Belkin F1DN102C Скачать руководство пользователя страница 43 | Manualshive

Страница: 43 / 63

background image

Belkin®

Secure

DVI

KVM

Switch,

Secure

KM

Switch

and

Secure

Windowing

KVM

EAL

4

augmented

ALC_FLR.3

Security

Target

Rev.

1.01

Page

|

43

6

Security

Requirements

This

section

defines

the

IT

security

requirements

that

shall

be

satisfied

by

the

TOE

or

its

environment.

The

CC

divides

TOE

security

requirements

into

two

categories:



Security

functional

requirements

(SFRs)

(such

as,

identification

and

authentication,

security

management,

and

user

data

protection)

that

the

TOE

and

the

supporting

evidence

need

to

satisfy

to

meet

the

security

objectives

of

the

TOE.



Security

assurance

requirements

(SARs)

that

provide

grounds

for

confidence

that

the

TOE

and

its

supporting

IT

environment

meet

its

security

objectives

(e.g.,

configuration

management,

testing,

and

vulnerability

assessment).

These

requirements

are

discussed

separately

within

the

following

subsections.

6.1

Security

Functional

Requirements

for

the

TOE

The

security

requirements

that

are

levied

on

the

TOE

are

specified

in

this

section

of

the

ST.

The

TOE

satisfies

the

SFRs

delineated

in

“Target

of

Evaluation

Security

Requirements,”

Section

5.1,

of

the

claimed

Protection

Profile.

The

SFRs

have

been

reproduced

here

for

convenience.

Functional

Component

ID

Functional

Component

Name

FDP_ETC.1

Export

of

User

Data

Without

Security

Attributes

FDP_IFC.1a

Subset

Information

Flow

Control

(Data

Separation)

FDP_IFC.1b

Subset

Information

Flow

Control

(Unidirectional

Data

Flow)

FDP_IFF.1a

Simple

Security

Attributes

(Data

Separation)

FDP_IFF.1b

Simple

Security

Attributes

(Unidirectional

Data

Flow)

FDP_ITC.1

Import

of

user

data

without

security

attributes

FMT_MSA.1

Management

of

security

attributes

FMT_MSA.3

Static

attribute

initialization

FPT_PHP.1

Passive

detection

of

physical

attack

FPT_PHP.3

Resistance

to

physical

attack

EXT_VIR.1

Visual

indication

rule

EXT_IUC.1

Invalid

USB

connection

EXT_ROM.1

Read

‐

Only

ROMs

«
...
41
42
43
44
45
...
»

Содержание F1DN102C

Страница 1: ...ugmented ALC_FLR 3 Security Target Rev 1 01 Page 1 Belkin Secure DVI KVM Switch Secure KM Switch and Secure Windowing KVM EAL 4 augmented ALC_FLR 3 Security Target Release Date July 16 2012 Document I...

Страница 2: ...ogical Scope of the TOE 16 1 4 Organization 17 1 5 Document Conventions 18 1 6 Document Terminology 18 1 6 1 ST Specific Terminology 18 1 6 2 Acronyms 22 2 Conformance Claims 23 2 1 Common Criteria Co...

Страница 3: ...Requirements 42 6 Security Requirements 43 6 1 Security Functional Requirements for the TOE 43 6 1 1 Class FDP User Data Protection 44 6 1 2 Class FMT Security Management 47 6 1 3 Class FPT Protectio...

Страница 4: ...witch Secure KM Switch and Secure Windowing KVM EAL 4 augmented ALC_FLR 3 Security Target Rev 1 01 Page 4 Document Revisions Rev Date Author Changes 1 01 July 16 2012 Carlos Del Toro Belkin Changed pr...

Страница 5: ...ions provided by the Target of Evaluation TOE that meet the set of requirements in Chapter 6 TOE Summary Specification The structure and content of this ST complies with the requirements specified in...

Страница 6: ...I KVM Switch w audio and CAC Model F1DN116C Ver 111111 Or Belkin Secure 4 port KM Switch w audio Model F1DN104K Ver 111111 Or Belkin Secure 8 port KM Switch w audio Model F1DN108K Ver 111111 Or Belkin...

Страница 7: ...tems such as Windows or Linux and have ports for USB keyboard USB mouse DVI I video DVI D video audio input and output and USB Common Access Card CAC or Smart Card reader The TOE is intended to be use...

Страница 8: ...that modern Secure KVM devices do not allow any electrical interface peripheral sharing in order to prevent certain attacks and therefore they are no longer simple switching devices Figure 1 Typical e...

Страница 9: ...er Unit DCU accessory and The accompanying User Guidance Updated User Guidance can be downloaded from the http www belkin com website at any time The evaluated TOE configuration does not include any p...

Страница 10: ...KM Switch and Secure Windowing KVM EAL 4 augmented ALC_FLR 3 Security Target Rev 1 01 Page 10 1 3 3 Evaluated Environment This table identifies hardware components and indicates whether or not each co...

Страница 11: ...w audio Model F1DN102F Or Belkin Secure 4 port DVI I KVM Switch w audio Model F1DN104B Or Belkin Secure 4 port DVI I KVM Switch w audio and CAC Model F1DN104G Or Belkin Secure 8 port DVI I KVM Switch...

Страница 12: ...ed ALC_FLR 3 Security Target Rev 1 01 Page 12 TOE Or Belkin Secure 4 port KM Switch w audio Model F1DN104K Or Belkin Secure 8 port KM Switch w audio Model F1DN108K Or Belkin Secure 4 port Windowing KV...

Страница 13: ...Lenovo keyboard SK 8825 L Shared Peripheral Port Group Member Environment USB User Authentication Device compatible with Precise 200 MC SCM SCR 335 Gemalto PC USB TR Belkin F1DN005U Shared Peripheral...

Страница 14: ...Audio black shielded 6 ft 180 cm F2E4141B10D D RT Belkin P N F2E4141B10DD RT Belkin Pro Series DVI D Dual Link M to M Cable shielded 10 ft 300 cm CWR05114 Belkin RJ 14 to RJ 14 DCU cable unshielded 6...

Страница 15: ...or DP monitor output support Operational Environmen t Host Computer resources Table 1 Evaluated TOE and Environment Components 1 3 4 Guidance Documents The following guidance documents are provided w...

Страница 16: ...onnected computers to be powered up at any time The white LEDs with colored light pipes in the TOE front panel called color chips indicate the selected computer channel The TOE provides the user with...

Страница 17: ...elevant terminology The introduction also provides a description of the TOE security functions as well as the physical and logical boundaries for the TOE the hardware and software that make up the TOE...

Страница 18: ...1 5 Document Conventions The CC defines four operations on security functional requirements The descriptions below define the conventions used in this ST to identify these operations When NIAP interpr...

Страница 19: ...the essential COMPUTER that is capable of providing INPUT to the essential COMPUTER or of receiving OUTPUT or both The term PERIPHERAL is sometimes used as a synonym for device or any INPUT OUTPUT uni...

Страница 20: ...ice that allows a single keyboard video monitor and mouse to be switched to any of a number of computers while the user can interact with multiple video outputs presented simultaneously on a single di...

Страница 21: ...e a mouse trackball joystick and touchpad Port An external socket for plugging in communications lines and or PERIPHERALS QUALIFIED USB device A USB device having a complete set of characteristics tha...

Страница 22: ...y Erasable Programmed Read Only Memory ID Identification IT Information Technology KVM Keyboard Video Mouse LCD Liquid Crystal Display LED Light Emitting Diode MAC Mandatory Access Control PSS Periphe...

Страница 23: ...tion Technology Security Evaluation Part 3 Security Assurance components conformant at EAL4 ALC_FLR 3 Version 3 1 Revision 3 dated July 2009 4 All International interpretations with effective dates on...

Страница 24: ...erred by the TOE USERS are AUTHORIZED USERS A MANAGE The TOE is installed and managed in accordance with the manufacturer s directions A NOEVIL The AUTHORIZED USER is non hostile and follows all usage...

Страница 25: ...and subsequent compromise of the data flowing through the TOE or the NETWORKS connected to its coupled COMPUTERS T SPOOF Via intentional or unintentional actions a USER may think the set of SHARED PER...

Страница 26: ...hreats addressed by the IT Operating Environment The Protection Profile claimed identifies no threats to the assets against which specific protection within the TOE environment is required 3 3 Organiz...

Страница 27: ...selected O ROM TOE software firmware shall be protected against unauthorized modification Embedded software must be contained in mask programmed or one time programmable read only memory or fuse prote...

Страница 28: ...age 28 and EDID data will flow only from PERIPHERAL DEVICES to the SWITCHED COUPLED COMPUTER O TAMPER The TOE Device provides unambiguous detection of physical tampering of the TSF s devices or TSF s...

Страница 29: ...nt by technical means Environment Security Objective Definition OE ACCESS The AUTHORIZED USER shall possess the necessary privileges to access the information transferred by the TOE USERS are AUTHORIZ...

Страница 30: ...t least one security objective for the TOE and that those security objectives counter the threats enforce the policies and uphold the assumptions Threats Policies Assumptions O CONF O INDICATE O ROM O...

Страница 31: ...TOE Console USB port Once such a device is detected any information from it will be ignored and will not be coupled to the connected COMPUTERs This objective will be valid for the TOE KEYBOARD POINTIN...

Страница 32: ...OG The TSF may be modified by an attacker such that code embedded in reprogrammable ROMs is overwritten thus leading to a compromise of the separation enforcing components of the code and subsequent c...

Страница 33: ...mbedded software must be contained in mask programmed fuse protected flash or one time programmable read only memory permanently attached non socketed to a circuit assembly O USBDETECT This objective...

Страница 34: ...that TOE software firmware will be protected against unauthorized modification by ensuring that embedded software is contained in read only memory This ensures that any ROM used in the TSF to hold emb...

Страница 35: ...g multiple COMPUTERS Information transferred to from one SWITCHED COMPUTER is not to be shared with any other COMPUTER O SWITCH The purpose of the TOE is to share a set of PERIPHERALS among multiple C...

Страница 36: ...COUPLED COMPUTER thereby preventing data transfer from connected COMPUTERS or NETWORKS to peripheral devices O TAMPER Tampering of the TOE may cause data to be transferred between COMPUTERS Detection...

Страница 37: ...ed and managed in accordance with the manufacturer s directions Restates the assumption A NOEVIL The AUTHORIZED USER is non hostile and follows all usage guidance OE NOEVIL The AUTHORIZED USER shall b...

Страница 38: ...DVI KVM Switch Secure KM Switch and Secure Windowing KVM EAL 4 augmented ALC_FLR 3 Security Target Rev 1 01 Page 38 4 4 Rationale for Organizational Policy Coverage There are no Organizational Policie...

Страница 39: ...xtended Visual indications Visual confirmation provides the user with important information regarding the current connection made through the TOE This allows the user to confirm that the data is being...

Страница 40: ...the TOE and the coupled COMPUTERS from inadvertent connection of an UNAUTHORIZED USB device 5 2 1 Invalid USB Connection EXT_IUC Family Behavior This family defines requirements for providing a means...

Страница 41: ...firmware may not be changed after TOE production All non volatile memory devices used must be soldered directly to the board not attached with a socket Family Behavior This family defines the read onl...

Страница 42: ...KM Switch and Secure Windowing KVM EAL 4 augmented ALC_FLR 3 Security Target Rev 1 01 Page 42 5 4 Rationale for Explicitly Stated Security Requirements The Explicit SFRs in this Security Target are f...

Страница 43: ...llowing subsections 6 1 Security Functional Requirements for the TOE The security requirements that are levied on the TOE are specified in this section of the ST The TOE satisfies the SFRs delineated...

Страница 44: ...aration Hierarchical to No other components Dependencies FDP_IFF 1a Simple security attributes FDP_IFC 1 1a The TSF shall enforce the Data Separation SFP on the set of PERIPHERAL PORT GROUPS and the b...

Страница 45: ...information via a controlled operation if the following rules hold Switching Rule KEYBOARD PERIPHERAL DATA and POINTING DEVICE PERIPHERAL DATA can flow to a PERIPHERAL PORT GROUP with a given ID only...

Страница 46: ...formation via a controlled operation if the following rules hold Unidirectional flow Rule KEYBOARD PERIPHERAL DATA POINTING DEVICE PERIPHERAL DATA and EDID PERIPHERAL DATA can flow only from the PERIP...

Страница 47: ...DP_ITC 1 3 The TSF shall enforce the following rules when importing user data controlled under the SFP from outside the TOE No additional rules 6 1 2 Class FMT Security Management 6 1 2 1 FMT_MSA 1 Ma...

Страница 48: ...ive initial values to override the default values when an object or information is created 6 1 3 Class FPT Protection of the TSF 6 1 3 1 FPT_PHP 1 Passive detection of physical attack Hierarchical to...

Страница 49: ...provided that is persistent for the duration of the CONNECTION Application Note Does not require tactile indicators but does not preclude their presence EXT_IUC 1 Invalid USB Connection Hierarchical...

Страница 50: ...unctional Requirements to Security Objectives and describes the applicable rationale based on direct reference from the claimed Protection Profile 6 3 1 TOE Security Functional Requirements Tracing Ra...

Страница 51: ...R data consists of HUMAN INTERFACE DEVICE control information Also included is configuration information such as KEYBOARD settings that must be reestablished each time the TOE switches between COMPUTE...

Страница 52: ...keyboard pointing device and EDID chip to a CONNECTED COMPUTER Unidirectional peripheral data flow is critical to assure that data confidentiality is maintained as it prevents data from entering the...

Страница 53: ...ry selection methods are used by most if not all current market products Automatic switching based on scanning shall not be used as a selection mechanism FMT_MSA 1 Management of Security Attributes FM...

Страница 54: ...an invalid USB connection the TOE will disable the connection and notify the user O UNIDIR TOE circuitry shall assure that USER KEYBOARD USER POINTING DEVICE and EDID data will flow only from PERIPHE...

Страница 55: ...ormal functionality after such an event FPT_PHP 1 Passive detection of physical attack FPT_PHP 3 Automatic response upon detection of physical attack FPT_PHP 1 The TOE is required to provide unambiguo...

Страница 56: ...FDP_IFC 1b FDP_IFF 1b Simple security attributes Yes FDP_IFC 1a Subset information flow control Yes FDP_IFF 1a FMT_MSA 3 Static attribute initialization Yes FDP_IFC 1b Subset information flow control...

Страница 57: ...1 Specification of management functions The TOE is not required to associate USERS with roles hence there is only one role that of USER This deleted requirement a dependency of FMT_MSA 1 and FMT_MSA...

Страница 58: ...4 Product support acceptance procedures and automation ALC_CMS 4 Problem tracking CM coverage ALC_DEL 1 Delivery procedures ALC_DVS 1 Identification of security measures ALC_FLR 3 Systematic Flaw Reme...

Страница 59: ...ependently assured security The chosen assurance level is consistent with the threat environment where an attacker may be assumed to have an attack potential of Enhanced Basic This has been augmented...

Страница 60: ...nce that data confidentiality will be maintained even when targeted attacks are launched against the TOE The TOE design does not mix PERIPHERAL DATA having different IDs or security attributes and the...

Страница 61: ...s completed 2 If the TOE anti tampering system was triggered by an enclosure intrusion attempt The TOE will transition to normal TOE operation on default channel one following a passed self test The T...

Страница 62: ...state the user is unable to pass any information through the TOE to any COMPUTER and user DISPLAYS are blank Since the TOE becomes unusable the user will require replacement of the TOE This ensures t...

Страница 63: ...ttempt to access these memory chips is not possible without causing permanent damage to the TOE Functional Requirements Satisfied EXT_ROM 1 7 6 Audio Output Switching Function Clarification This parag...

Отзывы:

Нет отзывов

Похожие инструкции для F1DN102C

DUB-H4 - Hub - USB

Бренд: D-Link Страницы: 4

Бренд: D-Link Страницы: 2

Бренд: AbleNet Страницы: 2

Бренд: Kathrein Страницы: 8

Бренд: Nayar Systems Страницы: 21

Бренд: Kathrein Страницы: 24

Бренд: Kasia Страницы: 5

Бренд: Kramer Страницы: 2

Бренд: Audio Authority Страницы: 12

EX ZS 92 S 22 VD F

Бренд: steute Страницы: 28

Бренд: Cablematic Страницы: 8

Бренд: H3C Страницы: 57

Бренд: Nextech Страницы: 4

Бренд: Steren Страницы: 13

Бренд: BluStream Страницы: 4

Бренд: Konig Страницы: 40

Бренд: Broadcast Pix Страницы: 478

Smart-Switch/801 FEP-30109T-C

Бренд: UNICOM Страницы: 22

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды