Specifications
82
T.UNAUTHORIZED_ ACCESS
O.MEDIATE works to mitigate this threat by ensuring that all network packets
that flow through the TOE are subject to the information flow policies.
O.TOE_ACCESS and OE.TOE ACCESS The TOE requires authentication prior
to gaining access to certain services on or mediated by the TOE.
O.SELF_PROTECTION and OE.SELF_PROTECTION The TSF and its
environment must ensure that all configured enforcement functions
(authentication, access control rules, etc.) must be invoked prior to allowing a
user to gain access to TOE or TOE mediated services.
O.MANAGE and OE.MANAGE. The TOE and its environment restrict the
ability to modify the security attributes associated with access control rules,
access to authenticated and unauthenticated services, etc., to the administrator.
These objectives ensure that no other user can modify the information flow
policy to bypass the intended TOE security policy.
OE.TOE_NO_BYPASS contributes to mitigating this threat by ensuring that
wireless clients must be configured to use the wireless access system for all
information flowing between a wireless client and any other host on the
network. If the clients are properly configured, any information passing through
the TOE will be inspected to ensure it is authorized by TOE polices.
T.UNAUTH_ADMIN_ACCESS
O.ADMIN_GUIDANCE help to mitigate this threat by ensuring the TOE
administrators have guidance that instructs them how to administer the TOE in a
secure manner. Having this guidance helps to reduce the mistakes that an
administrator might make that could cause the TOE to be configured in a way
that is unsecure.
O.MANAGE and OE.MANAGE - mitigate this threat by restricting access to
administrative functions and management of TSF data to the administrator.
O.TOE _ACCESS and OE.TOE_ACCESS helps to mitigate this threat by
including mechanisms to authenticate TOE administrators and place controls on
administrator sessions.
OE.NO_EVIL help to mitigate this threat by ensuring the TOE administrators
have guidance that instructs them how to administer the TOE in a secure
manner.
T.WIRELESS_INTRUSION
O.WIPS_FUNCTIONS addresses this threat by providing: 1) a wIPS analysis
function to identify wIPS events; 2) a wIPS audit mechanism to create records
based on the observed actions from specific IT System resources; and 3) a wIPS
reaction function to deny unauthorized traffic and block rogue access points and
clients.
T.CLIENT_INSECURE
OE.CLIENT_PROTECT addresses this threat by ensuring wireless clients
and/or their hosts will be configured to not allow unauthorized access to
networking services of the wireless client or to stored TOE authentication
credentials.
P.ACCESS_BANNER
O.DISPLAY_BANNER satisfies this policy by ensuring that the TOE displays
an administrator configurable banner that provides all users with a warning
about the unauthorized use of the TOE. A banner will be presented for all TOE
services that require authentication. In other words, it will be required for all
administrative actions. The presentation of banners prior to actions that take
place as a result of the passing of traffic through the TOE is assumed to be
provided by the operational environment.