EasyManua.ls Logo

Zte ZXR10 M6000 Series - Page 39

Zte ZXR10 M6000 Series
57 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Chapter6TOESUMMARYSPECIFICATION
ManagementofTSFData(Auditlogs):TheTOEcanbeconguredtoclearauditlogs
andspecifytheloglevelbyanadministrator.
ManagementofTSFData(UserAccount):TheTOErestrictstheabilitytoadminister
userdatatoonlyadministrators.TheCLIprovidesadministratorswithatext-based
interfacefromwhichalluserdatacanbemanaged.Fromthisinterfacenewaccountscan
becreated,andexistingaccountscanbemodiedordeleted.
lFMT_MOF.1Managementofsecurityfunctionsbehavior
Theadministratorwillperformthefollowing:
1.CongureadministratorprolesusedtodenyorpermitaccesstoCLIcommandtree
permissions,orspecicCLIcommands.
2.Congureauthenticationfailurehandlingcongurableintegerofunsuccessful
authenticationattemptswithincongurablerangeoftime,andcongurablelockout
periodoftimethatoccursrelatedtoaadministrator’sauthentication.
3.Congureauthentication-orderforlocal,RADIUSandTACACS+authentication
EnablesRADIUSorTACACS+(TOEclient-side).
4.Congurepasswordcomplexity[numeric][special-character][capital][lowercase]and
congurepasswordminimum-lengthvalue.
5.CongureACLsandcontrolswhere(e.g.,fromaspecicnetworkaddressorlocal
managementinterface)administrators,andauthorizedITentitiesaccesstheTOE.
6.Conguresauditlogs.
7.CongureSNMP/SYSLOG
8.CongureNTP
9.Congureanti-DoSattack
10.CongureURPF
11.CongureCPUprotectionpolicies
lFMT_MSA.1Managementofsecurityattributes
Simplesecurityattributes(unauthenticatedpolicy)
Theadministratorspeciesinformationowpolicyrules(i.e.,routingprotocolsand
ingress/egresstrafclteringandpeerltering)thatcontaininformationsecurityattribute
values,andassociatewiththatruleanactionthatpermitstheinformationowordisallows
theinformationow.Whenapacketarrivesatthesourceinterface,theinformation
securityattributevaluesofthepacketarecomparedtoeachinformationowpolicyrule
andwhenamatchisfoundtheactionspeciedbythatruleistaken.
Subjectandinformationsecurityattributesusedare:
1.IPnetworkaddressandportofsourcesubject;
2.IPnetworkaddressandportofdestinationsubject;
3.transportlayerprotocolandtheiragsandattributes(UDP ,TCP);
4.networklayerprotocol(IP ,ICMP);
5.interfaceonwhichtrafcarrivesanddeparts;and
6.routingprotocolsandtheircongurationandstate.
Simplesecurityattributes(exportpolicy)
6-5
SJ-20110815105844-030|2011/08/19R1.6ZTECORPORATION

Table of Contents

Related product manuals