Belkin F1DN102C Скачать руководство пользователя страница 27 | Manualshive

Страница: 27 / 63

background image

Belkin®

Secure

DVI

KVM

Switch,

Secure

KM

Switch

and

Secure

Windowing

KVM

EAL

4

augmented

ALC_FLR.3

Security

Target

Rev.

1.01

Page

|

27

4

Security

Objectives

This

chapter

describes

the

security

objectives

for

the

TOE

and

the

Operational

Environment.

The

security

objectives

are

divided

between

TOE

Security

Objectives

(for

example,

security

objectives

addressed

directly

by

the

TOE)

and

Security

Objectives

for

the

Operating

Environment

(for

example,

security

objectives

addressed

by

the

IT

domain

or

by

non

‐

technical

or

procedural

means).

4.1

Security

Objectives

for

the

TOE

This

section

defines

the

IT

security

objectives

that

are

to

be

addressed

by

the

TOE.

Security

Objective

Definition

O.CONF

The

TOE

shall

not

violate

the

confidentiality

of

information

which

it

processes

or

exposed

to.

Information

generated

within

any

PERIPHERAL

GROUP

COMPUTER

CONNECTION

shall

not

be

accessible

by

any

other

PERIPHERAL

GROUP

with

a

different

GROUP

ID.

O.INDICATE

The

AUTHORIZED

USER

shall

receive

an

unambiguous

indication

of

which

SWITCHED

COMPUTER

has

been

selected.

O.ROM

TOE

software/firmware

shall

be

protected

against

unauthorized

modification.

Embedded

software

must

be

contained

in

mask

‐

programmed

or

one

‐

time

‐

programmable

read

‐

only

memory

or

fuse

protected

flash

permanently

attached

(non

‐

socketed)

to

a

circuit

assembly.

O.SELECT

An

explicit

action

by

the

AUTHORIZED

USER

shall

be

used

to

select

the

COMPUTER

to

which

the

shared

set

of

PERIPHERAL

DEVICES

user

inputs

are

routed

to;

Single

push

button,

multiple

push

buttons,

rotary

selection

or

mouse

button

methods

are

used

by

most

current

market

products.

Automatic

switching

based

on

scanning

shall

not

be

used

as

a

selection

mechanism.

O.SWITCH

All

DEVICES

except

for

User

Authentication

Device

in

a

SHARED

PERIPHERAL

GROUP

shall

be

CONNECTED

to

at

most

one

SWITCHED

COMPUTER

at

a

time

1

.

O.USBDETECT

The

TOE

shall

detect

any

USB

connection

that

is

not

a

pointing

device,

keyboard,

user

authentication

device

or

display

and

will

perform

no

interaction

with

that

device

after

the

initial

identification.

O.UNIDIR

TOE

circuitry

shall

assure

that

USER

KEYBOARD,

USER

POINTING

DEVICE

1

This

objective

differs

slightly

from

the

O.SWITCH

objective

in

the

PP.

The

user

authentication

device

port

may

be

switched

independently

of

other

PERIPHERAL

GROUPS.

«
...
25
26
27
28
29
...
»

Содержание F1DN102C

Страница 1: ...ugmented ALC_FLR 3 Security Target Rev 1 01 Page 1 Belkin Secure DVI KVM Switch Secure KM Switch and Secure Windowing KVM EAL 4 augmented ALC_FLR 3 Security Target Release Date July 16 2012 Document I...

Страница 2: ...ogical Scope of the TOE 16 1 4 Organization 17 1 5 Document Conventions 18 1 6 Document Terminology 18 1 6 1 ST Specific Terminology 18 1 6 2 Acronyms 22 2 Conformance Claims 23 2 1 Common Criteria Co...

Страница 3: ...Requirements 42 6 Security Requirements 43 6 1 Security Functional Requirements for the TOE 43 6 1 1 Class FDP User Data Protection 44 6 1 2 Class FMT Security Management 47 6 1 3 Class FPT Protectio...

Страница 4: ...witch Secure KM Switch and Secure Windowing KVM EAL 4 augmented ALC_FLR 3 Security Target Rev 1 01 Page 4 Document Revisions Rev Date Author Changes 1 01 July 16 2012 Carlos Del Toro Belkin Changed pr...

Страница 5: ...ions provided by the Target of Evaluation TOE that meet the set of requirements in Chapter 6 TOE Summary Specification The structure and content of this ST complies with the requirements specified in...

Страница 6: ...I KVM Switch w audio and CAC Model F1DN116C Ver 111111 Or Belkin Secure 4 port KM Switch w audio Model F1DN104K Ver 111111 Or Belkin Secure 8 port KM Switch w audio Model F1DN108K Ver 111111 Or Belkin...

Страница 7: ...tems such as Windows or Linux and have ports for USB keyboard USB mouse DVI I video DVI D video audio input and output and USB Common Access Card CAC or Smart Card reader The TOE is intended to be use...

Страница 8: ...that modern Secure KVM devices do not allow any electrical interface peripheral sharing in order to prevent certain attacks and therefore they are no longer simple switching devices Figure 1 Typical e...

Страница 9: ...er Unit DCU accessory and The accompanying User Guidance Updated User Guidance can be downloaded from the http www belkin com website at any time The evaluated TOE configuration does not include any p...

Страница 10: ...KM Switch and Secure Windowing KVM EAL 4 augmented ALC_FLR 3 Security Target Rev 1 01 Page 10 1 3 3 Evaluated Environment This table identifies hardware components and indicates whether or not each co...

Страница 11: ...w audio Model F1DN102F Or Belkin Secure 4 port DVI I KVM Switch w audio Model F1DN104B Or Belkin Secure 4 port DVI I KVM Switch w audio and CAC Model F1DN104G Or Belkin Secure 8 port DVI I KVM Switch...

Страница 12: ...ed ALC_FLR 3 Security Target Rev 1 01 Page 12 TOE Or Belkin Secure 4 port KM Switch w audio Model F1DN104K Or Belkin Secure 8 port KM Switch w audio Model F1DN108K Or Belkin Secure 4 port Windowing KV...

Страница 13: ...Lenovo keyboard SK 8825 L Shared Peripheral Port Group Member Environment USB User Authentication Device compatible with Precise 200 MC SCM SCR 335 Gemalto PC USB TR Belkin F1DN005U Shared Peripheral...

Страница 14: ...Audio black shielded 6 ft 180 cm F2E4141B10D D RT Belkin P N F2E4141B10DD RT Belkin Pro Series DVI D Dual Link M to M Cable shielded 10 ft 300 cm CWR05114 Belkin RJ 14 to RJ 14 DCU cable unshielded 6...

Страница 15: ...or DP monitor output support Operational Environmen t Host Computer resources Table 1 Evaluated TOE and Environment Components 1 3 4 Guidance Documents The following guidance documents are provided w...

Страница 16: ...onnected computers to be powered up at any time The white LEDs with colored light pipes in the TOE front panel called color chips indicate the selected computer channel The TOE provides the user with...

Страница 17: ...elevant terminology The introduction also provides a description of the TOE security functions as well as the physical and logical boundaries for the TOE the hardware and software that make up the TOE...

Страница 18: ...1 5 Document Conventions The CC defines four operations on security functional requirements The descriptions below define the conventions used in this ST to identify these operations When NIAP interpr...

Страница 19: ...the essential COMPUTER that is capable of providing INPUT to the essential COMPUTER or of receiving OUTPUT or both The term PERIPHERAL is sometimes used as a synonym for device or any INPUT OUTPUT uni...

Страница 20: ...ice that allows a single keyboard video monitor and mouse to be switched to any of a number of computers while the user can interact with multiple video outputs presented simultaneously on a single di...

Страница 21: ...e a mouse trackball joystick and touchpad Port An external socket for plugging in communications lines and or PERIPHERALS QUALIFIED USB device A USB device having a complete set of characteristics tha...

Страница 22: ...y Erasable Programmed Read Only Memory ID Identification IT Information Technology KVM Keyboard Video Mouse LCD Liquid Crystal Display LED Light Emitting Diode MAC Mandatory Access Control PSS Periphe...

Страница 23: ...tion Technology Security Evaluation Part 3 Security Assurance components conformant at EAL4 ALC_FLR 3 Version 3 1 Revision 3 dated July 2009 4 All International interpretations with effective dates on...

Страница 24: ...erred by the TOE USERS are AUTHORIZED USERS A MANAGE The TOE is installed and managed in accordance with the manufacturer s directions A NOEVIL The AUTHORIZED USER is non hostile and follows all usage...

Страница 25: ...and subsequent compromise of the data flowing through the TOE or the NETWORKS connected to its coupled COMPUTERS T SPOOF Via intentional or unintentional actions a USER may think the set of SHARED PER...

Страница 26: ...hreats addressed by the IT Operating Environment The Protection Profile claimed identifies no threats to the assets against which specific protection within the TOE environment is required 3 3 Organiz...

Страница 27: ...selected O ROM TOE software firmware shall be protected against unauthorized modification Embedded software must be contained in mask programmed or one time programmable read only memory or fuse prote...

Страница 28: ...age 28 and EDID data will flow only from PERIPHERAL DEVICES to the SWITCHED COUPLED COMPUTER O TAMPER The TOE Device provides unambiguous detection of physical tampering of the TSF s devices or TSF s...

Страница 29: ...nt by technical means Environment Security Objective Definition OE ACCESS The AUTHORIZED USER shall possess the necessary privileges to access the information transferred by the TOE USERS are AUTHORIZ...

Страница 30: ...t least one security objective for the TOE and that those security objectives counter the threats enforce the policies and uphold the assumptions Threats Policies Assumptions O CONF O INDICATE O ROM O...

Страница 31: ...TOE Console USB port Once such a device is detected any information from it will be ignored and will not be coupled to the connected COMPUTERs This objective will be valid for the TOE KEYBOARD POINTIN...

Страница 32: ...OG The TSF may be modified by an attacker such that code embedded in reprogrammable ROMs is overwritten thus leading to a compromise of the separation enforcing components of the code and subsequent c...

Страница 33: ...mbedded software must be contained in mask programmed fuse protected flash or one time programmable read only memory permanently attached non socketed to a circuit assembly O USBDETECT This objective...

Страница 34: ...that TOE software firmware will be protected against unauthorized modification by ensuring that embedded software is contained in read only memory This ensures that any ROM used in the TSF to hold emb...

Страница 35: ...g multiple COMPUTERS Information transferred to from one SWITCHED COMPUTER is not to be shared with any other COMPUTER O SWITCH The purpose of the TOE is to share a set of PERIPHERALS among multiple C...

Страница 36: ...COUPLED COMPUTER thereby preventing data transfer from connected COMPUTERS or NETWORKS to peripheral devices O TAMPER Tampering of the TOE may cause data to be transferred between COMPUTERS Detection...

Страница 37: ...ed and managed in accordance with the manufacturer s directions Restates the assumption A NOEVIL The AUTHORIZED USER is non hostile and follows all usage guidance OE NOEVIL The AUTHORIZED USER shall b...

Страница 38: ...DVI KVM Switch Secure KM Switch and Secure Windowing KVM EAL 4 augmented ALC_FLR 3 Security Target Rev 1 01 Page 38 4 4 Rationale for Organizational Policy Coverage There are no Organizational Policie...

Страница 39: ...xtended Visual indications Visual confirmation provides the user with important information regarding the current connection made through the TOE This allows the user to confirm that the data is being...

Страница 40: ...the TOE and the coupled COMPUTERS from inadvertent connection of an UNAUTHORIZED USB device 5 2 1 Invalid USB Connection EXT_IUC Family Behavior This family defines requirements for providing a means...

Страница 41: ...firmware may not be changed after TOE production All non volatile memory devices used must be soldered directly to the board not attached with a socket Family Behavior This family defines the read onl...

Страница 42: ...KM Switch and Secure Windowing KVM EAL 4 augmented ALC_FLR 3 Security Target Rev 1 01 Page 42 5 4 Rationale for Explicitly Stated Security Requirements The Explicit SFRs in this Security Target are f...

Страница 43: ...llowing subsections 6 1 Security Functional Requirements for the TOE The security requirements that are levied on the TOE are specified in this section of the ST The TOE satisfies the SFRs delineated...

Страница 44: ...aration Hierarchical to No other components Dependencies FDP_IFF 1a Simple security attributes FDP_IFC 1 1a The TSF shall enforce the Data Separation SFP on the set of PERIPHERAL PORT GROUPS and the b...

Страница 45: ...information via a controlled operation if the following rules hold Switching Rule KEYBOARD PERIPHERAL DATA and POINTING DEVICE PERIPHERAL DATA can flow to a PERIPHERAL PORT GROUP with a given ID only...

Страница 46: ...formation via a controlled operation if the following rules hold Unidirectional flow Rule KEYBOARD PERIPHERAL DATA POINTING DEVICE PERIPHERAL DATA and EDID PERIPHERAL DATA can flow only from the PERIP...

Страница 47: ...DP_ITC 1 3 The TSF shall enforce the following rules when importing user data controlled under the SFP from outside the TOE No additional rules 6 1 2 Class FMT Security Management 6 1 2 1 FMT_MSA 1 Ma...

Страница 48: ...ive initial values to override the default values when an object or information is created 6 1 3 Class FPT Protection of the TSF 6 1 3 1 FPT_PHP 1 Passive detection of physical attack Hierarchical to...

Страница 49: ...provided that is persistent for the duration of the CONNECTION Application Note Does not require tactile indicators but does not preclude their presence EXT_IUC 1 Invalid USB Connection Hierarchical...

Страница 50: ...unctional Requirements to Security Objectives and describes the applicable rationale based on direct reference from the claimed Protection Profile 6 3 1 TOE Security Functional Requirements Tracing Ra...

Страница 51: ...R data consists of HUMAN INTERFACE DEVICE control information Also included is configuration information such as KEYBOARD settings that must be reestablished each time the TOE switches between COMPUTE...

Страница 52: ...keyboard pointing device and EDID chip to a CONNECTED COMPUTER Unidirectional peripheral data flow is critical to assure that data confidentiality is maintained as it prevents data from entering the...

Страница 53: ...ry selection methods are used by most if not all current market products Automatic switching based on scanning shall not be used as a selection mechanism FMT_MSA 1 Management of Security Attributes FM...

Страница 54: ...an invalid USB connection the TOE will disable the connection and notify the user O UNIDIR TOE circuitry shall assure that USER KEYBOARD USER POINTING DEVICE and EDID data will flow only from PERIPHE...

Страница 55: ...ormal functionality after such an event FPT_PHP 1 Passive detection of physical attack FPT_PHP 3 Automatic response upon detection of physical attack FPT_PHP 1 The TOE is required to provide unambiguo...

Страница 56: ...FDP_IFC 1b FDP_IFF 1b Simple security attributes Yes FDP_IFC 1a Subset information flow control Yes FDP_IFF 1a FMT_MSA 3 Static attribute initialization Yes FDP_IFC 1b Subset information flow control...

Страница 57: ...1 Specification of management functions The TOE is not required to associate USERS with roles hence there is only one role that of USER This deleted requirement a dependency of FMT_MSA 1 and FMT_MSA...

Страница 58: ...4 Product support acceptance procedures and automation ALC_CMS 4 Problem tracking CM coverage ALC_DEL 1 Delivery procedures ALC_DVS 1 Identification of security measures ALC_FLR 3 Systematic Flaw Reme...

Страница 59: ...ependently assured security The chosen assurance level is consistent with the threat environment where an attacker may be assumed to have an attack potential of Enhanced Basic This has been augmented...

Страница 60: ...nce that data confidentiality will be maintained even when targeted attacks are launched against the TOE The TOE design does not mix PERIPHERAL DATA having different IDs or security attributes and the...

Страница 61: ...s completed 2 If the TOE anti tampering system was triggered by an enclosure intrusion attempt The TOE will transition to normal TOE operation on default channel one following a passed self test The T...

Страница 62: ...state the user is unable to pass any information through the TOE to any COMPUTER and user DISPLAYS are blank Since the TOE becomes unusable the user will require replacement of the TOE This ensures t...

Страница 63: ...ttempt to access these memory chips is not possible without causing permanent damage to the TOE Functional Requirements Satisfied EXT_ROM 1 7 6 Audio Output Switching Function Clarification This parag...

Отзывы:

Нет отзывов

Похожие инструкции для F1DN102C

Бренд: Water Witch Страницы: 2

Бренд: National Instruments Страницы: 32

Бренд: Panio Страницы: 5

QuantaMesh T4000 Series

Бренд: QCT Страницы: 41

Бренд: WTI Страницы: 56

Бренд: Maipu Страницы: 135

Бренд: Lantech Страницы: 29

Бренд: TRENDnet Страницы: 2

Бренд: Sven Страницы: 4

Бренд: National Instruments Страницы: 23

N.JGS516PE-100EUS

Бренд: Duxbury Networking Страницы: 4

Бренд: Watt Stopper Страницы: 2

FASTHOME 550-030

Бренд: Steren Страницы: 4

Бренд: Qvis Страницы: 7

AMX Switch Series

Бренд: Avocent Страницы: 236

Бренд: Netis Страницы: 9

Бренд: SDMO Страницы: 24

Бренд: Monoprice Страницы: 4

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды