Cisco Cat4K NDPP ST
11 March 2014
EDCS-1228241
27
and create, delete, empty, and review the audit trail
All of these management functions are restricted to authorized administrators of the TOE.
The TOE switch platform maintains administrative privilege levels and supports non-
administrative connections. Non-administrative connections are established with
authenticated neighbor routers for the ability to transmit and receive routing table updates
per the information flow rules. No other access nor management functionality is
associated with non-administrative connections. The administrative privilege levels
include:
Administrators are assigned to privilege levels 0 and 1. Privilege levels 0 and 1
are defined by default and are customizable. These levels have a very limited
scope and access to CLI commands that include basic functions such as login,
show running system information, turn on/off privileged commands, logout.
Semi-privileged administrators equate to any privilege level that has a subset of
the privileges assigned to level 15; levels 2-14. These levels are undefined by
default and are customizable.
Privileged administrators are equivalent to full administrative access to the CLI,
which is the default access for IOS privilege level 15.
All management functions are restricted to the authorized administrator of the TOE. The
term “authorized administrator” is used in this ST to refer to any user account that has
been assigned to a privilege level that is permitted to perform the relevant action;
therefore has the appropriate privileges to perform the requested functions.
1.7.6 Protection of the TSF
The TOE protects against interference and tampering by untrusted subjects by
implementing identification, authentication and access controls to limit configuration to
authorized administrators. Additionally Cisco IOS is not a general-purpose operating
system and access to Cisco IOS memory space is restricted to only Cisco IOS functions.
The TOE provides secure transmission when TSF data is transmitted between the TOE
and other IT entities, such as remote administration via SSH and secure transmission of
audit logs to a syslog server via IPsec.
The TOE is also able to detect replay of information received via secure channels (e.g.
SSH, or IPsec). The detection applied to network packets that terminate at the TOE, such
as trusted communications between the administrators and the TOE, or between an IT
entity (e.g., authentication server) and the TOE. If replay is detected, the packets are
discarded.
In addition, the TOE internally maintains the date and time. This date and time is used as
the timestamp that is applied to audit records generated by the TOE. Administrators can
update the TOE’s clock manually, or can configure the TOE to use NTP to synchronize