Manualshelf

Installation guide

ManualsBrandsMotorola ManualsComputer equipmentRFS7000 Series
12345678910
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target
Page 10 of 85
between the TOE and the wireless client device. Once the connection is established, the wireless
client device may access the protected wired network utilizing the TOE as a gateway. The network
connection between the TOE and the external authentication server is protected using the
IPSec/IKE security protocol. EAP-TLS authentication protocol uses a client certificate for wireless
user authentication, EAP-TTLS and PEAP protocols use password-based authentication.
The TOE provides remote management capabilities using SSH security protocol, as well as local
management capabilities via a local serial port connection. The TOE administrators are required to
authenticate using a username/password combination. The TOE provides an option to authenticate
administrators against an internal administrator database, or against the external authentication
server, however only internal administrator database is used in the evaluated configuration.
The TOE provides capabilities to terminate idle wireless user and administrator sessions after the
inactivity time limit has been reached, as well as disable a remote administrator account after a pre-
defined number of failed authentication attempts had been reached. The account can then be re-
enabled using a local serial port administration session.
The TOE provides auditing capabilities which utilize services of an external syslog audit server. The
network connection between the TOE and the external audit server is secured using IPSec/IKE
security protocol.
The TOE utilizes services of an external Network Time Protocol (NTP) server to obtain reliable time
stamps used in audit records. The network connection between the TOE and the external NTP
server is secured using IPSec/IKE security protocol.
The TOE provides capabilities to run a set of self-tests on power-on and on demand to verify the
integrity and critical functions of the TOE. The security of network data is maintained by zeroizing
the memory location corresponding to a network packet, after the packet has been processed by
the TOE.
2.2 TOE Hardware
The TOE is a standalone rack-mounted hardware device, which includes a set of general-purpose
and network processors that execute the TOE software, as well as volatile and non-volatile storage
components. The physical boundary of the TOE is composed of a metal and hard plastic case and
meets the physical security requirements of FIPS 140-2 at Security Level 2. Tamper-evident seals
are applied to the TOE enclosure to satisfy the tamper evidence requirements of the FIPS 140-2
standard at Security Level 2.
The TOE physical boundary includes a set of network Ethernet ports used to provide network
connectivity, a serial console port used for local administration, a set of status LEDs as well as a
power port used to provide a source of external electric power.
2.3 Scope of Evaluation
The identification of the TOE is provided in Section 1.1 “Security Target Identification”. The scope of
evaluation is comprised by evaluation of TOE security functions specified in Section 6.1 of this
document.