McAfee HARDWARE 1.4 Przewodnik Instalacji Pobierz pdf (Strona 32)

McAfee Email Gateway

Security Target

McAfee Incorporated

Page 32 of 61

Component levelling

FCS_SSH_EXT.1 places specific requirements on the implementation of SSH.

Management: FCS_SSH_EXT.1

No management activities are foreseen.

Audit: FCS_SSH_EXT.1

The following actions should be auditable if FAU_GEN Security audit data generation is included in the

PP/ST:

a) Minimal: Failure to establish an SSH session,

b) Basic: Establishment and termination of an SSH session.

FCS_SSH_EXT.1 SSH

Hierarchical to: No other components

Dependencies: No dependencies

FCS_SSH_EXT.1.1 The TSF shall implement the SSH protocol that complies with RFCs 4251, 4252,

4253, and 4254.

FCS_SSH_EXT.1.2 The TSF shall ensure that the SSH protocol implementation supports the

following authentication methods as described in RFC 4252: public key-based,

password-based.

FCS_SSH_EXT.1.3 The TSF shall ensure that, as described in RFC 4253, packets greater than

[assignment: number of bytes] bytes in an SSH transport connection are dropped.

FCS_SSH_EXT.1.4 The TSF shall ensure that the SSH transport implementation uses the following

encryption algorithms: AES-CBC-128, AES-CBC-256 [selection:

AEAD_AES_128_GCM, AEAD_AES_256_GCM, no other algorithms].

FCS_SSH_EXT.1.5 The TSF shall ensure that the SSH transport implementation uses SSH-RSA and

[selection: PGP-SIGN-RSA, PGP-SIGN-DSS, no other public key algorithms] as its

public key algorithm(s).

FCS_SSH_EXT.1.6 The TSF shall ensure that data integrity algorithms used in SSH transport

connection is [selection: hmac-sha1, hmac-sha1-96, hmac-md5, hmac-md5-96].

FCS_SSH_EXT.1.7 The TSF shall ensure that diffie-hellman-group14-sha1 is the only allowed key

exchange method used for the SSH protocol.

5.1.6 TLS (FCS_TLS)

Family behaviour

FCS_SSH SSH

EXT.1

1 2 ... 27 28 29 30 31 32 33 34 35 36 37 ... 60 61

Brak uwag

McAfee HARDWARE 1.4 Przewodnik Instalacji Strona 32