Manualshelf

System information

ManualsBrandsCisco ManualsComputer equipmentCatalyst 3750X-48PF
61626364656667686970
Cisco Cat3K ST 6 June 2012
68
6.2 TOE Bypass and interference/logical tampering Protection
Measures
The TOE consists of a hardware platform in which all operations in the TOE scope are
protected from interference and tampering by untrusted subjects. All administration and
configuration operations are performed within the physical boundary of the TOE. Also,
all TSP enforcement functions must be invoked and succeed prior to functions within the
TSC proceeding.
The TOE has been designed so that all locally maintained TSF data can only be
manipulated via the secured management interface, the CLI interface. There are no
undocumented interfaces for managing the product.
All sub-components included in the TOE rely on the main chassis for power, memory
management, and access control. In order to access any portion of the TOE, the
Identification and Authentication mechanisms of the TOE must be invoked and succeed.
No processes outside of the TOE are allowed direct access to any TOE memory. The
TOE only accepts traffic through legitimate TOE interfaces. Specifically, processes
outside the TOE are not able to execute code on the TOE. None of these interfaces
provide any access to internal TOE resources.
The TOE enforces information flow control policies and applies network traffic security
on its interfaces before traffic passes into or out of the TOE. The TOE controls every
ingress and egress traffic flow. Policies are applied to each traffic flow. Traffic flows
characterized as unauthorized are discarded and not permitted to circumvent the TOE.
There are no unmediated traffic flows into or out of the TOE. The information flow
policies identified in the SFRs are applied to all traffic received and sent by the TOE.
Each communication including data plane communication, control plane
communications, and administrative communications are mediated by the TOE. The data
plane allows the ability to forward network traffic; the control plane allows the ability to
route traffic correctly; and the management plane allows the ability to manage network
elements. There is no opportunity for unaccounted traffic flows to flow into or out of the
TOE.
This design, combined with the fact that only an administrative user with the appropriate
privilege level may access the TOE security functions, provides a distinct protected
domain for the TOE that is logically protected from interference and is not bypassable.