When a user attempting to log into the administrative

This preview shows page 43 - 45 out of 57 pages.

When a user attempting to log into the administrative CLI reaches the administratively set maximum number of failed authentication attempts, the user will not be able to successfully authenticate to the TOE until a privileged administrator resets the user's number of failed login attempts through the administrative CLI. For IKE peers, the TOE denies access to the TOE based on failed Phase 1 authentication attempts when negotiating the Internet Key Exchange Protocol. FIA_UAU.4 The TOE correctly invokes an external authentication server to provide a single-use authentication mechanism by forwarding the authentication requests to the external authentication server (when configured by the TOE to provide single-use authentication). The TOE supports single-use authentication from RADIUS authentication servers. The TOE then takes the correct actions (to either allow or not allow any administrator access) based on authentication decisions provided by the external authentication server. In keeping with industry practice, the choice of authentication server is not mandated by this ST document. This is consistent with US PD-115. For peers connecting to the TOE through IKE/IPSec, the TOE uses the reuse prevention mechanisms included in IKE to provide single use authentication. FDP_IFC.1(1) The TOE enforces information flow policies on traffic through the TOE from unauthenticated IT entities. These policies are enforced on network packets that are
Image of page 43

Subscribe to view the full document.

Cisco ISR ST August 2011 44 TOE SFRs How the SFR is Met receive by TOE interfaces and leave the TOE through other TOE interfaces. When network packets are received on a TOE interface from an unauthenticated source, the TOE verifies whether the network traffic is allowed or not and performs one of the following actions, pass/not pass information. FDP_IFF.1(1) The privileged administrative user configures unauthenticated information flow policies for network traffic flowing through the TOE. These information flow policies consist of a zone pair describing from where traffic is initiated to where traffic is destined, and description of the operation (whether the traffic is allowed or not allowed through the zone pair), and the type of traffic for which the policy is applicable (Source IP address, destination IP address, transport layer protocol, and message type). A zone is a configurable group of TOE interfaces for which the policies are applied. When network traffic is received, the TOE identifies the zone pair which is applicable to the traffic. The TOE then examines the attributes of the packet and compares the traffic to the configured information flow policies for the associated zonepair. The TOE finally allows or does not allow the traffic to flow depending on the information flow policy for which the traffic meets.
Image of page 44
Image of page 45

{[ snackBarMessage ]}

Get FREE access by uploading your study materials

Upload your study materials now and get free access to over 25 million documents.

Upload now for FREE access Or pay now for instant access
Christopher Reinemann
"Before using Course Hero my grade was at 78%. By the end of the semester my grade was at 90%. I could not have done it without all the class material I found."
— Christopher R., University of Rhode Island '15, Course Hero Intern

Ask a question for free

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern