Table of Contents
Advertisement
Management of TSF Data (Audit logs):The TOE can be configured to clear audit logs
and specify the log level by an administrator.
Management of TSF Data (User Account): The TOE restricts the ability to administer
user data to only administrators. The CLI provides administrators with a text-based
interface from which all user data can be managed. From this interface new accounts can
be created, and existing accounts can be modified or deleted.
l
FMT_MOF.1 Management of security functions behavior
The administrator will perform the following:
1. Configure administrator profiles used to deny or permit access to CLI command tree
permissions, or specific CLI commands.
2. Configure authentication failure handling configurable integer of unsuccessful
authentication attempts within configurable range of time, and configurable lock out
period of time that occurs related to a administrator's authentication.
3. Configure authentication-order for local, RADIUS and TACACS+ authentication
Enables RADIUS or TACACS+ (TOE client-side).
4. Configure password complexity [numeric] [special-character] [capital] [lowercase]and
configure password minimum-length value.
5. Configure ACLs and controls where (e.g., from a specific network address or local
management interface) administrators, and authorized IT entities access the TOE.
6. Configures audit logs.
7. Configure SNMP/SYSLOG
8. Configure NTP
9. Configure anti-DoS attack
10. Configure URPF
11. Configure CPU protection policies
l
FMT_MSA.1 Management of security attributes
Simple security attributes (unauthenticated policy)
The administrator specifies information flow policy rules (i.e., routing protocols and
ingress/egress traffic filtering and peer filtering) that contain information security attribute
values, and associate with that rule an action that permits the information flow or disallows
the information flow. When a packet arrives at the source interface, the information
security attribute values of the packet are compared to each information flow policy rule
and when a match is found the action specified by that rule is taken.
Subject and information security attributes used are:
1. IP network address and port of source subject;
2. IP network address and port of destination subject;
3. transport layer protocol and their flags and attributes (UDP, TCP);
4. network layer protocol (IP, ICMP);
5. interface on which traffic arrives and departs; and
6. routing protocols and their configuration and state.
Simple security attributes (export policy)
SJ-20110815105844-030|2011/08/19(R1.6)
Chapter 6 TOE SUMMARY SPECIFICATION
6-5
ZTE CORPORATION
Hide quick links:
Advertisement
Chapters
Table of Contents
