Specifications

ManualsBrandsCisco ManualsNetworkingCISCO881W-GN-A-K9

Cisco ISR-800 Security Target

Threat

Threat Definition

T.ADMIN_ERROR

An administrator may unintentionally install or configure the TOE

incorrectly, resulting in ineffective security mechanisms.

T.TSF_FAILURE

Security mechanisms of the TOE may fail, leading to a compromise of

the TSF.

T.UNDETECTED_ACTIONS

Malicious remote users or external IT entities may take actions that

adversely affect the security of the TOE. These actions may remain

undetected and thus their effects cannot be effectively mitigated.

T.UNAUTHORIZED_ACCESS

A user may gain unauthorized access to the TOE data and TOE

executable code. A malicious user, process, or external IT entity may

masquerade as an authorized entity in order to gain unauthorized access

to data or TOE resources. A malicious user, process, or external IT entity

may misrepresent itself as the TOE to obtain identification and

authentication data.

T.UNAUTHORIZED_UPDATE

A malicious party attempts to supply the end user with an update to the

product that may compromise the security features of the TOE.

T.USER_DATA_REUSE

User data may be inadvertently sent to a destination not intended by the

original sender.

Reproduced from the VPNGWEP

T.NETWORK_DISCLOSURE

Sensitive information on a protected network might be disclosed

resulting from ingress- or egress-based actions.

T. NETWORK_ACCESS

Unauthorized access may be achieved to services on a protected network

from outside that network, or alternately services outside a protected

network from inside the protected network.

T.NETWORK_MISUSE

Access to services made available by a protected network might be used

counter to Operational Environment policies.

T.TSF_FAILURE

Security mechanisms of the TOE mail fail

, leading to a compromise of

the TSF.

T.REPLAY_ATTACK

If malicious or external IT entities are able to gain access to the network,

they may have the ability to capture information traversing throughout

the network and send them on to the intended receiver.

T.DATA_INTEGRITY

A malicious party attempts to change the data being sent – resulting in

loss of integrity.

3.3 Organizational Security Policies

The following table lists the Organizational Security Policies imposed by an organization to address its security

needs.

Table 11 Organizational Security Policies

Should read – “may fail” and not “mail fail”. Typo in the PP.