Common Criteria for HP Networking Switches

addresses, configured IP addresses and source-ports, and through the use of access control lists (ACLs).

Identification and Authentication Functions

The TOE enforces password-based authentication before allowing access to the command line, menu,

and web-based management interfaces. The TOE also allows the use of an optional external

authentication server (RADIUS or TACACS+) for TOE user identification and authentication.

The TOE enhances user login security by masking passwords during entry on user login.

Identification and authentication functionality may optionally depend on the operational environment

by use of an external authentication server.

Security Management Functions

The TOE supports role-based access to the administrative interfaces and management functions via the

following management interfaces:

 Command Line Interface (CLI)

 Menu Interface

 Web-Based interface

 physical interface available on the front panel of the switch appliance

 MIB interface.

The TOE supports management of the security attributes that are used for information flow control,

including the following administrative security roles:

 Manager

 Operator

 Global Configuration (CLI only)

 Context Configuration (CLI only)

Each role provides a set of privileges to access the management functions of the web, menu, and

command line interfaces.

The Security Management functionality depends on the remote management console using SSH for

accessing the console interfaces (CLI or Menu Interface) or a SSL-enabled web browser for use of the

web interface.

Functionality is provided for disabling/locking the Front Panel Interface and the USB interface to prevent

unauthorized physical tampering.

To use the MIB interface, the TOE requires the use of an operational, environmentally supplied network

management station, which was not in scope of evaluation, with SNMPv3 enabled.