Belkin F1DN102C Скачать руководство пользователя страница 60 | Manualshive

Страница: 60 / 63

background image

Belkin®

Secure

DVI

KVM

Switch,

Secure

KM

Switch

and

Secure

Windowing

KVM

EAL

4

augmented

ALC_FLR.3

Security

Target

Rev.

1.01

Page

|

60

7

TOE

Summary

Specification

This

section

presents

an

overview

of

the

security

functions

implemented

by

the

TOE

and

the

Assurance

Measures

applied

to

ensure

their

correct

implementation.

7.1

User

Data

Protection

–

Data

Separation

(TSF_DSP)

The

TOE

implements

the

Data

Separation

Security

Function

Policy

(SFP)

as

outlined

in

Section

2

of

the

claimed

Protection

Profile.

The

Data

Separation

Security

Function

Policy

implemented

in

the

TOE

is

enhanced

compared

to

the

requirements

that

were

defined

by

the

claimed

Protection

Profile.

The

TOE

PERIPHERAL

DATA

flow

path

design

is

based

on

the

following

features:



Isolated

device

emulators

per

coupled

computer

to

prevent

any

direct

interface

between

the

TOE

shared

resources

and

connected

computers.



Host

emulators

to

interface

with

connected

peripherals,

thus

isolating

external

peripherals

from

TOE

internal

circuitry

and

from

connected

computers.



Optical

data

diodes

to

enforce

unidirectional

data

flow

between

host

emulators

and

device

emulators.



Multiplexer

(switch)

to

enable

selection

of

just

one

data

source

at

any

given

time.

This

peripheral

data

path

design

provides

higher

assurance

that

data

confidentiality

will

be

maintained

even

when

targeted

attacks

are

launched

against

the

TOE.

The

TOE

design

does

not

mix

PERIPHERAL

DATA

having

different

IDs

or

security

attributes,

and

therefore

internal

TOE

user

data

security

attributes

are

neither

generated

nor

used.

This

design

therefore

satisfies

Functional

Requirement

FDP_ETC.1,

that

covers

user

data

export

and

FDP_ITC.1

that

covers

user

data

import.

Unidirectional

optical

data

diodes

are

used

in

the

PERIPHERAL

PORT

GROUP

traffic

to

assure

that

PERIPHERAL

DATA

can

only

flow

from

the

SHARED

PERIPHERAL

DEVICEs

to

the

COMPUTERs.

This

design

prevents

the

COMPUTERS

from

interacting

directly

with

the

SHARED

PERIPHERAL

DEVICEs

and

therefore

satisfies

Functional

Requirements

FDP_IFC.1b

and

FDP_IFF.1b.

The

TOE

design

uses

a

data

multiplexer

that

only

allows

PERIPHERAL

DATA

to

flow

from

the

PERIPHERAL

PORT

GROUP

to

one

COMPUTER

at

a

time

based

on

the

selected

ID.

This

is

implemented

through

the

switching

mechanism

of

the

TOE,

and

satisfies

Functional

Requirements

FDP_IFC.1a

and

FDP_IFF.1a.

The

Data

Separation

Security

Functional

Policy

–

“the

TOE

shall

allow

peripheral

data

and

state

information

to

be

transferred

only

between

peripheral

port

groups

with

the

same

ID”

is

assured

through

the

use

of

a

single

unidirectional

channel

select

control

bus

to

drive

all

TOE

switching

functions

simultaneously.

This

design

further

satisfies

the

Functional

Requirements

FDP_IFC.1a

and

FDP_IFF.1a.

«
...
58
59
60
61
62
...
»

Содержание F1DN102C

Страница 1: ...ugmented ALC_FLR 3 Security Target Rev 1 01 Page 1 Belkin Secure DVI KVM Switch Secure KM Switch and Secure Windowing KVM EAL 4 augmented ALC_FLR 3 Security Target Release Date July 16 2012 Document I...

Страница 2: ...ogical Scope of the TOE 16 1 4 Organization 17 1 5 Document Conventions 18 1 6 Document Terminology 18 1 6 1 ST Specific Terminology 18 1 6 2 Acronyms 22 2 Conformance Claims 23 2 1 Common Criteria Co...

Страница 3: ...Requirements 42 6 Security Requirements 43 6 1 Security Functional Requirements for the TOE 43 6 1 1 Class FDP User Data Protection 44 6 1 2 Class FMT Security Management 47 6 1 3 Class FPT Protectio...

Страница 4: ...witch Secure KM Switch and Secure Windowing KVM EAL 4 augmented ALC_FLR 3 Security Target Rev 1 01 Page 4 Document Revisions Rev Date Author Changes 1 01 July 16 2012 Carlos Del Toro Belkin Changed pr...

Страница 5: ...ions provided by the Target of Evaluation TOE that meet the set of requirements in Chapter 6 TOE Summary Specification The structure and content of this ST complies with the requirements specified in...

Страница 6: ...I KVM Switch w audio and CAC Model F1DN116C Ver 111111 Or Belkin Secure 4 port KM Switch w audio Model F1DN104K Ver 111111 Or Belkin Secure 8 port KM Switch w audio Model F1DN108K Ver 111111 Or Belkin...

Страница 7: ...tems such as Windows or Linux and have ports for USB keyboard USB mouse DVI I video DVI D video audio input and output and USB Common Access Card CAC or Smart Card reader The TOE is intended to be use...

Страница 8: ...that modern Secure KVM devices do not allow any electrical interface peripheral sharing in order to prevent certain attacks and therefore they are no longer simple switching devices Figure 1 Typical e...

Страница 9: ...er Unit DCU accessory and The accompanying User Guidance Updated User Guidance can be downloaded from the http www belkin com website at any time The evaluated TOE configuration does not include any p...

Страница 10: ...KM Switch and Secure Windowing KVM EAL 4 augmented ALC_FLR 3 Security Target Rev 1 01 Page 10 1 3 3 Evaluated Environment This table identifies hardware components and indicates whether or not each co...

Страница 11: ...w audio Model F1DN102F Or Belkin Secure 4 port DVI I KVM Switch w audio Model F1DN104B Or Belkin Secure 4 port DVI I KVM Switch w audio and CAC Model F1DN104G Or Belkin Secure 8 port DVI I KVM Switch...

Страница 12: ...ed ALC_FLR 3 Security Target Rev 1 01 Page 12 TOE Or Belkin Secure 4 port KM Switch w audio Model F1DN104K Or Belkin Secure 8 port KM Switch w audio Model F1DN108K Or Belkin Secure 4 port Windowing KV...

Страница 13: ...Lenovo keyboard SK 8825 L Shared Peripheral Port Group Member Environment USB User Authentication Device compatible with Precise 200 MC SCM SCR 335 Gemalto PC USB TR Belkin F1DN005U Shared Peripheral...

Страница 14: ...Audio black shielded 6 ft 180 cm F2E4141B10D D RT Belkin P N F2E4141B10DD RT Belkin Pro Series DVI D Dual Link M to M Cable shielded 10 ft 300 cm CWR05114 Belkin RJ 14 to RJ 14 DCU cable unshielded 6...

Страница 15: ...or DP monitor output support Operational Environmen t Host Computer resources Table 1 Evaluated TOE and Environment Components 1 3 4 Guidance Documents The following guidance documents are provided w...

Страница 16: ...onnected computers to be powered up at any time The white LEDs with colored light pipes in the TOE front panel called color chips indicate the selected computer channel The TOE provides the user with...

Страница 17: ...elevant terminology The introduction also provides a description of the TOE security functions as well as the physical and logical boundaries for the TOE the hardware and software that make up the TOE...

Страница 18: ...1 5 Document Conventions The CC defines four operations on security functional requirements The descriptions below define the conventions used in this ST to identify these operations When NIAP interpr...

Страница 19: ...the essential COMPUTER that is capable of providing INPUT to the essential COMPUTER or of receiving OUTPUT or both The term PERIPHERAL is sometimes used as a synonym for device or any INPUT OUTPUT uni...

Страница 20: ...ice that allows a single keyboard video monitor and mouse to be switched to any of a number of computers while the user can interact with multiple video outputs presented simultaneously on a single di...

Страница 21: ...e a mouse trackball joystick and touchpad Port An external socket for plugging in communications lines and or PERIPHERALS QUALIFIED USB device A USB device having a complete set of characteristics tha...

Страница 22: ...y Erasable Programmed Read Only Memory ID Identification IT Information Technology KVM Keyboard Video Mouse LCD Liquid Crystal Display LED Light Emitting Diode MAC Mandatory Access Control PSS Periphe...

Страница 23: ...tion Technology Security Evaluation Part 3 Security Assurance components conformant at EAL4 ALC_FLR 3 Version 3 1 Revision 3 dated July 2009 4 All International interpretations with effective dates on...

Страница 24: ...erred by the TOE USERS are AUTHORIZED USERS A MANAGE The TOE is installed and managed in accordance with the manufacturer s directions A NOEVIL The AUTHORIZED USER is non hostile and follows all usage...

Страница 25: ...and subsequent compromise of the data flowing through the TOE or the NETWORKS connected to its coupled COMPUTERS T SPOOF Via intentional or unintentional actions a USER may think the set of SHARED PER...

Страница 26: ...hreats addressed by the IT Operating Environment The Protection Profile claimed identifies no threats to the assets against which specific protection within the TOE environment is required 3 3 Organiz...

Страница 27: ...selected O ROM TOE software firmware shall be protected against unauthorized modification Embedded software must be contained in mask programmed or one time programmable read only memory or fuse prote...

Страница 28: ...age 28 and EDID data will flow only from PERIPHERAL DEVICES to the SWITCHED COUPLED COMPUTER O TAMPER The TOE Device provides unambiguous detection of physical tampering of the TSF s devices or TSF s...

Страница 29: ...nt by technical means Environment Security Objective Definition OE ACCESS The AUTHORIZED USER shall possess the necessary privileges to access the information transferred by the TOE USERS are AUTHORIZ...

Страница 30: ...t least one security objective for the TOE and that those security objectives counter the threats enforce the policies and uphold the assumptions Threats Policies Assumptions O CONF O INDICATE O ROM O...

Страница 31: ...TOE Console USB port Once such a device is detected any information from it will be ignored and will not be coupled to the connected COMPUTERs This objective will be valid for the TOE KEYBOARD POINTIN...

Страница 32: ...OG The TSF may be modified by an attacker such that code embedded in reprogrammable ROMs is overwritten thus leading to a compromise of the separation enforcing components of the code and subsequent c...

Страница 33: ...mbedded software must be contained in mask programmed fuse protected flash or one time programmable read only memory permanently attached non socketed to a circuit assembly O USBDETECT This objective...

Страница 34: ...that TOE software firmware will be protected against unauthorized modification by ensuring that embedded software is contained in read only memory This ensures that any ROM used in the TSF to hold emb...

Страница 35: ...g multiple COMPUTERS Information transferred to from one SWITCHED COMPUTER is not to be shared with any other COMPUTER O SWITCH The purpose of the TOE is to share a set of PERIPHERALS among multiple C...

Страница 36: ...COUPLED COMPUTER thereby preventing data transfer from connected COMPUTERS or NETWORKS to peripheral devices O TAMPER Tampering of the TOE may cause data to be transferred between COMPUTERS Detection...

Страница 37: ...ed and managed in accordance with the manufacturer s directions Restates the assumption A NOEVIL The AUTHORIZED USER is non hostile and follows all usage guidance OE NOEVIL The AUTHORIZED USER shall b...

Страница 38: ...DVI KVM Switch Secure KM Switch and Secure Windowing KVM EAL 4 augmented ALC_FLR 3 Security Target Rev 1 01 Page 38 4 4 Rationale for Organizational Policy Coverage There are no Organizational Policie...

Страница 39: ...xtended Visual indications Visual confirmation provides the user with important information regarding the current connection made through the TOE This allows the user to confirm that the data is being...

Страница 40: ...the TOE and the coupled COMPUTERS from inadvertent connection of an UNAUTHORIZED USB device 5 2 1 Invalid USB Connection EXT_IUC Family Behavior This family defines requirements for providing a means...

Страница 41: ...firmware may not be changed after TOE production All non volatile memory devices used must be soldered directly to the board not attached with a socket Family Behavior This family defines the read onl...

Страница 42: ...KM Switch and Secure Windowing KVM EAL 4 augmented ALC_FLR 3 Security Target Rev 1 01 Page 42 5 4 Rationale for Explicitly Stated Security Requirements The Explicit SFRs in this Security Target are f...

Страница 43: ...llowing subsections 6 1 Security Functional Requirements for the TOE The security requirements that are levied on the TOE are specified in this section of the ST The TOE satisfies the SFRs delineated...

Страница 44: ...aration Hierarchical to No other components Dependencies FDP_IFF 1a Simple security attributes FDP_IFC 1 1a The TSF shall enforce the Data Separation SFP on the set of PERIPHERAL PORT GROUPS and the b...

Страница 45: ...information via a controlled operation if the following rules hold Switching Rule KEYBOARD PERIPHERAL DATA and POINTING DEVICE PERIPHERAL DATA can flow to a PERIPHERAL PORT GROUP with a given ID only...

Страница 46: ...formation via a controlled operation if the following rules hold Unidirectional flow Rule KEYBOARD PERIPHERAL DATA POINTING DEVICE PERIPHERAL DATA and EDID PERIPHERAL DATA can flow only from the PERIP...

Страница 47: ...DP_ITC 1 3 The TSF shall enforce the following rules when importing user data controlled under the SFP from outside the TOE No additional rules 6 1 2 Class FMT Security Management 6 1 2 1 FMT_MSA 1 Ma...

Страница 48: ...ive initial values to override the default values when an object or information is created 6 1 3 Class FPT Protection of the TSF 6 1 3 1 FPT_PHP 1 Passive detection of physical attack Hierarchical to...

Страница 49: ...provided that is persistent for the duration of the CONNECTION Application Note Does not require tactile indicators but does not preclude their presence EXT_IUC 1 Invalid USB Connection Hierarchical...

Страница 50: ...unctional Requirements to Security Objectives and describes the applicable rationale based on direct reference from the claimed Protection Profile 6 3 1 TOE Security Functional Requirements Tracing Ra...

Страница 51: ...R data consists of HUMAN INTERFACE DEVICE control information Also included is configuration information such as KEYBOARD settings that must be reestablished each time the TOE switches between COMPUTE...

Страница 52: ...keyboard pointing device and EDID chip to a CONNECTED COMPUTER Unidirectional peripheral data flow is critical to assure that data confidentiality is maintained as it prevents data from entering the...

Страница 53: ...ry selection methods are used by most if not all current market products Automatic switching based on scanning shall not be used as a selection mechanism FMT_MSA 1 Management of Security Attributes FM...

Страница 54: ...an invalid USB connection the TOE will disable the connection and notify the user O UNIDIR TOE circuitry shall assure that USER KEYBOARD USER POINTING DEVICE and EDID data will flow only from PERIPHE...

Страница 55: ...ormal functionality after such an event FPT_PHP 1 Passive detection of physical attack FPT_PHP 3 Automatic response upon detection of physical attack FPT_PHP 1 The TOE is required to provide unambiguo...

Страница 56: ...FDP_IFC 1b FDP_IFF 1b Simple security attributes Yes FDP_IFC 1a Subset information flow control Yes FDP_IFF 1a FMT_MSA 3 Static attribute initialization Yes FDP_IFC 1b Subset information flow control...

Страница 57: ...1 Specification of management functions The TOE is not required to associate USERS with roles hence there is only one role that of USER This deleted requirement a dependency of FMT_MSA 1 and FMT_MSA...

Страница 58: ...4 Product support acceptance procedures and automation ALC_CMS 4 Problem tracking CM coverage ALC_DEL 1 Delivery procedures ALC_DVS 1 Identification of security measures ALC_FLR 3 Systematic Flaw Reme...

Страница 59: ...ependently assured security The chosen assurance level is consistent with the threat environment where an attacker may be assumed to have an attack potential of Enhanced Basic This has been augmented...

Страница 60: ...nce that data confidentiality will be maintained even when targeted attacks are launched against the TOE The TOE design does not mix PERIPHERAL DATA having different IDs or security attributes and the...

Страница 61: ...s completed 2 If the TOE anti tampering system was triggered by an enclosure intrusion attempt The TOE will transition to normal TOE operation on default channel one following a passed self test The T...

Страница 62: ...state the user is unable to pass any information through the TOE to any COMPUTER and user DISPLAYS are blank Since the TOE becomes unusable the user will require replacement of the TOE This ensures t...

Страница 63: ...ttempt to access these memory chips is not possible without causing permanent damage to the TOE Functional Requirements Satisfied EXT_ROM 1 7 6 Audio Output Switching Function Clarification This parag...

Отзывы:

Нет отзывов

Похожие инструкции для F1DN102C

DGS-1024D - Switch

Бренд: D-Link Страницы: 16

DGS-1016D - Switch

Бренд: D-Link Страницы: 44

DES-6000 Series

Бренд: D-Link Страницы: 3

DES-5024 - Switch

Бренд: D-Link Страницы: 2

DES-3828 - xStack Switch - Stackable

Бренд: D-Link Страницы: 3

Бренд: D-Link Страницы: 192

Бренд: D-Link Страницы: 9

Бренд: D-Link Страницы: 110

Бренд: D-Link Страницы: 10

Бренд: D-Link Страницы: 17

Бренд: D-Link Страницы: 4

Бренд: D-Link Страницы: 9

Бренд: D-Link Страницы: 4

DGS-105 - Switch

Бренд: D-Link Страницы: 4

Бренд: D-Link Страницы: 2

Бренд: D-Link Страницы: 2

Бренд: Fairchild Страницы: 14

Бренд: Fema Страницы: 96

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды