Specifications

ManualsBrandsBrocade Communications Systems ManualsSwitch800

Brocade MLXe® and NetIron® Family Devices with Multi-Service IronWare R05.8.00

Security Target Version 0.4, March 31, 2015

Page 46 of 49

Other than the Super User level, the TOE implements a Read Only level where only basic commands can be issued

and no changes can be made and a Port Configuration level where non-security device parameters can be managed.

Collectively, this ST refers to all users of the TOE as “TOE Users” where the “Authorized Administrator with Super

User privilege” is a subset of that broader role.

The TOE offers command line functions which are accessible via the CLI. The CLI is a text based interface which

can be accessed from a directly connected terminal or via a remote terminal using SSH. These command line

functions can be used to effectively manage every security policy, as well as the non-security relevant aspects of the

TOE.

Similarly, the TOE’s MLX series offers a Web Management Interface that offers access to the same functions as the

CLI. While the Web Management Interface could be configured to be accessible via HTTP or HTTPS (using

TLSv1.0, 1.1, and 1.2), the evaluated configuration only includes the use of HTTPS (note that the TOE does not

support client authentication) to ensure that the administrative session is not subject to modification or disclosure.

The following table provides the list of security-related commands used to configure or examine the TOE security

settings. The services listed here reflect the minimal set needed to properly configure the TOE to comply with the

requires of the Protection Profile for Network Devices, version 1.1, 8 June 2012 (NDPP) with Errata #3, 3

November 2014.

Command

Tested Command Variantts

Description

write

write memory

Write to persistent storage

crypto

crypto key generate

Invoke cryptographic functions

openssl

openssl s_server

Configure secure connections (e.g., with

syslog)

logging

logging host <ip-address> ssl-port <port>

Configure the audit logging host

reload

Reload the current flash image

console

console timeout <time>

Manage console properties

banner

banner motd +

Manage the login banner

exit

Logout or exit current session

ntp

Switch to ntp configuration mode

config

config t

Switch to configuration mode

username

username <user> password

Manage user accounts

clock

clock set <time>

Manage the internal clock

server

server <ntp server ip> minpoll <time>

Configure external services

crypto-ssl

crypto-ssl certificate generate

Manage web server properties

web-management

web-management session-timeout <time>

Manage web interface

fips

fips enable common-criteria

fips show

fips zeroize all

Manage FIPS and Common Criteria

configuration

ip ssh pub-key-file

ip ssh idle-time <time>

Manage ip connection (e.g., ssh)

configuration

aaa

aaa authentication

aaa authentication enable default tacacs+ local

aaa authentication login default tacacs+ local

aaa authentication web-server default local

Configure the aaa authentication functions

tacacs-server

tacacs-server host <ipaddr> ssl-auth-port <port>

default

tacacs-server retransmit <retransmit period>

tacacs-server timeout <timeout period>

tacacs-server key <key>

Configure TACACAS+ server

enable

enable aaa

enable password-min-length 15

enable user password-masking

Enable console login features

show

show flash

show ver

Show identified configuration information