Zte ZXR10 M6000 Series - Security Management

Zte ZXR10 M6000 Series

57 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

ZXR10M6000&T8000&8900ESecurityTarget

isprocessedbetweenRADIUSandlocalorTACACS+andlocalpasswordsare

specicallycongured.TheorderofTACACS+andlocalcanbecongured.Theallowed

authenticationmodelsarelistedbelow:

1.Localonly

2.RADIUSonly

3.TACAS+only

4.RADIUSrst,ifRADIUSnotresponsethenlocalauthentication

5.TACACS+rst,ifTACACS+notresponsethenlocalauthentication

6.Localrst,iflocalauthenticationfailedthenRADIUSauthentication

7.Localrst,iflocalauthenticationfailedthenTACACS+authentication

Authenticationvalidatesanadministratornameandpasswordcombinationwhenan

administratorattemptstologin.Whenanadministratorattemptstologin,theTOEsends

anaccessrequesttoaRADIUS,TACACS+,orlocaldatabase.

lFIA_UID.2Useridenticationbeforeanyaction

TheTOEvalidatesanadministratornameandpasswordcombinationwhenan

administratorattemptstologin

lFIA_UAU.5Multipleauthenticationmechanisms

TheTOEsoftwaresupportsthreekindsofuserauthenticationmethods:Local

Authentication,RemoteAuthenticationDial-InUserService(RADIUS)andTerminal

AccessControllerAccessControlSystemPlus(TACACS+).Authenticationmechanism

canbecongured.Administratorcanbeauthenticatedanyoftheaboveauthentication

mechanismsbasedonthespecicationbyauthentication.

6.1.3SecurityManagement

TheTOEprovidesadministratorswiththecapabilitiestocongure,monitorandmanage

theTOEtofullltheSecurityObjectives.SecurityManagementprinciplesrelatetoSecurity

AuditandInformationFlowControl.AdministratorsconguretheTOEviaremote/localCLI.

lFMT_MTD.1ManagementofTSFData

ManagementofTSFData(CongurationItemandFilteringRule):TheTOErestricts

theabilitytoadministertheroutercongurationitemandlteringrule.TheCLIprovidesa

text-basedinterfacefromwhichtheroutercongurationcanbemanagedandmaintained.

Fromthisinterface,allTOEfunctionssuchasBGPv4,RIPv2IS-ISandOSPFv2protocols

canbemanaged.TheTOEautomaticallyroutestrafcbasedonavailablerouting

information,muchofwhichisautomaticallycollectedfromtheTOEenvironment.

ThisCLIinterfacealsoprovidestheadministratorwiththeabilitytocongureanexternal

authenticationserver,suchasaRADIUSorTACACS+server.Whenthisisassigned,

ausercanbeauthenticatedtotheexternalserverinsteadofdirectlytotheTOE.If

authentication-orderincludesRADIUSorTACACS+,thenthesewillbeconsultedinthe

conguredorderforallusers.

ManagementofTSFData(Date/time):TheTOEwillallowonlyanadministratortomodify

thedate/timesettingontheappliance.

6-4

SJ-20110815105844-030|2011/08/19（R1.6）ZTECORPORATION

Table of Contents

Related product manuals

Preview: Zte ZXR10

Preview: Zte ZXR10 ZSR

Preview: Zte ZXR10 GER

Preview: Zte ZXR10 2600

Preview: Zte ZXR10 T600

Preview: Zte ZXR10 ZSR V2

Zte ZXR10 ZSR V2

Zte ZXR10 3800-8

Zte ZXR10 2800-4

Preview: Zte ZXR10 1800-2S

Zte ZXR10 1800-2S

Preview: Zte ZXR10 ZSR V2 Series

Zte ZXR10 ZSR V2 Series

Preview: Zte ZXHN F660

Preview: Zte ZXV10 W300