Manualshelf

Common Criteria for HP Networking Switches

ManualsBrandsHP ManualsComputer AccessoriesHP 20-port Gig-T / 4-port SFP v2 zl Module
12345678910
6
Identification and Authentication Functions
Security Management Functions
TOE Access Functions
Protection of the TSF Functions
Security Audit Functions
The TOE records relevant security event data in an Event Log. The audit records in the Event Log serve as
a tool to isolate and troubleshoot problems. The audit trail is stored on the switch and is accessible via
the protected management functional interfaces. The TOE is able to protect the Event Log from
unauthorized deletion or modification. TOE users can view the audit records via the Menu Interface and
the CLI.
The Security Audit Functions may optionally depend on an SNTP Server in the operational environment
to provide reliable timestamps for the audit records. Event Log records and debugging messages can be
optionally sent to an external Syslog Server or sent via SNMP traps as new events are generated. Also,
the entire event log can be exported via TFTP and SFTP for off-TOE storage and review.
Cryptographic Functions
The TOE provides cryptographic support for:
SSH communications
SSL data transport
SNMP messaging and authentication support
hashing of passwords
secure communications with an external authentication server (RADIUS primarily used for
network and mac auth) or TACACS management access
MAC Authentication (port based access control)
The versions of SSL and SSH used in this product have not been FIPS-certified. Compliance to any
standards is vendor-asserted. The services provided by the encryption was tested (i.e. used to test
remote management capabilities of the web interface), but the compliance of the encryption modules
to any standard was not being certified.
Information Flow Control Functions
The TOE performs user data protection through information flow control. Only legitimate external IT
entities are granted access to pass information through the TOE or to the TOE. Traffic is allowed or
blocked through rate filtering, ICMP throttling, protocol-based filtering, source-port filtering, and
dynamic ARP protection. Traffic can be blocked from unauthorized DHCP servers, configured MAC