Manualshelf

Installation guide

ManualsBrandsBrocade Communications Systems ManualsOtherFCX624S-HPOE
21222324252627282930
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014
Page 23 of 48
supports the use of that public key algorithm to authenticate a user connection. Any
configuration activities required to support this test shall be performed according to
instructions in the operational guidance.
Test 2: Using the operational guidance, the evaluator shall configure the TOE to accept
password-based authentication, and demonstrate that a user can be successfully
authenticated to the TOE over SSH using a password as an authenticator.
FCS_SSH_EXT.1.3
The TSF shall ensure that, as described in RFC 4253, packets greater than [256K] bytes in an SSH
transport connection are dropped.
Assurance Activity:
The evaluator shall check that the TSS describes how 'large packets' in terms of RFC 4253 are
detected and handled. The evaluator shall also perform the following test:
Test 1: The evaluator shall demonstrate that if the TOE receives a packet larger than that
specified in this component, that packet is dropped.
FCS_SSH_EXT.1.4
The TSF shall ensure that the SSH transport implementation uses the following encryption
algorithms: AES-CBC-128, AES-CBC-256, [no other algorithms].
Assurance Activity:
The evaluator shall check the description of the implementation of this protocol in the TSS to
ensure that optional characteristics are specified, and the encryption algorithms supported are
specified as well. The evaluator shall check the TSS to ensure that the encryption algorithms
specified are identical to those listed for this component. The evaluator shall also check the
operational guidance to ensure that it contains instructions on configuring the TOE so that SSH
conforms to the description in the TSS (for instance, the set of algorithms advertised by the TOE
may have to be restricted to meet the requirements). The evaluator shall also perform the
following test:
Test 1: The evaluator shall establish a SSH connection using each of the encryption
algorithms specified by the requirement. It is sufficient to observe (on the wire) the
successful negotiation of the algorithm to satisfy the intent of the test.
FCS_SSH_EXT.1.5
The TSF shall ensure that the SSH transport implementation uses SSH_RSA and [no other public
key algorithms] as its public key algorithm(s).
Assurance Activity:
The assurance activity associated with FCS_SSH_EXT.1.4 verifies this requirement.
FCS_SSH_EXT.1.6
The TSF shall ensure that data integrity algorithms used in SSH transport connection is [hmac-
sha1].
Assurance Activity:
The evaluator shall check the TSS to ensure that it lists the supported data integrity algorithms,
and that that list corresponds to the list in this component. The evaluator shall also check the
operational guidance to ensure that it contains instructions to the administrator on how to ensure
that only the allowed data integrity algorithms are used in SSH connections with the TOE
(specifically, that the 'none' MAC algorithm is not allowed). The evaluator shall also perform the
following test: