Brocade MLXe® and NetIron® Family Devices with Multi-Service IronWare R05.7.00
Security Target Version 1., July 15, 2014
Page 47 of 50
Similarly, the TOE’s MLX series offers a Web Management Interface that offers access to the same functions as the
CLI. While the Web Management Interface could be configured to be accessible via HTTP or HTTPS (using
TLSv1.0), the evaluated configuration only includes the use of HTTPS (note that the TOE does not support client
authentication) to ensure that the administrative session is not subject to modification or disclosure.
The following table provides the list of security-related commands used to configure or examine the TOE security
settings. The services listed here reflect the minimal set needed to properly configure the TOE to comply with the
requires of the Protection Profile for Network Devices, version 1.1, 8 June 2012 (NDPP) with Errata #2, 13 January
2014.
Write to persistent storage
Invoke cryptographic functions
Configure secure connections (e.g., with
syslog)
logging host <ip-address> ssl-port <port>
Configure the audit logging host
Reload the current flash image
Manage console properties
Logout or exit current session
Switch to ntp configuration mode
Switch to configuration mode
Manage the internal clock
server <ntp server ip> minpoll <time>
Configure external services
crypto-ssl certificate generate
Manage web server properties
web-management session-timeout <time>
fips enable common-criteria
fips show
Manage FIPS and Common Criteria
configuration
ip ssh pub-key-file
ip ssh idle-time <time>
Manage ip connection (e.g., ssh)
configuration
aaa authentication enable default tacacs+ local
aaa authentication login default tacacs+ local
aaa authentication web-server default local
Configure the aaa authentication functions
tacacs-server host <ipaddr> ssl-auth-port <port>
default
tacacs-server retransmit <retransmit period>
tacacs-server timeout <timeout period>
Configure TACACAS+ server
enable password-min-length 15
enable user password-masking
Enable console login features
show ver
show clock
show ip client-pub-key
show ip ssl
show logging
Show identified configuration information
Table 8 Security Related Configuration Commands
The TOE also provides a comprehensive set of network routing configuration commands. These commands were
not exercised as the above services in Table 8
represent the minimum set of commands needed to for proper
configuration.
Comentarios a estos manuales