Manualshelf

Specifications

ManualsBrandsBrocade Communications Systems ManualsSwitch800
40414243444546474849
Brocade MLXe® and NetIron® Family Devices with Multi-Service IronWare R05.8.00
Security Target Version 0.4, March 31, 2015
Page 49 of 49
Note that the product includes other cryptographic algorithms, but since they are not FIPS certified they are not
recommended for use and excluded from the scope of evaluation.
Remote connection to SYSLOG servers is protected using TLS (as specified earlier).
In all cases, the endpoints are assured by virtue of the certificates installed, trusted, and reviewable when connecting
and by virtue of user authentication.
The TOE update service is secured using SCP, as when operating in FIPS (or Common Criteria) Mode, the TOE
prevents the use of TFTP to retrieve a new TOE firmware image.
The Trusted path/channels function is designed to satisfy the following security functional requirements:
FTP_ITC.1: In the evaluated configuration, the TOE must be configured to use TLS to ensure that any
authentication operations and exported audit records are sent only to the configured server so they are not
subject to inappropriate disclosure or modification.
FTP_TRP.1: The TOE provides SSH and TLS/HTTPS, based on its embedded cryptomodule, to ensure
secure remote administration. In each case, the administrator can initiate the remote session, the remote
session is secured (disclosure and modification) using FIPS certified cryptographic operations, and all
remote security management functions require the use of one of these secure channels.