Manualshelf

Installation guide

ManualsBrandsBrocade Communications Systems ManualsOtherFCX624S-HPOE
31323334353637383940
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014
Page 31 of 48
time period. If locking was selected from the component, the evaluator then ensures that
re-authentication is needed when trying to unlock the session.
5.1.7.4 Default TOE Access Banners (FTA_TAB.1)
FTA_TAB.1.1
Refinement: Before establishing an administrative user session the TSF shall display a Security
Administrator-specified advisory notice and consent warning message regarding use of the TOE.
Assurance Activity:
The evaluator shall check the TSS to ensure that it details each method of access (local and
remote) available to the administrator (e.g., serial port, SSH, HTTPS). The evaluator shall also
perform the following test:
Test 1: The evaluator follows the operational guidance to configure a notice and consent
warning message. The evaluator shall then, for each method of access specified in the
TSS, establish a session with the TOE. The evaluator shall verify that the notice and
consent warning message is displayed in each instance.
5.1.8 Trusted path/channels (FTP)
5.1.8.1 Trusted Channel (FTP_ITC.1)
FTP_ITC.1.1
Refinement: The TSF shall use [TLS, SSH] to provide a trusted communication channel between
itself and authorized IT entities supporting the following capabilities: audit server, [[TOE update
server]] that is logically distinct from other communication channels and provides assured
identification of its end points and protection of the channel data from disclosure and detection of
modification of the channel data.
FTP_ITC.1.2
The TSF shall permit the TSF, or the authorized IT entities to initiate communication via the
trusted channel.
FTP_ITC.1.3
The TSF shall initiate communication via the trusted channel for [transmitting audit records to
an audit server, retrieving a firmware update].
Component Assurance Activity:
The evaluator shall examine the TSS to determine that, for all communications with authorized IT
entities identified in the requirement, each communications mechanism is identified in terms of the
allowed protocols for that IT entity. The evaluator shall also confirm that all protocols listed in
the TSS are specified and included in the requirements in the ST. The evaluator shall confirm that
the operational guidance contains instructions for establishing the allowed protocols with each
authorized IT entity, and that it contains recovery instructions should a connection be
unintentionally broken. The evaluator shall also perform the following tests:
Test 1: The evaluators shall ensure that communications using each protocol with each
authorized IT entity is tested during the course of the evaluation, setting up the
connections as described in the operational guidance and ensuring that communication is
successful.
Test 2: For each protocol that the TOE can initiate as defined in the requirement, the
evaluator shall follow the operational guidance to ensure that in fact the communication
channel can be initiated from the TOE.