Specifications
Brocade MLXe® and NetIron® Family Devices with Multi-Service IronWare R05.8.00
Security Target Version 0.4, March 31, 2015
Page 45 of 49
The Authorized Administrator with Super User privilege represents the “administrator” referred to in the security
requirements of the protection profile. Other accounts with privileges other than Super User were not testing during
evaluation. The Authorized Administrator with Super User privilege defines local user (or TOE User) accounts and
to assign passwords and privilege levels to the accounts. Each user account has a user name, password, and a
privilege level associated with it. There is a default privilege level account associated with each privilege level and
each has its own password. It is up to the Authorized Administrator with Super User privilege to decide whether or
how to use these legacy accounts. Note however, that each has an identity, password, and privilege level.
The user roles offered by the TOE are categorized differently when described in FIPS documentation. Specifically,
the Authorized Administrator with Super User privilege equates to the FIPS Crypto Officer Role, the Port
Configuration User equates to the FIPS Port Configuration Administrator Role (and has write access to the interface
configuration mode only), and a user with read-only privileges and no configuration mode access equates to the
FIPS User Role.
While the Authorized Administrator with Super User privilege can create or otherwise modify accounts freely, other
users cannot change their own (or any other) security attributes. Note that the TOE supports a password
enforcement configuration where the minimum password length can be set by an administrator up to 48 characters.
Passwords can be created using any alphabetic, numeric, and a wide range of special characters (identified in
FIA_PMG_EXT.1).
Additional authentication mechanisms can also be configured by an Authorized Administrator using an
Authentication Method List. This allows some flexibility in setting up authentication mechanisms when desired. The
available mechanisms include the Local Password for the Super User Privilege level, TACACS+ authentication, and
the SSH public key authentication mechanism. An administrator can create users, associate passwords with user
accounts, and can also set the privilege level associated with a user. User’s after authenticating, may upload a public
key to be used with SSH client public key authentication. However, the TOE’s TOE’s TACACS+ implementation
does not support SSH client public key authentication (the TOE supports SSH client public key authentication
through public keys stored locally within the TOE). Additionally, the TOE’s Web Management Interface (present in
the MLX Series) does not support TACACS+ authentication of users. When authentication succeeds, the TOE
looks up the user’s defined privilege level, assigns that to the user’s session, and presents the user with a command
prompt (the “#” character, e.g., “Brocade(config)#” ).
The Identification and authentication function is designed to satisfy the following security functional requirements:
FIA_PMG_EXT.1: The TOE implements a rich set of password composition constraints as described
above.
FIA_UAU.7: The TOE does not echo passwords as they are entered; rather ‘*’ characters are echoed when
entering passwords.
FIA_UAU_EXT.2: The TOE can be configured to utilize local password-based authentication and SSH
public-key-based authentication mechanisms.
FIA_UIA_EXT.1: The TOE doesn’t offer any services or access to its functions, except for the
switching/routing of network traffic and displaying a message of the day banner, without requiring a user to
be identified and authenticated.
6.5 Security management
The TOE associates each defined user account with a privilege level. The most privileged level is Super User (with
regards to the requirements in this Security Target users with lesser privilege levels are referred to collectively
simply as TOE users since such users do not have complete read-and-write access to the system). Again, as stated in
section 6.4, other accounts with privileges other than Super User were not tested during the evaluation. The TOE
implements an internal access control mechanism that bases decisions about the use of functions and access to TOE
data on those privilege levels. In this manner, the TOE is able to ensure that only the Authorized Administrator with
Super User privilege can access audit configuration data, information flow policy ACLs, user and administrator
security attributes (including passwords and privilege levels), authentication method lists, the logon failure
threshold, the remote access user list; and cryptographic support settings.