Chapter7RATIONALE
OBJECTIVESSFRRationale
lFTP_ITC.2(2)requiresthatatrustedchannel
betweentheTSFandtheRADIUS/TACACS+
beprovidedforuserauthentication.
O.MEDIATE
TheTOEshallcontroltheowofinformation
amongitsnetworkconnectionsaccordingto
routingrulesandBGPv4/OSPFv2/IS-IS/RIPv2
routingprotocol
Thisobjectiveismetby:
lFDP_IFC.1(1)identiestheentitiesinvolved
intheunauthenticatedInformationFlow
ControlSFP(i.e.externalITentitiessending
packets).
lFDP_IFF.1(1)identiestheconditions
underwhichinformationispermittedto
owbetweenentities(theunauthenticated
InformationFlowControlSFP).
lFDP_IFC.1(2)identiestheentitiesinvolved
intheexportInformationFlowControlSFP
(i.e.externalITentitiessendingpackets).
lFDP_IFF.1(2)identiestheconditions
underwhichinformationispermittedtoow
betweenentities(theexportInformationFlow
ControlSFP).
lFMT_MSA.1restrictstheabilitytomodify,
delete,orquerytheparametersforthe
unauthenticatedSFPtoanadministrator.
lFMT_MSA.3ensuresthatthereisa
default-denypolicyfortheunauthorizedSFP .
O.TOE_ACCESS
TheTOEwillprovidemechanismsthatcontrolan
administrator’slogicalaccesstotheTOEandto
explicitlydenyaccesstospecicadministrators
whenappropriate.
Thisobjectiveismetby:
lFTA_SSL.3TheTOEwillterminatean
interactivesessionafteranadministrator
denedtimeintervalofadministrator
inactivity.
lFTA_TSE.1providesrequirementsfor
denyinguser’saccesstotheTOEbasedon
attributes.
lFTP_ITC.1(1)requiresthatatrustedchannel
betweentheTSFandtheremoteclientbe
providedforremoteadministration.
O.ROUTE
TheTOEshallbeabletoacceptrouting
datafromtrustedroutersaccordingto
BGPv4/OSPFv2/IS-IS/RIPv2.
Thisobjectiveismetby:
lFDP_UIT.1transmitsandreceivesrouting
datato/fromtrustedroutersinamanner
protectedfrommodication,insertionand
replayerrors.
7-5
SJ-20110815105844-030|2011/08/19(R1.6)ZTECORPORATION
To Next Page
Loading...
