Zte ZXR10 M6000 Series - TOE Access; User Data Protection

Zte ZXR10 M6000 Series

57 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

Chapter6TOESUMMARYSPECIFICATION

executecommandsallowedbyhisprivilegelevelandcannotexecutecommandsofhigher

level.

6.1.4TOEAccess

Mechanismsplacecontrolsonadministrator’ssessions.Localandremoteadministrator’s

sessionsaredroppedafteranAdministrator-denedtimeperiodofinactivity.Droppingthe

connectionofalocalandremotesession(afterthespeciedtimeperiod)reducestherisk

ofsomeoneaccessingthelocalandremotemachineswherethesessionwasestablished,

thusgainingunauthorizedaccesstothesession.

lFTA_SSL.3TSF-initiatedtermination

TheTOEallowsconguringlogincontrolparametersforconsoleandremoteadministration

sessions.

TheTOEhastheabilitytoterminatestaleconnections.TheTOEterminatesinteractive

sessionafteranadministratordenedperiodofinactivitywithadefaultvalueof2minutes,

andwithinarangeof1to1000minutes.AndtheTOEcanconguremandatorytermination

absolute-timewithinfrom1to10000minuteswithadefaultvalueof1440minutes.

Thisidle-timeparametercongurestheidletimeoutforconsole,orremotesessionsbefore

thesessionisterminatedbythesystem.Theidle-timeandabsolute-timewouldreduce

thechancefortheunauthorizedadministratorstoaccesstheTOEthroughanunattended

openedsession.Bydefault,anidleconsole,orremotesessiontimesoutafter2minutes

ofinactivity.Thistimerissetforallsession.

lFTA_TSE.1TOEsessionestablishment

TheTOEwilldenysessionestablishmentafterthecongurednumber(1~15)ofactive

sessionsisreached.AnadministratorcancongureACLstorefusetoestablishmentofa

connection,toensureonlyconnectionsfromtrustedaddressorportistrustable.

TheTOEhasadirectconnectionviathephysicalRS232consoleinterfaceandaremote

consoleconnectiontoperformsecuritymanagementfunctions.

6.1.5Userdataprotection

TheTOEprovidesanInformationFlowControlmechanismthatsupportscontrolofthe

owoftrafcgeneratedbythenetworkdevices.TheInformationFlowControlPoliciesare

conguredoneachnetworkdevicestoallowtrafctoonlyowbetweentheauthorized

sourcesandauthorizeddestinations.AlsotheTOEprovideexportinglogtoSYSLOGand

SNMPservers.

lFDP_IFC.1(1)Subsetinformationowcontrol(unauthenticatedpolicy)

TheTOEenforcesanUNAUTHENTICATEDSFPwherebythenetworkpacketssentand/or

receivedthroughtheTOEtoITentity.

lFDP_IFC.1(2)Subsetinformationowcontrol(exportpolicy)

6-7

SJ-20110815105844-030|2011/08/19（R1.6）ZTECORPORATION

Table of Contents

Related product manuals

Preview: Zte ZXR10

Preview: Zte ZXR10 ZSR

Preview: Zte ZXR10 GER

Preview: Zte ZXR10 2600

Preview: Zte ZXR10 T600

Preview: Zte ZXR10 ZSR V2

Zte ZXR10 ZSR V2

Zte ZXR10 3800-8

Zte ZXR10 2800-4

Preview: Zte ZXR10 1800-2S

Zte ZXR10 1800-2S

Preview: Zte ZXR10 ZSR V2 Series

Zte ZXR10 ZSR V2 Series

Preview: Zte ZXHN F660

Preview: Zte ZXV10 W300