the wireless
network.
OE.CLIENT_PROTECT
Wireless clients and/or their hosts will be configured to not allow
unauthorized access to networking services of the wireless client or to
stored TOE authentication credentials.
A.CLIENT_PROTECT
Wireless clients and/or their hosts are configured to not allow
unauthorized access to networking services of the wireless client or to
stored TOE authentication credentials.
3.3.2 TOE Security Functional Requirement Additions
The SFRs that were added to the set in the Protection Profile for the TOE are listed in this
section.
The IPS_SDC_(EXT).1, IPS_ANL_(EXT).1, and IPS_RCT_(EXT).1 SFRs were added to
cover the O.WIPS_FUNCTIONS.
The FIA_USB.1(2) SFR was added to cover the user subject binding for wireless clients.
FPT_ITT.1 was added to describe the protection of TSF data in transmission between the
Controller and APs.
IPS_ANL_(EXT).1 was added to cover the wIPS event analysis function of the AP
component, which functions as a precursor to wIPS audit generation (as referenced from the
Table of auditable events in FAU_GEN.1(1)), and wIPS reaction (IPS_RCT_(EXT).1). The
format for this SFR was drawn from, but not claiming conformance to, the Intrusion
Detection System System For Basic Robustness Environments, Version 1.7, July 25, 2007.
IPS_RCT_(EXT).1 was added to cover the wIPS reaction functions of the TOE to drop traffic
or de-authenticate unauthorized wireless access points and clients. The format for this SFR
was drawn from, but not claiming conformance to, the Intrusion Detection System System
For Basic Robustness Environments, Version 1.7, July 25, 2007.