Specifications
Brocade MLXe® and NetIron® Family Devices with Multi-Service IronWare R05.8.00
Security Target Version 0.4, March 31, 2015
Page 48 of 49
The Protection of the TSF function is designed to satisfy the following security functional requirements:
FPT_SKP_EXT.1: The TOE does not offer any functions that will disclose to any users a stored
cryptographic key.
FPT_APW_EXT.1: The TOE does not offer any functions that will disclose to any user a plain text
password. Furthermore, locally defined passwords are not stored in plaintext form.
FPT_STM.1: The TOE includes its own hardware clock.
FPT_TST_EXT.1: The TOE includes a number of power-on diagnostics that will serve to ensure the TOE
is functioning properly. The tests include ensure memory and flash can be accessed as expected, to ensure
that software checksums are correct, and also to test the presence and function of plugged devices.
FPT_TUD_EXT.1: The TOE provides function to query the version and upgrade the software embedded in
the TOE appliance. When installing updated software, digital signatures are used to authenticate the update
to ensure it is the update intended and originated by Brocade.
6.7 TOE access
The TOE can be configured to display an administrator-configured message of the day banner that will be displayed
before authentication is completed (before the user enters his password). The banner will be displayed when
accessing the TOE via the console, SSH, or TLS/HTTPS interfaces.
The TOE can be configured by an administrator to set a session timeout value (any value up to 240 minutes, with 0
disabling the timeout) – the default timeout is disabled. A session (local or remote) that is inactive (i.e., no
commands issuing from the remote client) for the defined timeout value will be terminated. Upon exceeding the
session timeout (if set), the TOE logs the user off, but leaves the user’s console displaying the last contents.
The user will be required to login in after any session has been terminated due to inactivity or after voluntary
termination. Of course, administrators can logout of local or remote sessions at any time.
The TOE access function is designed to satisfy the following security functional requirements:
FTA_SSL.3: The TOE terminates remote sessions that have been inactive for an administrator-configured
period of time.
FTA_SSL.4: The TOE provides the function to logout (or terminate) the both local and remote user
sessions as directed by the user.
FTA_SSL_EXT.1: The TOE terminates local sessions that have been inactive for an administrator-
configured period of time.
FTA_TAB.1: The TOE can be configured to display administrator-defined advisory banners when
administrators successfully establish interactive sessions with the TOE, allowing administrators to
terminate their session prior to performing any functions.
6.8 Trusted path/channels
The TOE implements SSHv2 and HTTPS (using TLSv1.2) which are required to be used for remote administration.
When an administrator attempts to connect to the TOE, the TOE attempts to negotiate a session. If the session
cannot be negotiated, the connection is dropped.
When a client attempts to connect using SSH or TLS/HTTPS, the TOE and the client will negotiate the most secure
algorithms available at both ends to protect that session. SSH_RSA is the only public key authentication algorithm
used by the SSH transport implementation, and DH group 14 is the only Diffie-Hellman group the TOE supports
when configured in Common Criteria mode.
In each case, AES-CBC with 128-bit or 256-bit keys is implemented for encryption and decryption and RSA using
up to 2048-bit keys are implemented for key exchange and authentication (i.e., distribution).