EasyManua.ls Logo

Zte ZXR10 M6000 Series - Identification & Authentication

Zte ZXR10 M6000 Series
57 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Chapter6TOESUMMARYSPECIFICATION
toaccesstheaudittrailstorage.Thereisnootherinterfacetoaccesstheaudittrail
storage.HowevertheaudittrailstoredintheSNMP/SYSLOGserverisnotprotected
bytheTOE;
TheTSFshalloverwritetheoldeststoredauditrecordsinashwhenthemaximum
allowednumberofloglesreached.
6.1.2Identification&Authentication
Authenticationservicescanbehandledeitherinternally(xedpasswords)orthroughan
externalauthenticationservice,suchasaRADIUSorTACACS+server.Anoperator’s
authenticationparametersmustbevalidbeforeaccessisgrantedtoadministrative
functions.
lFIA_AFL.1Authenticationfailurehandling(console)
Thefollowingisdenedbytheadministrator:(1)Thenumberofunsuccessfullogin
attemptsallowedforthespeciedtime.(2)Thelockoutperiodinminuteswherethe
administratorisnotallowedtologin
Whentheabovesituationissatised,thatadministratorislockedoutfromanyfurtherlogin
withinaspeciedperiodoftime.Howeverwithintheperiodoflockingtime,anadministrator
isallowedtounlockthelockedaccount.
Parametersaremodiablefromtheprovideddefaultvalues:
1.TheTOEdetectswhenunsuccessfulauthenticationattemptsmeetanadministrator
congurablepositiveinteger(withinarangeofvalues316)
2.Whenthedenednumberofunsuccessfulauthenticationattemptshasbeenmet,the
TOEwillattheoptionoftheAdministratorpreventactivitiesthatrequireauthentication
untilanactionistakenbytheAdministrator,oruntilanAdministratordenedtime
period(withinarangeofvalues1-1440minutes)haselapsed.
lFIA_SOS.1Vericationofsecrets
Thevericationsofsecretsapplytoallauthenticationmethods:localconsole,andremote
SSHadministration.
Thepasswordneedstosatisfythefollowingrequirements:
1.Aminimumlength(characters)default6andwithinarangeof3-32,
2.atleastoneupperandonelowercasecharacter;
3.atleastonenumericcharactermustbepresentinthepassword;and
4.atleastonespecialcharactermustbepresentinthepassword.Specialcharacters
include:
~!@#$%^&*()_+|{}:”<>?`-=\[];’,./.
HoweverthepasswordsspeciedinRADIUS/TACACS+serverarenotsetupthroughthe
TOE.SothisSFRisonlyenforcedwhenperforminglocalauthentication.
lFIA_UAU.2Userauthenticationbeforeanyaction
TheTOEisconguredtouseRADIUS,TACACS+,andlocal/remoteauthenticationto
validateadministratorsrequestingaccesstothenetwork.Thepasswordauthentication
6-3
SJ-20110815105844-030|2011/08/19R1.6ZTECORPORATION

Table of Contents

Related product manuals