HP A-Series Especificaciones descargar pdf (Pagina 42)

Security Target Version 1.02, 08/16/2013

6. TOE Summary Specification

This chapter describes the security functions:

 Security audit

 Cryptographic support

 User data protection

 Identification and authentication

 Security management

 Protection of the TSF

 TOE access

 Trusted path/channels

6.1 Security audit

The TOE is designed to generate log records for a wide range of security relevant and other events as they occur.

The events that can cause a logged audit record include starting and stopping the audit function, any use of an

administrator command via the CLI interface, as well as all of the events identified in Table 3.

In general, the logged audit records identify the date and time, the nature or type of the triggering event, an

indication of whether the event succeeded, failed or had some other outcome, and the identity of the agent (e.g.,

user) responsible for the event (e.g., user or network host). The logged audit records also include event-specific

content that includes at least all of the content required in Table 3.

The TOE includes an internal log implementation that can be used to store and review audit records locally.

Alternately, the TOE can be configured to send generated audit records to an external SYSLOG server using IPsec.

The TOE can be further configured so the SYSLOG server is on a dedicated VLAN to help protect exported audit

records for disclosure or modification. This necessarily requires the dedicated VLAN be used for this dedicated

purpose in the operational environment.

When configured to export audit records, when the TOE finds the external SYSLOG server is not responding (e.g.,

due to a network discontinuity), it will send an SNMP trap to a configure SNMP server so an administrator can

become aware of, and remedy, the situation.

The Security audit function is designed to satisfy the following security functional requirements:

 FAU_GEN.1: The TOE can generate audit records for events include starting and stopping the audit

function, administrator commands, and all other events identified in Table 3. Furthermore, each audit

record identifies the date/time, event type, outcome of the event, responsible subject/user, as well as the

additional event-specific content indicated in Table 3.

 FAU_GEN.2: The TOE identifies the responsible user for each event based on the specific administrator or

network entity (identified by IP address) that caused the event.

 FAU_STG_EXT.1: The TOE can be configured to export audit records to an external SYSLOG server and

can be configured to use a dedicated VLAN and IPSEC for communication with the SYSLOG server.

6.2 Cryptographic support

The TOE includes FIPS certified cryptographic algorithms providing supporting cryptographic functions. The

following functions have been FIPS certified in accordance with the identified standards.

1 2 ... 37 38 39 40 41 42 43 44 45 46 47 ... 65 66

Sin comentarios

HP A-Series Especificaciones Pagina 42