Security Management - Zte ZXR10 M6000 Series Manual

ZXR10 M6000&T8000&8900E Security Target
is processed between RADIUS and local or TACACS+ and local passwords are
specifically configured. The order of TACACS+ and local can be configured. The allowed
authentication models are listed below:
1. Local only
2. RADIUS only
3. TACAS+ only
4. RADIUS first, if RADIUS not response then local authentication
5. TACACS+ first, if TACACS+ not response then local authentication
6. Local first, if local authentication failed then RADIUS authentication
7. Local first, if local authentication failed then TACACS+ authentication
Authentication validates an administrator name and password combination when an
administrator attempts to log in. When an administrator attempts to log in, the TOE sends
an access request to a RADIUS, TACACS+, or local database.
l
FIA_UID.2 User identification before any action
The TOE validates an administrator name and password combination when an
administrator attempts to log in
l
FIA_UAU.5 Multiple authentication mechanisms
The TOE software supports three kinds of user authentication methods:
Authentication, Remote Authentication Dial-In User Service (RADIUS) and Terminal
Access Controller Access Control System Plus (TACACS+). Authentication mechanism
can be configured. Administrator can be authenticated any of the above authentication
mechanisms based on the specification by authentication.

6.1.3 Security Management

The TOE provides administrators with the capabilities to configure, monitor and manage
the TOE to fulfill the Security Objectives. Security Management principles relate to Security
Audit and Information Flow Control. Administrators configure the TOE via remote/local CLI.
l
FMT_MTD.1 Management of TSF Data
Management of TSF Data (Configuration Item and Filtering Rule): The TOE restricts
the ability to administer the router configuration item and filtering rule. The CLI provides a
text-based interface from which the router configuration can be managed and maintained.
From this interface, all TOE functions such as BGPv4, RIPv2 IS-IS and OSPFv2 protocols
can be managed.
information, much of which is automatically collected from the TOE environment.
This CLI interface also provides the administrator with the ability to configure an external
authentication server, such as a RADIUS or TACACS+ server. When this is assigned,
a user can be authenticated to the external server instead of directly to the TOE. If
authentication-order includes RADIUS or TACACS+, then these will be consulted in the
configured order for all users.
Management of TSF Data (Date/time):The TOE will allow only an administrator to modify
the date/time setting on the appliance.
SJ-20110815105844-030|2011/08/19（R1.6）
The TOE automatically routes traffic based on available routing
6-4
Local
ZTE CORPORATION