Belkin F1DN102C Скачать руководство пользователя страница 51 | Manualshive

Страница: 51 / 63

background image

Belkin®

Secure

DVI

KVM

Switch,

Secure

KM

Switch

and

Secure

Windowing

KVM

EAL

4

augmented

ALC_FLR.3

Security

Target

Rev.

1.01

Page

|

51

Table

11:

SFR

and

Security

Objectives

Mapping

Objective

SFR

Addressing

the

Objective

Rationale

O.CONF

The

TOE

shall

not

violate

the

confidentiality

of

information,

which

it

processes.

Information

generated

within

any

PERIPHERAL

GROUP

COMPUTER

CONNECTION

shall

not

be

accessible

by

any

other

PERIPHERAL

GROUP

‐

COMPUTER

CONNECTION

FDP_ETC.1

(Export

of

User

Data

Without

Security

Attributes)

FDP_IFC.1a

(Subset

Information

Flow

Control)

FDP_IFC.1b

(Subset

Information

Flow

Control

‐

Unidirectional

Data

Flow)

FDP_ETC.1:

In

typical

TOE

applications,

USER

data

consists

of

HUMAN

INTERFACE

DEVICE

control

information.

Also

included

is

configuration

information

such

as

KEYBOARD

settings

that

must

be

reestablished

each

time

the

TOE

switches

between

COMPUTERS.

These

DEVICES

neither

expect

nor

require

any

security

ATTRIBUTE

information.

The

information

content

of

the

data

passed

through

a

CONNECTION

is

ignored.

Note

that

although

this

SFR

appears

in

the

claimed

Protection

Profile,

it

is

not

applicable

specifically

for

the

TOE

as

it

does

not

handle

HUMAN

INTERFACE

DEVICE

control

information

or

states.

FDP_IFC.1a:

This

captures

the

policy

that

no

information

flows

between

different

PERIPHERAL

PORT

GROUP

IDS.

FDP_IFC.1b:

This

captures

the

policy

that

HUMAN

INTERFACE

DEVICE

data

can

flow

only

from

a

device

to

a

selected

COMPUTER,

thus

preventing

data

from

one

COMPUTER

flowing

through

the

TOE

to

another

COMPUTER.

FDP_IFF.1a:

«
...
49
50
51
52
53
...
»

Содержание F1DN102C

Страница 1: ...ugmented ALC_FLR 3 Security Target Rev 1 01 Page 1 Belkin Secure DVI KVM Switch Secure KM Switch and Secure Windowing KVM EAL 4 augmented ALC_FLR 3 Security Target Release Date July 16 2012 Document I...

Страница 2: ...ogical Scope of the TOE 16 1 4 Organization 17 1 5 Document Conventions 18 1 6 Document Terminology 18 1 6 1 ST Specific Terminology 18 1 6 2 Acronyms 22 2 Conformance Claims 23 2 1 Common Criteria Co...

Страница 3: ...Requirements 42 6 Security Requirements 43 6 1 Security Functional Requirements for the TOE 43 6 1 1 Class FDP User Data Protection 44 6 1 2 Class FMT Security Management 47 6 1 3 Class FPT Protectio...

Страница 4: ...witch Secure KM Switch and Secure Windowing KVM EAL 4 augmented ALC_FLR 3 Security Target Rev 1 01 Page 4 Document Revisions Rev Date Author Changes 1 01 July 16 2012 Carlos Del Toro Belkin Changed pr...

Страница 5: ...ions provided by the Target of Evaluation TOE that meet the set of requirements in Chapter 6 TOE Summary Specification The structure and content of this ST complies with the requirements specified in...

Страница 6: ...I KVM Switch w audio and CAC Model F1DN116C Ver 111111 Or Belkin Secure 4 port KM Switch w audio Model F1DN104K Ver 111111 Or Belkin Secure 8 port KM Switch w audio Model F1DN108K Ver 111111 Or Belkin...

Страница 7: ...tems such as Windows or Linux and have ports for USB keyboard USB mouse DVI I video DVI D video audio input and output and USB Common Access Card CAC or Smart Card reader The TOE is intended to be use...

Страница 8: ...that modern Secure KVM devices do not allow any electrical interface peripheral sharing in order to prevent certain attacks and therefore they are no longer simple switching devices Figure 1 Typical e...

Страница 9: ...er Unit DCU accessory and The accompanying User Guidance Updated User Guidance can be downloaded from the http www belkin com website at any time The evaluated TOE configuration does not include any p...

Страница 10: ...KM Switch and Secure Windowing KVM EAL 4 augmented ALC_FLR 3 Security Target Rev 1 01 Page 10 1 3 3 Evaluated Environment This table identifies hardware components and indicates whether or not each co...

Страница 11: ...w audio Model F1DN102F Or Belkin Secure 4 port DVI I KVM Switch w audio Model F1DN104B Or Belkin Secure 4 port DVI I KVM Switch w audio and CAC Model F1DN104G Or Belkin Secure 8 port DVI I KVM Switch...

Страница 12: ...ed ALC_FLR 3 Security Target Rev 1 01 Page 12 TOE Or Belkin Secure 4 port KM Switch w audio Model F1DN104K Or Belkin Secure 8 port KM Switch w audio Model F1DN108K Or Belkin Secure 4 port Windowing KV...

Страница 13: ...Lenovo keyboard SK 8825 L Shared Peripheral Port Group Member Environment USB User Authentication Device compatible with Precise 200 MC SCM SCR 335 Gemalto PC USB TR Belkin F1DN005U Shared Peripheral...

Страница 14: ...Audio black shielded 6 ft 180 cm F2E4141B10D D RT Belkin P N F2E4141B10DD RT Belkin Pro Series DVI D Dual Link M to M Cable shielded 10 ft 300 cm CWR05114 Belkin RJ 14 to RJ 14 DCU cable unshielded 6...

Страница 15: ...or DP monitor output support Operational Environmen t Host Computer resources Table 1 Evaluated TOE and Environment Components 1 3 4 Guidance Documents The following guidance documents are provided w...

Страница 16: ...onnected computers to be powered up at any time The white LEDs with colored light pipes in the TOE front panel called color chips indicate the selected computer channel The TOE provides the user with...

Страница 17: ...elevant terminology The introduction also provides a description of the TOE security functions as well as the physical and logical boundaries for the TOE the hardware and software that make up the TOE...

Страница 18: ...1 5 Document Conventions The CC defines four operations on security functional requirements The descriptions below define the conventions used in this ST to identify these operations When NIAP interpr...

Страница 19: ...the essential COMPUTER that is capable of providing INPUT to the essential COMPUTER or of receiving OUTPUT or both The term PERIPHERAL is sometimes used as a synonym for device or any INPUT OUTPUT uni...

Страница 20: ...ice that allows a single keyboard video monitor and mouse to be switched to any of a number of computers while the user can interact with multiple video outputs presented simultaneously on a single di...

Страница 21: ...e a mouse trackball joystick and touchpad Port An external socket for plugging in communications lines and or PERIPHERALS QUALIFIED USB device A USB device having a complete set of characteristics tha...

Страница 22: ...y Erasable Programmed Read Only Memory ID Identification IT Information Technology KVM Keyboard Video Mouse LCD Liquid Crystal Display LED Light Emitting Diode MAC Mandatory Access Control PSS Periphe...

Страница 23: ...tion Technology Security Evaluation Part 3 Security Assurance components conformant at EAL4 ALC_FLR 3 Version 3 1 Revision 3 dated July 2009 4 All International interpretations with effective dates on...

Страница 24: ...erred by the TOE USERS are AUTHORIZED USERS A MANAGE The TOE is installed and managed in accordance with the manufacturer s directions A NOEVIL The AUTHORIZED USER is non hostile and follows all usage...

Страница 25: ...and subsequent compromise of the data flowing through the TOE or the NETWORKS connected to its coupled COMPUTERS T SPOOF Via intentional or unintentional actions a USER may think the set of SHARED PER...

Страница 26: ...hreats addressed by the IT Operating Environment The Protection Profile claimed identifies no threats to the assets against which specific protection within the TOE environment is required 3 3 Organiz...

Страница 27: ...selected O ROM TOE software firmware shall be protected against unauthorized modification Embedded software must be contained in mask programmed or one time programmable read only memory or fuse prote...

Страница 28: ...age 28 and EDID data will flow only from PERIPHERAL DEVICES to the SWITCHED COUPLED COMPUTER O TAMPER The TOE Device provides unambiguous detection of physical tampering of the TSF s devices or TSF s...

Страница 29: ...nt by technical means Environment Security Objective Definition OE ACCESS The AUTHORIZED USER shall possess the necessary privileges to access the information transferred by the TOE USERS are AUTHORIZ...

Страница 30: ...t least one security objective for the TOE and that those security objectives counter the threats enforce the policies and uphold the assumptions Threats Policies Assumptions O CONF O INDICATE O ROM O...

Страница 31: ...TOE Console USB port Once such a device is detected any information from it will be ignored and will not be coupled to the connected COMPUTERs This objective will be valid for the TOE KEYBOARD POINTIN...

Страница 32: ...OG The TSF may be modified by an attacker such that code embedded in reprogrammable ROMs is overwritten thus leading to a compromise of the separation enforcing components of the code and subsequent c...

Страница 33: ...mbedded software must be contained in mask programmed fuse protected flash or one time programmable read only memory permanently attached non socketed to a circuit assembly O USBDETECT This objective...

Страница 34: ...that TOE software firmware will be protected against unauthorized modification by ensuring that embedded software is contained in read only memory This ensures that any ROM used in the TSF to hold emb...

Страница 35: ...g multiple COMPUTERS Information transferred to from one SWITCHED COMPUTER is not to be shared with any other COMPUTER O SWITCH The purpose of the TOE is to share a set of PERIPHERALS among multiple C...

Страница 36: ...COUPLED COMPUTER thereby preventing data transfer from connected COMPUTERS or NETWORKS to peripheral devices O TAMPER Tampering of the TOE may cause data to be transferred between COMPUTERS Detection...

Страница 37: ...ed and managed in accordance with the manufacturer s directions Restates the assumption A NOEVIL The AUTHORIZED USER is non hostile and follows all usage guidance OE NOEVIL The AUTHORIZED USER shall b...

Страница 38: ...DVI KVM Switch Secure KM Switch and Secure Windowing KVM EAL 4 augmented ALC_FLR 3 Security Target Rev 1 01 Page 38 4 4 Rationale for Organizational Policy Coverage There are no Organizational Policie...

Страница 39: ...xtended Visual indications Visual confirmation provides the user with important information regarding the current connection made through the TOE This allows the user to confirm that the data is being...

Страница 40: ...the TOE and the coupled COMPUTERS from inadvertent connection of an UNAUTHORIZED USB device 5 2 1 Invalid USB Connection EXT_IUC Family Behavior This family defines requirements for providing a means...

Страница 41: ...firmware may not be changed after TOE production All non volatile memory devices used must be soldered directly to the board not attached with a socket Family Behavior This family defines the read onl...

Страница 42: ...KM Switch and Secure Windowing KVM EAL 4 augmented ALC_FLR 3 Security Target Rev 1 01 Page 42 5 4 Rationale for Explicitly Stated Security Requirements The Explicit SFRs in this Security Target are f...

Страница 43: ...llowing subsections 6 1 Security Functional Requirements for the TOE The security requirements that are levied on the TOE are specified in this section of the ST The TOE satisfies the SFRs delineated...

Страница 44: ...aration Hierarchical to No other components Dependencies FDP_IFF 1a Simple security attributes FDP_IFC 1 1a The TSF shall enforce the Data Separation SFP on the set of PERIPHERAL PORT GROUPS and the b...

Страница 45: ...information via a controlled operation if the following rules hold Switching Rule KEYBOARD PERIPHERAL DATA and POINTING DEVICE PERIPHERAL DATA can flow to a PERIPHERAL PORT GROUP with a given ID only...

Страница 46: ...formation via a controlled operation if the following rules hold Unidirectional flow Rule KEYBOARD PERIPHERAL DATA POINTING DEVICE PERIPHERAL DATA and EDID PERIPHERAL DATA can flow only from the PERIP...

Страница 47: ...DP_ITC 1 3 The TSF shall enforce the following rules when importing user data controlled under the SFP from outside the TOE No additional rules 6 1 2 Class FMT Security Management 6 1 2 1 FMT_MSA 1 Ma...

Страница 48: ...ive initial values to override the default values when an object or information is created 6 1 3 Class FPT Protection of the TSF 6 1 3 1 FPT_PHP 1 Passive detection of physical attack Hierarchical to...

Страница 49: ...provided that is persistent for the duration of the CONNECTION Application Note Does not require tactile indicators but does not preclude their presence EXT_IUC 1 Invalid USB Connection Hierarchical...

Страница 50: ...unctional Requirements to Security Objectives and describes the applicable rationale based on direct reference from the claimed Protection Profile 6 3 1 TOE Security Functional Requirements Tracing Ra...

Страница 51: ...R data consists of HUMAN INTERFACE DEVICE control information Also included is configuration information such as KEYBOARD settings that must be reestablished each time the TOE switches between COMPUTE...

Страница 52: ...keyboard pointing device and EDID chip to a CONNECTED COMPUTER Unidirectional peripheral data flow is critical to assure that data confidentiality is maintained as it prevents data from entering the...

Страница 53: ...ry selection methods are used by most if not all current market products Automatic switching based on scanning shall not be used as a selection mechanism FMT_MSA 1 Management of Security Attributes FM...

Страница 54: ...an invalid USB connection the TOE will disable the connection and notify the user O UNIDIR TOE circuitry shall assure that USER KEYBOARD USER POINTING DEVICE and EDID data will flow only from PERIPHE...

Страница 55: ...ormal functionality after such an event FPT_PHP 1 Passive detection of physical attack FPT_PHP 3 Automatic response upon detection of physical attack FPT_PHP 1 The TOE is required to provide unambiguo...

Страница 56: ...FDP_IFC 1b FDP_IFF 1b Simple security attributes Yes FDP_IFC 1a Subset information flow control Yes FDP_IFF 1a FMT_MSA 3 Static attribute initialization Yes FDP_IFC 1b Subset information flow control...

Страница 57: ...1 Specification of management functions The TOE is not required to associate USERS with roles hence there is only one role that of USER This deleted requirement a dependency of FMT_MSA 1 and FMT_MSA...

Страница 58: ...4 Product support acceptance procedures and automation ALC_CMS 4 Problem tracking CM coverage ALC_DEL 1 Delivery procedures ALC_DVS 1 Identification of security measures ALC_FLR 3 Systematic Flaw Reme...

Страница 59: ...ependently assured security The chosen assurance level is consistent with the threat environment where an attacker may be assumed to have an attack potential of Enhanced Basic This has been augmented...

Страница 60: ...nce that data confidentiality will be maintained even when targeted attacks are launched against the TOE The TOE design does not mix PERIPHERAL DATA having different IDs or security attributes and the...

Страница 61: ...s completed 2 If the TOE anti tampering system was triggered by an enclosure intrusion attempt The TOE will transition to normal TOE operation on default channel one following a passed self test The T...

Страница 62: ...state the user is unable to pass any information through the TOE to any COMPUTER and user DISPLAYS are blank Since the TOE becomes unusable the user will require replacement of the TOE This ensures t...

Страница 63: ...ttempt to access these memory chips is not possible without causing permanent damage to the TOE Functional Requirements Satisfied EXT_ROM 1 7 6 Audio Output Switching Function Clarification This parag...

Отзывы:

Нет отзывов

Похожие инструкции для F1DN102C

Бренд: IDEC Страницы: 5

Бренд: IDEC Страницы: 7

Бренд: Crestron Страницы: 36

OMNICUBE F1DK102P

Бренд: Belkin Страницы: 21

Бренд: H3C Страницы: 38

PROFINET 4-port

Бренд: Helmholz Страницы: 20

Бренд: Lindy Страницы: 2

Chief Kontour KPWR Series

Бренд: LEGRAND Страницы: 8

Бренд: Opencockpits Страницы: 30

Бренд: N-Tron Страницы: 15

Бренд: CoolGear Страницы: 8

Бренд: Veris Industries Страницы: 2

Бренд: Huanyu Страницы: 10

SUPERSTACK 3 3870 Series

Бренд: 3Com Страницы: 76

Бренд: Gigabyte Страницы: 10

Бренд: Profi-pumpe Страницы: 7

Бренд: BABBITT Страницы: 17

COREBUILDER 7000HD

Бренд: 3Com Страницы: 24

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды