Specifications
80
T. MASQUERADE
O.TOE_ACCESS mitigates this threat by controlling the logical access to the
TOE and its resources. By constraining how and when authorized users can
access the TOE, and by mandating the type and strength of the authentication
mechanism this objective helps mitigate the possibility of a user attempting to
login and masquerade as an authorized user. In addition, this objective provides
the administrator the means to control the number of failed login attempts a user
can generate before an account is locked out, further reducing the possibility of
a user gaining unauthorized access to the TOE. Finally, the TOE includes
requirements that ensure protected channels are used to authenticate wireless
users and to communicate with critical portions of the TOE IT environment.
OE.TOE_ACCESS supports the TOE authentication by providing an
authentication server in the TOE operational environment. The environment also
includes requirements that ensure protected channels are used to communicate
with critical portions of the TOE operational environment.
OE.TOE_NO_BYPASS contributes to mitigating this threat by ensuring that
wireless clients must be configured for all information flowing between a
wireless client and any other host on the network without passing through the
TOE.
T. POOR_DESIGN
O.CONFIGURATION_IDENTIFICATION plays a role in countering this threat
by requiring the developer to provide control of the changes made to the TOE’s
design documentation and the ability to report and resolve security flaws.
O.DOCUMENTED_DESIGN counters this threat, to a degree, by requiring that
the TOE be developed using sound engineering principles. The use of a high
level design and the functional specification ensure that developers responsible
for TOE development understand the overall design of the TOE. This in turn
decreases the likelihood of design flaws and increases the chance that accidental
design errors will be discovered. ADV_TDS.1 ensures that the TOE design is
consistent across the High Level Design and the Functional Specification.
O.VULNERABILITY_ANALYSIS_TEST ensure that the TOE has been
analyzed for obvious vulnerabilities and that any vulnerabilities found have been
removed or otherwise mitigated. This includes analysis of any probabilistic or
permutational mechanisms incorporated into the TOE.
T.POOR_IMPLEMENTATION
O.CONFIGURATION_IDENTIFICATION plays a role in countering this threat
by requiring the developer to provide control of the changes made to the TOE’s
design. This ensures that changes to the TOE are performed in structure manner
and tracked.
O.PARTIAL_FUNCTIONAL_TESTING ensures that the developers provide
evidence and demonstration that all security functions perform as specified
through independent sample testing.
O.VULNERABILITY_ANALYSIS_TEST ensures that the TOE has been
analyzed and tested to demonstrate that it is resistant to obvious vulnerabilities.
T.POOR_TEST
O.PARTIAL_FUNCTIONAL_TESTING ensures that the developers provide
evidence and demonstration that all security functions perform as specified
through independent sample testing.
O.CORRECT_ TSF_OPERATION ensure that users can verify the continued
correct operation of the TOE after it has been installed in its target environment.
O.VULNERABILITY_ANALYSIS_TEST ensures that the TOE has been
analyzed and tested to demonstrate that it is resistant to obvious vulnerabilities.
O.DOCUMENTED_DESIGN helps to ensure that the TOE's documented design