Manualshelf

Installation guide

ManualsBrandsMotorola ManualsComputer equipmentRFS7000 Series
21222324252627282930
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target
Page 25 of 85
5.2.1.11 FDP_PUD_EXP.1 Protection of user data
FDP_PUD_EXP.1.1 When the administrator has enabled encryption, the TSF shall:
encrypt authenticated user data transmitted to a wireless client from the radio interface of the
wireless access system using the cryptographic algorithm(s) specified in FCS_COP_EXP.2
utilizing 802.11i wireless security protocol;
decrypt authenticated user data received from a wireless client by the radio interface of the wireless
access system using the cryptographic algorithm(s) specified in FCS_COP_EXP.2 utilizing 802.11i
wireless security protocol.
Application Note: This requirement allows the TOE administrator to require that all user data transmitted on
the WLAN be encrypted using the cryptographic algorithms specified by FCS_COP.
5.2.1.12 FDP_RIP.1(1) Subset residual information protection
FDP_RIP.1.1(1) The TSF shall ensure that any previous information content of a resource is made
unavailable upon the deallocation of the resource from the following objects: [network packet
objects].
Application Note: This requirement ensures that the TOE does not allow data from a previously transmitted
packet to be inserted into unused areas or padding in the current packet.
5.2.1.13 FIA_AFL.1(1) Administrator authentication failure handling
FIA_AFL.1.1(1) The TSF shall detect when an administrator configurable positive integer within the
range of [1 to 1024] of unsuccessful authentication attempts occur related to [remote administrators
logging on to the WLAN access system].
FIA_AFL.1.2(1) When the defined number of unsuccessful authentication attempts has been met or
surpassed, the TSF shall [prevent remote login by administrators until an action is taken by a local
Administrator].
Application Note: This requirement applies to remote administrator login and does not apply to the local
login of the TOE, since it does not make sense to lock a local administrator’s account in this fashion. For the
purpose of the WLANAS PP, remote administrator refers to administrators that do not have either Serial
cable or local console access to the TOE.
Application Note: This requirement does NOT require that the TOE allow remote administration. However, if
the TOE does allow administrators to login to the TOE remotely (e.g. from the wired interface or a
management network) then it must provide a mechanism to prevent brute force attacks on the administrative
account.
5.2.1.14 FIA_ATD.1(1) Administrator attribute definition
FIA_ATD.1.1(1) The TSF shall maintain the following minimum list of security attributes belonging
to individual administrators: [password, [no additional attributes]].