McAfee HARDWARE 1.4 Guide d'installation télécharger pdf (Page 57)

McAfee Email Gateway

Security Target

McAfee Incorporated

Page 57 of 61

An internal clock is provided within the McAfee MEG Appliance to provide a time reference for use by the

TOE in recording accurate audit logs by the time of the event.

FAU_STG_EXT.1 External Audit Trail Storage

The TOE provides a facility to export audit data to an external storage device for long term storage, using

SSH. If the connection to external storage is lost the TOE will continue to store records on the TOE,

overwriting the oldest stored audit records if the audit trail exceeds available storage.

6.1.4 Cryptographic Support

FCS_COP.1(1)

AES in CBC mode is used to support encrypted communications for administrative access and mail

operations. It is used to support the implementation of TLS and SSH. Keys are generated in accordance

with ANSI X9.31 (see below FCS_RGB_EXT.1).

FCS_COP.1(2) Digital Signature

When using Secure Web Mail, the TOE generates a notification Email which it sends to the recipient

which tells them that they have an Email that needs to be viewed. This notification can be S/MIME signed

(using rDSA) so that it does not get picked up as spam.

FCS_COP.1(4) Keyed Hash

A keyed hash (HMAC-SHA-1, HMAC-SHA-256) is used for integrity protection as part of the TLS, SSH

and HTTPS protocols.

FCS_COP.1(3) - .dat or engine file Message Digest verification

The TOE provides a verification process for downloaded .dat threat signature and engine files. The threat

signature files (.dat files) and engine files are verified for integrity using the SHA1 hash function during the

download and install process. These files are used by the McAfee scanning engine in security function –

Anti-Virus to identify potential malicious files and software. The characteristics of these known files or

signatures are regularly updated to assure the latest threats are included in the scanning process.

Hashing is used to assure that the files are unmodified, authentic and properly downloaded to the TOE.

The SHA1 implementation is provided by RSA BSAFE Crypto-C Micro Edition (ME), version 2.1.0.2.

FCS_HTTPS_EXT.1, FCS_TLS_EXT.1, FCS_COP.1, FCS_CKM.1, FCS_CKM_EXT.4

The TOE provides cryptographic services to support remote management using an HTTPS GUI.

Cryptographic keys are stored in clear text, and protected with restricted file permissions. There is no

interface available for viewing them. These private keys cannot be output on physical ports.

The TOE uses OpenSSL to generate asymmetric cryptographic keys using a domain parameter

generator and a random number generator that meet ANSI X9.80 with an equivalent key strength of at

least 112 bits (rDSA keys). Domain parameters used in RSA-based key establishment schemes meet

NIST Special Publication 800-56B. These keys are used in support of the digital signature operations

described under FCS_COP.1(2).

All cryptographic libraries include mechanisms to clear keys on memory. The swap partition will be

cleared on shutdown. Cryptographic key files on the appliance will be shredded/securely deleted when

deleted. Secret keys when deleted from the appliance are zeroized by overwriting multiple times with a

random pattern that is changed before each write. In FIPS mode, when the appliance is shutdown, the

SWAP area is wiped such that secret key information that may have at some point been written out is no

1 2 ... 52 53 54 55 56 57 58 59 60 61

Commentaires sur ces manuels

Pas de commentaire

McAfee HARDWARE 1.4 Guide d'installation Page 57

Commentaires sur ces manuels

Produits connexes et manuels pour Composants des dispositifs de sécurité McAfee HARDWARE 1.4