Manualshelf

System information

ManualsBrandsCisco ManualsComputer equipmentCatalyst 3750X-48PF
69707172737475767778
Cisco Cat3K ST 6 June 2012
77
Objective Rationale
O.SELFPRO The TOE must protect itself against attempts by unauthorized users
to bypass, deactivate, or tamper with TOE security functions.
[FDP_ACC.2/FDP_ACF.1] supports this objective by ensuring
access to the commands is controlled and only those users
(administrators) assigned the appropriate privilege can execute the
command, and as such the administrators must be assigned a
privilege level prior to gaining access to the TOE and/or the CLI
commands [FMT_MSA.3(2)]. The switch component of the TOE
provides an encrypted (SSH) mechanism for remote management of
the TOE and for protection of authentication data transferred
between the switch and endpoints are secure by implementing the
encryption protocols as defined in the SFRs and as specified by the
RFCs. [FCS_COP.1(1), (2), (3), and (4) FCS_CKM.1(1) and (2),
FCS_CKM.4, FMT_MSA.2]. The SFR FTA_SSL.3 also meets this
objective by terminating a session due to meeting/exceeding the
inactivity time limit thus ensuring the session does not remain active
and subject to attack. [FTP_RPL.1] supports this objective by
leveraging the ability of the SSH protocol to terminate sessions when
information replay is detected.
0.STARTUP_TEST The TOE will perform initial startup tests upon bootup of the system.
The TOE is required to demonstrate the correct operation of the
security assumptions on startup by running initialization tests
[FPT_TST_EXP.1].
O.TIME The TSF will provide a reliable time stamp for its own use. The
TOE is required to provide reliable timestamps for use with the audit
record. [FPT_STM.1].
O.DISPLAY_BANNER The TSF shall display a banner, before the user establishes a session.
The SFR, FTA_TAB.1 meets this objective by displaying an
advisory notice and consent warning message regarding
unauthorized use of the TOE.
O.RESIDUAL_INFORMATION_CLEA
RING
The TOE must ensure that previous data are zeroized/overwritten so
that the area used by a packet and then reused, data from the
previous transmission does not make its way into a new packet
transmission. The SFR, FDP_RIP.2 meets this objective by ensuring
no left over user data from the previous transmission is included in
the network traffic.