Gigamon GigaVUE Supplemental Administrative Guidance
|
|
- Godfrey Pierce
- 7 years ago
- Views:
Transcription
1 Gigamon GigaVUE Supplemental Administrative Guidance Version: 1.0 January 28, 2016 Gigamon Inc Olcott Street Santa Clara, CA Prepared By: Cyber Assurance Testing Laboratory 900 Elkridge Landing Road, Suite 100 Linthicum, MD 21090
2 Contents 1 Introduction Intended Audience Terminology References Evaluated Configuration of the TOE TOE Components Supporting Environment Components Assumptions Secure Installation and Configuration Initial out-of-the-box Setup: Verify Software Version Configure the TOE to use Enhanced Security Mode: Configure the TOE to record log and audit data (locally): Disable Telnet and Enable SSH Configure and Access the WebGUI (aka H-VUE) Secure Management of Gigamon GigaVUE Authenticating to Gigamon GigaVUE Public-Key Based Authentication Configuration LDAP Authentication Configuration (CLI) LDAP Authentication Configuration (WebGUI) Managing Users Create a New Admin User Account (CLI): Create a New Admin User Account (GUI): Password Management Session Termination Admin Logout Termination from Inactivity Login Banner System Time Configuration Manually Configure the Time (CLI) P a g e
3 7.6.2 Manually Configure the Time Configuration (WebGUI) Configure Connection to an NTP Server (CLI) Configure Connection to an NTP Server (GUI) Secure Updates Display the Current Version (CLI) Display the Current Version (WebGUI) Downloading and Installing the New Image (CLI) Downloading and Installing the New Image (WebGUI) Rebooting TOE (CLI) Rebooting the TOE (WebGUI) Actions to be taken upon Failure Auditing Audit Storage Assigning a Public-Key to the Syslog Server and SSH (CLI) Configuring the Syslog Server (CLI) Communications Protocols and Services Modes of Operation Obtaining Technical Assistance Table of Tables Table 5-1: HD8 and HD4 Series... 5 Table 5-2: HC2 Series... 6 Table 5-3: HB1 Series... 7 Table 5-4: TA10 Series... 7 Table 5-5: TA40 Series... 8 Table 5-6: Supporting Environmental Components... 8 Table 8-1: NDPP Auditable Events P a g e
4 1 Introduction The Target of Evaluation (TOE) includes the models HD8, HD4, HC2, HB1, TA10 and TA40 with software version These models allow an Authorized Administrator to access the TOE through a serial port, remote CLI via SSH, and a WebGUI via TLS/HTTPS. The TOE was evaluated against the requirements defined in the Gigamon GigaVUE Security Target. The GigaVUE's primary functionality is to use the Gigamon Forwarding Policy to receive out-of-band copied network data from external sources (TAP or SPAN port) and forward that copied network data to one or many tool ports for packet capture or analyzing tools based on user selected criteria. GigaVUE can also copy the network traffic itself when sitting in-line with the network flow using passive, inline and bypass taps or any combination. GigaVUE features extensive filtering abilities enabling authorized users to forward precise customized data flows of copied data from many sources to a single tool, from a single source to many tools, or from many sources to many tools. The TOE was evaluated as a network device only and the GigaVUE s network traffic capture, filter, and forwarding capabilities described above were not assessed during this evaluation. The TOE is the general network device functionality (I&A, auditing, security management, trusted communications, etc.) of the GigaVUE, consistent with the claimed Protection Profile. 2 Intended Audience This document is intended for administrators responsible for installing, configuring, and/or operating Gigamon GigaVUE version Guidance provided in this document allows the reader to deploy the product in an environment that is consistent with the configuration that was evaluated as part of the product s Common Criteria (CC) testing process. It also provides the reader with instructions on how to exercise the security functions that were claimed as part of the CC evaluation. The reader is expected to be familiar with the Security Target for Gigamon GigaVUE version and the general CC terminology that is referenced in it. This document references the Security Functional Requirements (SFRs) that are defined in the Security Target document and provides instructions on how to perform the security functions that are defined by these SFRs. The GigaVUE product as a whole provides a great deal of security functionality but only those functions that were in the scope of the claimed PP are discussed here. Any functionality that is not described here or in the Gigamon GigaVUE Security Target was not evaluated and should be exercised at the user s risk. 3 Terminology In reviewing this document, the reader should be aware of the terms listed below. These terms are also described in the Gigamon GigaVUE Security Target. CC: stand for Common Criteria. Common Criteria provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and standard and repeatable manner at a level that is commensurate with the target environment for use. 3 P a g e
5 SFR: stands for Security Functional Requirement. An SFR is a security capability that was tested as part of the CC process. TOE: stands for Target of Evaluation. This refers to the aspects of Gigamon GigaVUE that contain the security functions that were tested as part of the CC evaluation process. 4 References The following documents are part of the Gigamon GigaVUE version This is the standard documentation set that is provided with the product. [1] GigaVUE-OS-CLIUsersGuide-v4400 [2] GigaVUE-OS-HVUE-UsersGuide-v4400 [3] GV-TA-Series-UpgradeGuide-v4400 [4] GV-H-Series-UpgradeGuide-v4400 [5] GV-HB-Series-HardwareInstallationGuide-v4400 [6] GV-HC-Series-HardwareInstallationGuide-v4400 [7] GV-HD-Series-HardwareInstallationGuide-v4400 [8] GV-TA-Series-HardwareInstallationGuide-v4400 [9] GV-OS-ReleaseNote-v4400 [10] Gigamon GigaVUE Security Target v1.0 (ST) [11] Gigamon Linux-Based Cryptographic Module CMVP certificate #2128 Note: [11] refers to the FIPS validated cryptographic module used by the GigaVUE products. 5 Evaluated Configuration of the TOE This section lists the components that have been included in the TOE s evaluated configuration, whether they are part of the TOE itself, environmental components that support the security behavior of the TOE, or non-interfering environmental components that were present during testing but are not associated with any security claims: 5.1 TOE Components Property HD8 HD8 HD4 HD4 Model Number 4 P a g e GVS-HD8A1 GigaVUE-HD8 base unit w/ chassis, CLI GVS-HD8A2 GigaVUE-HD8 base unit w/ chassis, CLI GVS-HD4A1 GigaVUE-HD4 base unit w/ chassis, CLI Size 14RU 14RU 5RU 5RU Total Slots Power AC DC AC DC Control Cards 1 or 2 1 or Port Blades PRT-H00-X12G04 Port Blade, HD Series, 12x10G 4x1G GVS-HD4A2 GigaVUE-HD4 base unit w/ chassis, CLI
6 PRT-H00-X12TS Port Blade, HD Series, 12x10G Time Stamp PRT-H00-X04G44 Port Blade, HD Series, 4x10G 44x1G PRT-H00-Q02X32 Port Blade, HD Series, 2x40G 32x10G (24 10G G or 32 10G active) PRT-HD0-Q08 Port Blade, HD Series, 8x40G PRT-HD0-C01 Port Blade, HD Series, 1x100G PRT-HD0-C02X08 Port Blade, HD Series, 2x100G CFP cages + 8x10G cages PRT-HD0-C02X08A Port Blade, HD Series, 2x100G CFP2 cages + 8x10G cages GigaSMART Module: SMT-HD0-GigaSMART, HD Series blade (includes Slicing, Masking, Source Port,& GigaVUE Tunneling De-Encapsulation SW Power Supplies Processor PowerPC 600 PowerPC 600 PowerPC 600 PowerPC 600 Memory (RAM) Logical Drive Capacity CCv1: 2GB CCv2: 4GB CCv1: 2GB CCv2: 8GB CCv1: 2GB CCv2: 4GB CCv1: 2GB CCv2: 8GB CCv1: 2GB CCv2: 4GB CCv1: 2GB CCv2: 8GB Fixed Ports None None None None Configurable Ports Provided by Port Blades Provided by Port Provided by Port Blades Blades Table 5-1: HD8 and HD4 Series CCv1: 2GB CCv2: 4GB CCv1: 2GB CCv2: 8GB Provided by Port Blades Property HC2 HC2 Model Number GVS-HC201 GigaVUE-HC2 base unit w/ chassis, CLI, Size 2RU 2RU Front Bays 4 4 Rear Bays 1 1 Power AC DC Main Board 1 1 TAP Modules Bypass Combo Modules GVS-HC202 GigaVUE-HC2 base unit w/ chassis, CLI TAP-HC0-D25AC0 TAP module, HC Series, SX/SR Internal TAP Module 50/125, 12 TAPs TAP-HC0-D25BC0 TAP module, HC Series, SX/SR Internal TAP Module 62.5/125, 12 TAPs TAP-HC0-D35CC0 TAP module, HC Series, LX/LR Internal TAP Module, 12 TAPs TAP-HC0-G100C0 TAP and Bypass module, HC Series, Copper, 12 TAPs or BPS pairs BPS-HC0-D25A4G Bypass Combo Module, HC Series, 4 SX/SR 50/125 BPS pairs, 16 10G cages BPS-HC0-D25B4G Bypass Combo Module, HC Series, 4 SX/SR 62.5/125 BPS pairs, 16 10G cages 5 P a g e
7 Port Modules BPS-HC0-D35C4G Bypass Combo Module, HC Series, 4 LX/LR BPS pairs, 16 10G cages PRT-HC0-X24 Port Module, HC Series, 24x10G PRT-HC0-Q06 Port Module, HC Series, 6x40G GigaSMART Modules: SMT-HC0-R GigaSMART, HC Series rear module (includes Slicing, Masking, Source Port & GigaVUE Tunneling De-Encapsulation SW) SMT-HC0-X16 GigaSMART, HC Series, Front Module, 16 10G cages (includes Slicing, Masking, Source Port & GigaVUE Tunneling De-Encapsulation SW Power Supplies 2 2 Processor PowerPC 600 PowerPC 600 Memory (RAM) 4GB 4GB Logical Drive Capacity 8GB Fixed Ports PTP IEEE 1588 Configurable Ports Stack Mgmt. Port Mgmt. Console Provided by TAP Modules, Bypass combo modules, Port Modules Table 5-2: HC2 Series 8GB PTP IEEE 1588 Stack Mgmt. Port Mgmt. Console Provided by TAP Modules, Bypass combo modules, Port Modules Property HB1 HB1 Model Number GVS-HB GVS-HB branch node branch node Size 1RU 1RU Cages 4 10G cages 4 10G cages 8 1G cages 8 1G cages Copper 8 1G 8 1G Power AC DC Power Supplies 1 1 Processor PowerPC 600 PowerPC 600 Memory (RAM) 2GB 2GB Logical Drive 2GB 2GB Capacity Fixed Ports PTP 1588 PTP 1588 Mgmt. Mgmt. 6 P a g e
8 Console 8 10/100/1000 Ports, 8 1G Ports (SFP), 4 1G/10G (SFP+) Console Configurable Ports None None Table 5-3: HB1 Series 8 10/100/1000 Ports, 8 1G Ports (SFP), 4 1G/10G (SFP+) Property TA10 TA10 Model Number GigaVUE-TA10 Edge Traffic Aggregation Node (SKU GVS-TAX01) Size 1RU 1RU Power AC DC Power Supplies 2 2 GigaVUE-TA10 Edge Traffic Aggregation Node (SKU GVS-TAX01) Processor PowerPC e500 PowerPC e500 Memory (RAM) 4GB 4GB Logical Drive Capacity Fixed Ports 8GB Mgmt. Console 48 1G/10G Ports (SFP+) 4 10G/40G QSFP Ports 8GB Mgmt. Console Configurable Ports None None Table 5-4: TA10 Series 48 1G/10G Ports (SFP+) 4 10G/40G QSFP Ports Property TA40 TA40 Model Number GigaVUE-TA40 GigaVUE-TA40 Edge Traffic Aggregation Node Edge Traffic Aggregation Node (SKU GVS-TAQ01) (SKU GVS-TAQ01) Size 1RU 1RU Power AC DC Power Supplies 2 2 Processor PowerPC e500 PowerPC e500 Memory (RAM) 4GB 4GB Logical Drive 8GB 8GB Capacity Fixed Ports Mgmt. Mgmt. 7 P a g e
9 Console 32 10G/40G QSFP Ports Console Configurable Ports None None Table 5-5: TA40 Series 5.2 Supporting Environment Components 32 10G/40G QSFP Ports Component LDAP Server Management Workstation NTP Server SPAN Syslog Server TAP Tool Update Server Definition A system that is capable of receiving authentication requests using LDAP over TLS and validating these requests against identity and credential data that is defined in an LDAP directory. Any general-purpose computer that is used by an administrator to manage the TOE. The TOE can be managed remotely, in which case the management workstation requires an SSH client to access the CLI or a web browser (Microsoft Internet Explorer 11 or higher and Google Chrome 36 or higher) to access the WebGUI, or locally, in which case the management workstation must be physically connected to the TOE using the serial port and must use a terminal emulator that is compatible with serial communications. A server that provides reliable time data to the TOE s system clock so that the timestamps on its audit records can be synchronized with other devices in the Operational Environment that connect to the same server. This component provides the TOE with copied network data, but only if the TOE is configured to receive data from an external TAP or SPAN device. The Syslog Server connects to the TOE and allows the TOE to send Syslog messages to it for remote storage. This is used to send copies of audit data to be stored in a remote location for data redundancy purposes. This component provides the TOE with copied network data, either from an internal GigaVUE TAP or an external TAP. The TOE can also be configured to receive data from an external source, meaning a TAP device or SPAN port. This component is any analysis, capture or troubleshooting tool connected to a tool port. This component is required for the TOE to forward data. The connection to the tool is a physical connection. A general-purpose computer that includes a web server and is used to store software update packages that can be retrieved by the TOE using TLS/HTTPS. The update server can be a server maintained by Gigamon or it can be set up locally in the Operational Environment by an administrator if the TOE s deployment prevents it from being able to access Gigamon s web domain. Table 5-6: Supporting Environmental Components 5.3 Assumptions In order to ensure the product is capable of meeting its security requirements when deployed in its evaluated configuration, the following conditions must be satisfied by the organization, as defined in the claimed Protection Profile: No general purpose computing capabilities: The GigaVUE product must only be used for its intended purpose. General purpose computing applications, especially those with network-visible interfaces, may compromise the security of the product if introduced. 8 P a g e
10 Physical security: The GigaVUE product does not claim any sort of physical tamper-evident or tamper-resistant security mechanisms. Therefore, it is necessary to deploy the product in a locked or otherwise physically secured environment so that it is not subject to untrusted physical modification. Trusted administration: The GigaVUE product does not provide a mechanism to protect against the threat of a rogue or otherwise malicious administrator. Therefore, it is the responsibility of the organization to perform appropriate vetting and training for security administrators prior to granting them the ability to manage the product. 6 Secure Installation and Configuration Documentation for how to order and acquire the TOE is described in the Contacting Sales section of documents [5] through [8]. When receiving delivery of a TOE model, this documentation should be checked as part of the acceptance procedures so that the correctness of the hardware can be verified. Additionally, documents [5] through [8] can be referenced for physical requirements such as unpacking the TOE, installing modules, racking the TOE, cabling (i.e. network and power), as well as verifying power and environmental operating conditions. The TOE comes with the software image installed on it by default, but if additional validation is necessary, an administrator may acquire the software image separately from Gigamon and perform a software upgrade to the known version. Regardless of the specific model being installed, the software is functionally identical with respect to the Common Criteria security requirements, so secure management for each device is described in the remainder of this document. Note that these steps can be performed using the initial default user account. Note: Use the write memory command in the CLI to save configuration changes to flash. Otherwise, changes will be added to the active configuration immediately but will not be saved across a reboot unless the write memory command is used. 6.1 Initial out-of-the-box Setup 1. Connect to the TOE via the local console using the following settings on a terminal application: 115,200 Baud 8 data bits No parity 1 stop bit No flow control 2. Authenticate using the default credentials: Username: admin Password: admin123a! 3. Start the jump-start script by entering the following commands on the TOE: config terminal config jump-start 9 P a g e
11 Refer to the Run the Jump-Start Script Section in documents [5] through [8] for more information on completing the jump-start setup. Note: Ensure to modify the default password for the default admin account. 6.2 Verify Software Version Now verify the version of software operating on the TOE by issuing a show version command and compare the displayed version to the expected version. If the version is not what is expected then follow the instructions in Section 7.7 to obtain and install the correct software image from Gigamon. 6.3 Configure the TOE to use Enhanced Security Mode Enhanced Security Mode must be configured to limit the cryptographic options to be consistent with the claims made for the Common Criteria evaluation. 1. Enter the following commands to secure cryptography mode: 10 P a g e config terminal system security crypto enhanced reload 2. Respond yes to Configuration has been modified; save first? and then confirm the reload. 3. Authenticate to the TOE. 4. Verify that after authenticating, the TOE reports System in secure cryptography mode. 6.4 Configure the TOE to record log and audit data (locally) In the evaluated configuration, all auditable events relevant to the Common Criteria evaluation are logged locally by entering the following commands. config terminal logging level audit mgmt info logging level cli commands info logging local info 6.5 Disable Telnet and Enable SSH2 Both Telnet and SSH2 can be configured for remote connections to the GigaVUE s Ethernet Management Port. By default, SSH2 is d and Telnet is disabled. In the Common Criteria evaluated configuration, Telnet must remain disabled. If Telnet is d, enter the following commands: config terminal no telnet-server If SSH2 is disabled, enter the following commands:
12 config terminal ssh server After verifying that Telnet is disabled and SSH2 is d, attempt to authenticate to the TOE with a SSH2 client by pointing the client at the TOE s IP address and using the default admin account s credentials. To be able to connect to the TOE, the SSH2 client must support diffie-hellman-group14-sha1 as the key exchange method, and one or more of the following encryption and data integrity algorithms. Encryption Algorithms: AES-CBC-128 or AES-CBC-256 Data Integrity Algorithms: hmac-sha1, hmac-sha2-256, or hmac-sha Configure and Access the WebGUI (aka H-VUE) Follow the instructions for enabling the WebGUI by following the directions under Enabling the <MODEL NAME> Web Server Section in documents [5] through [8]. Then continue with that Section s directions for connecting and authenticating to the WebGUI. The WebGUI can be accessed by navigating to in a web browser. Web browsers that should be used in the Common Criteria evaluated configuration are Microsoft Internet Explorer 11 or higher and Google Chrome 36 or higher. These web browsers must be configured to support TLS 1.0, and one or more of the following ciphersuites: TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA The TOE supports HTTPS and HTTP for the WebGUI. By default, HTTPS is d and HTTP is disabled. In the Common Criteria evaluated configuration, HTTP must remain disabled. If HTTP is d, enter the following commands: config terminal no web http Note: Ensure to modify the default password for the default admin account. 7 Secure Management of Gigamon GigaVUE 7.1 Authenticating to Gigamon GigaVUE Users must authenticate to Gigamon GigaVUE in order to perform any management functions. Section 8.4 of the ST discusses the process in which Gigamon GigaVUE authenticates users via the CLI, WebGUI or remotely via LDAP. Section also discusses the trusted channels that are invoked in order to send the data securely. Local users login to the Command line interface (CLI) using username and password, while remote users can login to GigaVUE via the CLI using username and password or public key based authentication. User authentication information that is sent remotely via the CLI is protected using SSHv2. Users may also 11 P a g e
13 authenticate remotely via a WebGUI that is protected using TLS/HTTPS. Remote authentication is possible using an LDAP server for its user store. Note: Connections to the LDAP server are protected with TLS. The TLS session for an LDAP request establishes and terminates almost immediately, making it nearly impossible to interrupt the TLS session. If the LDAP server is unreachable, the TOE will only perform a single attempt to connect to the LDAP server and will then default to verifying the authentication credential s to the TOE s local store Public-Key Based Authentication Configuration SSH public/private key pairs must be generated or loaded on the TOE so that SSH authentication using a public- key is possible. Perform the following steps to add an authorized public-key to a user on the TOE: 1. Authenticate to the TOE via the CLI as an Admin user. 2. Enter the following commands on the TOE: config terminal ssh client user <USERNAME> authorized-key sshv2 <PUBLIC KEY> 3. Provide the user the corresponding private key for their use to authenticate via SSH. 4. The user would then load the private key on their SSH client when attempting to authenticate LDAP Authentication Configuration (CLI) Perform the following steps to configure the LDAP server on the TOE via the CLI. Refer to Adding an LDAP Server Section in document [1] for more information. 1. Authenticate to the TOE via the CLI as an Admin user 2. Enter the following commands on the TOE to install the public-key for the LDAP server: config terminal crypto certificate name <NAME> public-cert pem -----BEGIN CERTIFICATE----- <CERT_DATA_HERE>-----END CERTIFICATE----- crypto certificate ca-list default-ca-list name <INSTALLED CERTIFICATE> 3. Refer to the ldap section in document [1] between pages 773 and 776 to configure the LDAP parameters. The commands below are provided as an example of the LDAP parameters that need to be defined for a working configuration. The commands in bold must be configured as such in the evaluated configuration. ldap base-dn <STRING> ldap bind-dn <STRING> ldap bind-password <PASSWORD HERE> ldap group-attribute <STRING> ldap host <LDAP_SERVER_IP_ADDRESS_HERE> ldap login-attribute <STRING> ldap ssl mode tls ldap ssl ca-list default-ca-list ldap ssl cert-verify ldap version 3 12 P a g e
14 4. Refer to the aaa authentication section in document [1] between pages 661 and 664 to configure the AAA Authentication parameters. The command below is provided as an example of the AAA Authentication parameters that need to be defined for a working configuration. The command is in bold because it must be configured as such in the evaluated configuration. aaa authentication login default ldap local 5. Refer to the aaa authorization section in document [1] between pages 664 and 665 to configure the AAA Authorization parameters. The commands below are provided as an example of the AAA Authorization parameters that need to be defined for a working configuration. aaa authorization map order <POLICY> aaa authorization map default-user <USER> LDAP Authentication Configuration (WebGUI) Perform the following steps to configure the LDAP server on the TOE via the WebGUI. 1. Authenticate to the TOE via the WebGUI as an Admin user. 2. Refer to the Configuring Authentication and Authorization (AAA) section in document [2] between pages 182 and 183 to configure AAA. The following options must be chosen: a. First Priority: LDAP b. Second Priority: Local 3. Refer to the Adding an LDAP Server section in document [2] on page 190 to add an LDAP server. 4. Refer to the Configuring LDAP Authentication section in document [2] between pages 195 and 196 to configure LDAP authentication. The following options must be chosen: a. LDAP Version: v3 b. SSL Mode tls c. SSL Cert Check: on d. SSL ca-list: default CA list Note: Installing the public-key for the LDAP server must be performed via the CLI. Refer to Section steps 1 and 2 for directions for installing the public-key. 7.2 Managing Users GigaVUE has role based authentication. There are three roles which can be Admin, Operator, or Monitor, depending on the role assigned by an Authorized Administrator and each has different levels of authorization in terms of the functions that can be performed by them. All SFR relevant management activity is performed by the Admin role. The Admin user corresponds to the PP s definition of Authorized Administrator. Only Admin users have the ability to assign roles to users and more than one role may be assigned to a user Create a New Admin User Account (CLI): 1. Authenticate to the TOE via the CLI as an Admin user. 2. Select a password that meets the password strength requirements in section Enter the following commands to create a new user account: config terminal username <USERNAME> password <PASSWORD> 13 P a g e
15 username < USERNAME> roles add admin Note: An Admin user can delete user accounts with the no username command Create a New Admin User Account (GUI): 1. Authenticate to the TOE via the WebGUI as an Admin user. 2. Click on Roles and Users > Users 3. Click on Add. 4. Fill in the fields as appropriate. 5. Assign the user the admin capability and click Save. Note: An Admin user can delete user accounts under the Roles and Users > Users by selecting the user and clicking Delete. 7.3 Password Management Passwords can be composed using any combination of upper case and lower case letters, numbers and special characters. The special characters that are supported include the #, $, %, ^, &, *, (, and ). The password policy includes a configurable minimum length, which can be configured by an Admin user to any value between 15 and 30 in the evaluated configuration. Perform the following steps to configure minimum length for passwords: 1. Authenticate to the TOE via the CLI as an Admin user. 2. Enter the following commands to secure passwords mode: config terminal system security passwords enhanced system security passwords min-length 15 show system 3. Verify the TOE reports Configured secure passwords mode : d and Minimum password length : 15. In order to minimize the risk of account compromise, it is recommended to use a password that includes a mixture of uppercase, lowercase, numeric, and special characters and is not a common word or phrase, but is not so complex that it must be written down in order to be remembered. 7.4 Session Termination Admin Logout The Admin is able to terminate their own session by entering the "Exit" command when logged into the local console or remote CLI via SSH. The Admin can terminate their own session by clicking on the "logout" tab when logged into the WebGUI. 14 P a g e
16 7.4.2 Termination from Inactivity The TOE is designed to terminate a local session after a specified period of time with a default setting of 15 minutes. The TOE has a single configuration for the CLI accessed via the serial port and the CLI accessed via SSH. In the event that the inactivity setting is met while users are logged into the CLI via the serial port, the session will end. In the event that the inactivity setting is met while users are logged into the CLI via SSH, the TOE tears down the SSH connection. This setting can be configured between minutes. The value of 0 means that this setting is disabled and there is no timeout configured. The CLI timeout is configured via the CLI by an Admin user with the following commands: 15 P a g e config terminal cli default auto-logout <MINUTES> In the event that the inactivity setting is reached while a user is logged into the WebGUI, the session will end. This setting can be configured between minutes. The value of 0 means that this setting is disabled and there is no timeout configured. The WebGUI timeout can be configured via the CLI by an Admin user with the following commands: config terminal web auto-logout <MINUTES> Additionally, an Admin user authenticated to the WebGUI can only configure the timeout setting for the WebGUI and they would use the following steps: 1. Authenticate to the TOE via the WebGUI as an Admin user 2. Click on Settings > Global Settings > Web. 3. Click Edit. 4. In the field for Auto logout Timeout enter <MINUTES> 5. Click Save 7.5 Login Banner The CLI login banner is created by an Admin user authenticated to the CLI with the following commands: config terminal banner login <STRING> The WebGUI login banner is created by an Admin user authenticated to the WebGUI with the following steps: 1. Authenticate to the TOE via the WebGUI as an Admin user. 2. Click on Settings > Global Settings > Hostname 3. Click on Edit 4. Enter <BANNER TEXT> in the Login Message box. 5. Click Save
17 7.6 System Time Configuration In the evaluated configuration of the TOE, the system time can either be set manually or by synchronizing with an NTP server in the TOE s Operational Environment. Only an Admin user is able to perform these operations Manually Configure the Time (CLI) 1. Authenticate to the TOE via the CLI as an Admin user. 2. Enter the following command to view the current time: show clock 3. Enter the following commands to set the date and time: config terminal clock set <hh:mm:ss> [<yyyy/mm/dd>] Manually Configure the Time Configuration (WebGUI) 1. Authenticate to the TOE via the WebGUI as an Admin user. 2. Click on Settings > Date And Time. This step will also allow the Admin user to view the current time. 3. Click on Edit 4. Specify a new date and time in the fields and then click Save Configure Connection to an NTP Server (CLI) The TOE can be configured to connect to an NTP server by an Admin user authenticated to the CLI with the following commands: config terminal ntp ntp server [NTP_SERVER_IP_ADDRESS] Refer to the ntp section of document [1] on pages 808 and 809 for more information regarding configuring a connection to an NTP server Configure Connection to an NTP Server (GUI) The TOE can be configured to connect to an NTP server by an Admin user authenticated to the Web with the following steps: 1. Authenticate to the WebGUI 2. Click on Settings > Date and Time > NTP 3. Click Add 4. Populate the Server IP field with the NTP server IP address and version field 5. Check the server d box, and uncheck the key d box 6. Click on Settings > and check Enabled for NTP time synchronization and click Save 16 P a g e
18 7.7 Secure Updates To maintain security throughout the lifecycle of the GigaVUE product, the TOE provides a mechanism to apply software upgrades. To upgrade the software, the new software image must be either available on the Gigamon update server or on a local update server. The Gigamon update server is a Gigamon hosted site and the Admin user must enter a username and password to download the image. The local update server is under the control of the Admin user and is used by the Admin user to store a downloaded image. The following sections describe the steps which must be taken in order to install a new software image either by using the CLI or by using the WebGUI. Both communications channels are protected by TLS/HTTPS. If the connection is interrupted during a download of the software update but the TLS/HTTPS session has not timed out, the TOE will automatically continue the software update download over TLS/HTTPS once the connection has been re-established. If the TLS/HTTPS session has timed out, the Admin user will have to re-initiate the download of the software update Display the Current Version (CLI) Before downloading a new image, the current version of the software image should be identified. The current version of the software image is displayed via the CLI by using the command show version Display the Current Version (WebGUI) The current version of the software image is displayed via the WebGUI by following these steps: 1. Authenticate to the TOE via the WebGUI as an Admin user 2. Click on Settings > Reboot and Upgrade > Images. 3. Note the current version of the currently booted partition Downloading and Installing the New Image (CLI) The image command is used via the CLI to download and install the new image. For more information on the image command, refer to the image Section in document [1] between pages 741 and Authenticate to the TOE via the CLI as an Admin user. 2. Enter the following commands to fetch an update to the TOE: config terminal image fetch 3. After the update has been fetched, enter the following commands on the TOE to initiate the update: image install <FILENAME> install-boot image boot next 4. If prompted to save modified configuration, answer yes. 5. Once the TOE reboots, enter the write memory command. 17 P a g e
19 7.7.4 Downloading and Installing the New Image (WebGUI) On the WebGUI the following steps must be performed in order to download and install the new image. 1. Authenticate to the TOE via the WebGUI as an Admin user 2. Click on Settings > Reboot and Upgrade > Images 3. Click on New 4. Choose the install from local file option if installing from the local file server and select choose file 5. Alternatively if installing from the Gigamon or local update server, choose the Install from url option and provide the url Rebooting TOE (CLI) Once the image has been installed, the TOE must be rebooted for the new image to take effect and become the executing image. On the CLI this is achieved by using the following command: Reload Once the TOE fully reboots, the new version of the software can be checked by performing the steps of section or above Rebooting the TOE (WebGUI) On the WebGUI the Admin user must navigate to the Settings > Reboot and Upgrade > Reboot screen. Once the TOE fully reboots, the new version of the software can be checked by performing the steps of section or above Actions to be Taken Upon Failure The software image for the TOE contains a digital signature. If an attempt is made to download and install an illegitimate update, the Admin user must obey the verification warning from the TOE that the digital signature has failed and reject the software image by not installing. The Admin user can attempt to repeat the process to determine if the error condition disappears. However if the error continues then the attempts to perform a software update should be halted. 8 Auditing In order to be compliant with Common Criteria, GigaVUE must audit the events in the table below. The audit records that GigaVUE creates include the date and time, outcome of the event, event type, subject identity and the source of the event. Auditing is turned on and off by using the logging command, refer to Section 6.4 for more information. The show log or show logs command displays audit information. It is possible to use regular expressions in the show log command to restrict the search. 18 P a g e
20 Component Event Additional Information Audit Examples FAU_GEN.1 Startup and shutdown of audit functions Startup of audit functions: Nov 5 17:15:59 GigaVUE-HD mgmtd[1957]: [mgmtd.info]: Config change ID 8: requested by: user admin (System Administrator) via CLI, 1 item(s) changed Nov 5 17:15:59 GigaVUE-HD mgmtd[1957]: [mgmtd.info]: Config change ID 8: item 1: CLI command log level changed from "none" to "info" Shutdown of audit functions: FCS_TLS_EX T.1 Failure to establish an TLS session Establishme nt/terminati on of a TLS session. Reason for failure. Non-TOE endpoint of connection (IP address) for both successes and failures. Nov 5 17:07:44 GigaVUE-HD cli[2441]: [cli.info]: user admin: Executing command: logging level cli commands none Failure to establish session (TLS): Jan 27 17:05:12 GigamonHD4 httpd[20125]: [Wed Jan 27 17:05: ] [notice] [client ] Connection to child 7 established (server GigamonHD4:443) Jan 27 17:05:12 GigamonHD4 httpd[20125]: [Wed Jan 27 17:05: ] [error] [client ] (70014)End of file found: SSL handshake interrupted by system [Hint: No shared ciphers or stop button pressed in browser?!] Jan 27 17:05:12 GigamonHD4 httpd[20125]: [Wed Jan 27 17:05: ] [notice] [client ] Connection closed to child 7 with abortive shutdown (server GigamonHD4:443) Session establishment (TLS): Jan 27 16:59:37 GigamonHD4 httpd[20123]: [Wed Jan 27 16:59: ] [notice] [client ] Connection to child 3 established (server GigamonHD4:443) Jan 27 16:59:37 GigamonHD4 httpd[20123]: [Wed Jan 27 16:59: ] [notice] [client ] Connection to child 3 completed successfully (server GigamonHD4:443) Session termination (TLS): Jan 27 16:59:37 GigamonHD4 httpd[20123]: [Wed Jan 27 16:59: ] [notice] [client ] Connection closed to child 3 with standard shutdown (server GigamonHD4:443) FCS_SSH_EX Failure to Reason for failure. Failure to establish SSH session: 19 P a g e
21 T.1 establish an SSH session Establishme nt/terminati on of an SSH session. Non-TOE endpoint of connection (IP address) for both successes and failures. Nov 4 14:07:44 GigaVUE-HD sshd[4691]: Connection from port Nov 4 14:07:44 GigaVUE-HD sshd[4691]: fatal: Unable to negotiate a key exchange method [preauth] Nov 4 14:08:28 GigaVUE-HD sshd[4714]: Connection from port Nov 4 14:08:28 GigaVUE-HD sshd[4714]: fatal: no matching mac found: client hmac-md5 server hmacsha1,hmac-sha2-256,hmac-sha2-512 [preauth] Nov 4 14:09:06 GigaVUE-HD sshd[4737]: Connection from port Nov 4 14:09:06 GigaVUE-HD sshd[4737]: fatal: no matching cipher found: client 3des-cbc server aes128- cbc,aes256-cbc [preauth] Session establishment (SSH): Nov 4 13:24:20 GigaVUE-HD sshd[3753]: Connection from port Session termination (SSH): FCS_HTTPS_ EXT.1 Failure to establish an HTTPS session. Establishme nt/terminati on of an HTTPS session. Reason for failure. Non-TOE endpoint of connection (IP address) for both successes and failures. Nov 4 13:24:51 GigaVUE-HD sshd[3753]: Connection closed by [preauth] Failure to establish session (HTTPS): Refer to 'Audit log(s) for FCS_TLS_EXT.1' Session establishment (HTTPS): Jan 27 16:59:37 GigamonHD4 httpd[20123]: [Wed Jan 27 16:59: ] [notice] [client ] Connection to child 3 established (server GigamonHD4:443) Jan 27 16:59:37 GigamonHD4 httpd[20123]: [Wed Jan 27 16:59: ] [notice] [client ] Connection to child 3 completed successfully (server GigamonHD4:443) Session termination (HTTPS): Nov 4 13:20:04 GigaVUE-HD ugwd[2088]: [ugwd.info]: ugwd_release_session_ptr: sessions IIj5UbD9HXxluUE5IqvnBxxRCheg67fQWLpBeD35 BEBmAAg= count 0 logout 1 Nov 4 13:20:04 GigaVUE-HD ugwd[2088]: [ugwd.info]: session 1: closing for peer mgmtd user 20 P a g e
22 i: (0/0) 0 Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]: [mgmtd.info]: session 37: closing for peer ugwc user admin (0/0) 1 Nov 4 13:20:04 GigaVUE-HD wsmd[2078]: [wsmd.notice]: User admin (System Administrator) from logged out of Web UI Nov 4 13:20:04 GigaVUE-HD wsmd[2078]: [wsmd.info]: session 1: closing for peer mgmtd user i: (0/0) 0 Nov 4 13:20:04 GigaVUE-HD wsmd[2078]: [wsmd.info]: Web session 8 closed Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]: [mgmtd.info]: EVENT: /mgmtd/session/events/logout Nov 4 13:20:04 GigaVUE-HD wsmd[2078]: [wsmd.info]: Recording web logout of user admin on device /dev/web/8 Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]: [mgmtd.info]: Calling internal interest callback for event /mgmtd/session/events/logout Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]: [mgmtd.info]: Calling internal interest callback for event /mgmtd/session/events/logout Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]: [mgmtd.notice]: User admin: logout from through trusted ugwc.8 channel. Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]: [mgmtd.info]: session 36: closing for peer wsmd user admin (0/0) 1 Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]: [mgmtd.info]: EVENT: /mgmtd/session/events/logout Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]: [mgmtd.info]: Calling internal interest callback for event /mgmtd/session/events/logout Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]: [mgmtd.info]: Calling internal interest callback for event /mgmtd/session/events/logout Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]: [mgmtd.notice]: User admin: logout from 21 P a g e
23 through trusted web channel. Nov 4 13:20:08 GigaVUE-HD gsd[2079]: [gsd.info]: gsd_mon_handle_get(), gsd_mgmt.c:422: bname: /gv/internal/state/liveness/gsd Local console login: Oct 29 02:50:25 GigaVUE-HD mgmtd[2115]: [mgmtd.notice]: User admin (local user admin) authentication method: local Oct 29 02:50:25 GigaVUE-HD mgmtd[2115]: [mgmtd.notice]: User admin: login from local through trusted cli channel. GUI login: Oct 29 04:59:16 GigaVUE-HD <EF><BB><BF><14>tornado.login: [INFO]: user admin attempting login from Oct 29 04:59:16 GigaVUE-HD wsmd[2237]: [wsmd.info]: Web session 13 created Oct 29 04:59:16 GigaVUE-HD wsmd[2237]: [wsmd.info]: Recording web login of user admin on device /dev/web/13 FIA_UIA_EX T.1 All use of the identificatio n and authenticati on mechanism. Provided user identity, origin of the attempt (e.g., IP address). Oct 29 04:59:17 GigaVUE-HD mgmtd[2115]: [mgmtd.info]: Opened session: 73 Oct 29 04:59:17 GigaVUE-HD mgmtd[2115]: [mgmtd.info]: session 73: opened for client wsmd user admin (0/0) 1 Oct 29 04:59:17 GigaVUE-HD wsmd[2237]: [wsmd.info]: session 1: client open for peer mgmtd (local name wsmd ) Oct 29 04:59:17 GigaVUE-HD mgmtd[2115]: [mgmtd.info]: TRUSTED_AUTH_INFO (user admin/admin): validated OK LDAP GUI login: Oct 29 05:06:04 GigaVUE-HD <EF><BB><BF><14>tornado.login: [INFO]: user testuser1 attempting login from Oct 29 05:06:09 GigaVUE-HD wsmd[2237]: [wsmd.info]: Web session 14 created Oct 29 05:06:09 GigaVUE-HD wsmd[2237]: [wsmd.info]: Recording web login of user admin on device /dev/web/14 Oct 29 05:06:09 GigaVUE-HD mgmtd[2115]: [mgmtd.info]: Opened session: P a g e
24 Oct 29 05:06:09 GigaVUE-HD mgmtd[2115]: [mgmtd.info]: session 75: opened for client wsmd user testuser1 (0/0) 1 Oct 29 05:06:09 GigaVUE-HD wsmd[2237]: [wsmd.notice]: User testuser1 local user admin (System Administrator) logged into Web UI from Oct 29 05:06:09 GigaVUE-HD mgmtd[2115]: [mgmtd.info]: TRUSTED_AUTH_INFO (user testuser1/admin): validated OK Oct 29 05:06:09 GigaVUE-HD ugwd[2247]: [ugwd.info]: remote user id: testuser1, local user id: admin Oct 29 05:06:09 GigaVUE-HD mgmtd[2115]: [mgmtd.notice]: User testuser1 (local user admin) authentication method: ldap SSH login using public key: Jan 27 12:57:39 GigamonHD4 sshd[18546]: Connection from port Jan 27 12:57:41 GigamonHD4 sshd[18546]: Found matching RSA key: de:2c:f2:4b:e6:f7:37:5e:41:18:96:c3:51:27:59:5a:09:3 c:47:c9 [SHA-1] Jan 27 12:57:41 GigamonHD4 sshd[18546]: Postponed publickey for cctl from port ssh2 [preauth] Jan 27 12:57:41 GigamonHD4 sshd[18546]: Found matching RSA key: de:2c:f2:4b:e6:f7:37:5e:41:18:96:c3:51:27:59:5a:09:3 c:47:c9 [SHA-1] Jan 27 12:57:41 GigamonHD4 sshd[18546]: Accepted publickey for cctl from port ssh2 Jan 27 12:57:41 GigamonHD4 sshd[18546]: User cctl logged in via ssh2 from SSH login using password: Oct 29 02:58:04 GigaVUE-HD sshd[3477]: Connection from port Oct 29 02:58:11 GigaVUE-HD sshd[3477]: Accepted keyboard-interactive/pam for admin from port ssh2 Oct 29 02:58:11 GigaVUE-HD sshd[3477]: User 23 P a g e
25 admin (System Administrator) logged in via ssh2 from FIA_UAU_E XT.2 All use of the authenticati on mechanism. Origin of the attempt (e.g., IP address). See FIA_UIA_EXT.1 CLI Changes to time: Nov 4 13:43:10 GigaVUE-HD cli[4166]: [cli.info]: user admin: Executing command: show clock Nov 4 13:43:14 GigaVUE-HD cli[3985]: [cli.info]: user admin: Executing command: show log Nov 4 13:43:36 GigaVUE-HD cli[4166]: [cli.info]: user admin: Getting command line help: "clock set 13:44:00?" Nov 4 13:43:41 GigaVUE-HD cli[4166]: [cli.info]: user admin: Executing command: clock set 13:44: /11/04 Nov 4 13:43:41 GigaVUE-HD mgmtd[1954]: [mgmtd.info]: Action ID 27: requested by: user admin (System Administrator) via CLI FPT_STM.1 Changes to the time. The old and new values for the time. Origin of the attempt (e.g., IP address). Nov 4 13:43:41 GigaVUE-HD mgmtd[1954]: [mgmtd.info]: Action ID 27: descr: system clock: set date and time Nov 4 13:43:41 GigaVUE-HD mgmtd[1954]: [mgmtd.info]: Action ID 27: param: date and time: 2015/11/04 13:44:00 Nov 4 13:44:00 GigaVUE-HD pm[1953]: [pm.info]: Restarting process crond (Cron Daemon) from RUNNING state GUI changes to time: Jan 27 15:15:03 GigamonHD4 mgmtd[1944]: [mgmtd.info]: Action ID 51: descr: system clock: set date and time Jan 27 15:15:03 GigamonHD4 mgmtd[1944]: [mgmtd.info]: Action ID 51: param: date and time: 2015/01/27 19:14:48 Jan 27 19:14:48 GigamonHD4 pm[1943]: [pm.info]: Restarting process crond (Cron Daemon) from RUNNING state Jan 27 19:14:48 GigamonHD4 pm[1943]: [pm.notice]: Terminating process crond (Cron 24 P a g e
26 Daemon) NTP changes to time: Nov 16 16:07:49 gigamon-20016a ntpd[3114]: synchronized to , stratum 1 FPT_TUD_E XT.1 Initiation of update. No additional information Nov 18 18:18:04 gigamon-20016a ntpd[3114]: time reset s Initiation of update (CLI): Nov 2 12:27:53 GigaVUE-HD cli[2377]: [cli.info]: user admin: Executing command: image install hdccv2_ img install-boot Nov 2 12:27:53 GigaVUE-HD cli[2377]: [cli.info]: user admin: Tracking progress on operation ID cli Nov 2 12:27:53 GigaVUE-HD mgmtd[1943]: [mgmtd.info]: Action ID 8: requested by: user admin (System Administrator) via CLI Nov 2 12:27:53 GigaVUE-HD mgmtd[1943]: [mgmtd.info]: Action ID 8: descr: install system software image Nov 2 12:27:53 GigaVUE-HD mgmtd[1943]: [mgmtd.info]: Action ID 8: param: image filename: hdccv2_ img, version: GigaVUE-OS hd_4402_bah # :41:06 ppc gvcc2 build_master@jenkins-slave021:svn57106 Initiation of update (GUI): Oct 30 10:48:02 GigaVUE-HD ugwd[2085]: [ugwd.info]: :wsmd_user_id: admin, and wsmd_local_user_id :admin Oct 30 10:48:02 GigaVUE-HD mgmtd[1949]: [mgmtd.info]: Action ID 7: requested by: user admin (System Administrator) via ugwc-2085 Oct 30 10:48:02 GigaVUE-HD mgmtd[1949]: [mgmtd.info]: Action ID 7: descr: install system software image FTA_SSL_EX T.1 Any attempts at unlocking No additional information. Oct 30 10:48:02 GigaVUE-HD mgmtd[1949]: [mgmtd.info]: Action ID 7: param: image filename: hdccv2_ img, version: GigaVUE-OS hd_4402_bah # :41:06 ppc gvcc2 build_master@jenkins-slave021:svn57106 Session termination due to inactivity (local console): 25 P a g e
27 FTA_SSL.3 of an interactive session. The termination of a remote session by the session locking mechanism. No additional information. Oct 28 20:00:42 GigaVUE-HD cli[10349]: [cli.notice]: user admin: Inactive for 3 minutes -- automatically logging out Session termination due to inactivity (remote CLI): Oct 28 18:32:51 GigaVUE-HD cli[8386]: [cli.notice]: user admin: Inactive for 3 minutes -- automatically logging out Session termination due to inactivity (remote WebGUI): FTA_SSL.4 The termination of an interactive session. No additional information. Oct 28 19:20:33 GigaVUE-HD wsmd[2237]: [wsmd.info]: Web session 21 timed out due to inactivity Manual session termination by admin (local console): Oct 29 11:10:22 GigaVUE-HD cli[29757]: [cli.info]: user admin: Executing command: exit Oct 29 11:10:22 GigaVUE-HD mgmtd[2115]: [mgmtd.notice]: User admin: logout from local through trusted cli channel. Oct 29 11:10:22 GigaVUE-HD cli[29757]: [cli.info]: user admin: session 1: closing, but already closed Oct 29 11:10:22 GigaVUE-HD cli[29757]: [cli.notice]: user admin: CLI exiting Oct 29 11:10:22 GigaVUE-HD login: pam_unix(login:session): session closed for user admin Manual session termination by admin (remote CLI): Oct 29 11:13:20 GigaVUE-HD cli[29837]: [cli.info]: user admin: Executing command: exi Oct 29 11:13:20 GigaVUE-HD mgmtd[2115]: [mgmtd.notice]: User admin: logout from through trusted cli channel. Oct 29 11:13:20 GigaVUE-HD cli[29837]: [cli.info]: user admin: session 1: closing, but already closed Oct 29 11:13:20 GigaVUE-HD cli[29837]: [cli.notice]: user admin: CLI exiting Oct 29 11:13:20 GigaVUE-HD sshd[29832]: Connection closed by P a g e
28 Oct 29 11:13:20 GigaVUE-HD sshd[29832]: pam_unix(sshd:session): session closed for user admin Oct 29 11:13:20 GigaVUE-HD sshd[29832]: Transferred: sent 3408, received 3056 bytes Oct 29 11:13:20 GigaVUE-HD sshd[29832]: Closing connection to port Manual session termination by admin (remote WebGUI): Oct 29 11:17:47 GigaVUE-HD ugwd[2247]: [ugwd.info]: ugwd_release_session_ptr: sessions IKklQOWsG3GsGsAHUT7LronYyFy54sZej6VCAhc ZgCYCABs= count 0 logout 1 Oct 29 11:17:47 GigaVUE-HD ugwd[2247]: [ugwd.info]: session 1: closing for peer mgmtd user i: (0/0) 0 Oct 29 11:17:47 GigaVUE-HD mgmtd[2115]: [mgmtd.info]: session 129: closing for peer ugwc user admin (0/0) 1 Oct 29 11:17:47 GigaVUE-HD wsmd[2237]: [wsmd.notice]: User admin (System Administrator) from logged out of Web UI Oct 29 11:17:47 GigaVUE-HD wsmd[2237]: [wsmd.info]: session 1: closing for peer mgmtd user i: (0/0) 0 FTP_ITC.1 Initiation of the trusted channel. Termination of the trusted channel. Failure of the trusted channel functions. Identification of the initiator and target of failed trusted channels establishment attempt. Oct 29 11:17:47 GigaVUE-HD wsmd[2237]: [wsmd.info]: Web session 27 closed Initiation & termination of the trusted channel (HTTPS update web server): Nov 2 12:27:06 GigaVUE-HD cli[2377]: [cli.info]: user admin: Executing command: image fetch Nov 2 12:27:06 GigaVUE-HD cli[2377]: [cli.info]: user admin: Tracking progress on operation ID cli Nov 2 12:27:06 GigaVUE-HD mgmtd[1943]: [mgmtd.info]: Action ID 7: requested by: user admin (System Administrator) via CLI Nov 2 12:27:06 GigaVUE-HD mgmtd[1943]: [mgmtd.info]: Action ID 7: descr: download file Nov 2 12:27:30 GigaVUE-HD progress[2401]: 27 P a g e
McAfee Firewall Enterprise 8.2.1
Configuration Guide FIPS 140 2 Revision A McAfee Firewall Enterprise 8.2.1 The McAfee Firewall Enterprise FIPS 140 2 Configuration Guide, version 8.2.1, provides instructions for setting up McAfee Firewall
More informationThe SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.
WatchGuard SSL v3.2 Release Notes Supported Devices SSL 100 and 560 WatchGuard SSL OS Build 355419 Revision Date January 28, 2013 Introduction WatchGuard is pleased to announce the release of WatchGuard
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationDeploying Blue Coat and FireEye Inline with Gigamon
Deploying Blue Coat and FireEye Inline with Gigamon COPYRIGHT Copyright 2015 Gigamon. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval
More informationSmart Card Authentication. Administrator's Guide
Smart Card Authentication Administrator's Guide October 2012 www.lexmark.com Contents 2 Contents Overview...4 Configuring the applications...5 Configuring printer settings for use with the applications...5
More informationMcAfee Firewall Enterprise 8.3.1
Configuration Guide Revision A McAfee Firewall Enterprise 8.3.1 FIPS 140-2 The McAfee Firewall Enterprise FIPS 140-2 Configuration Guide, version 8.3.1, provides instructions for setting up McAfee Firewall
More informationPT Activity: Configure Cisco Routers for Syslog, NTP, and SSH Operations
PT Activity: Configure Cisco Routers for Syslog, NTP, and SSH Operations Instructor Version Topology Diagram Addressing Table Device Interface IP Address Subnet Mask Default Gateway Switch Port R1 FA0/1
More informationNSi Mobile Installation Guide. Version 6.2
NSi Mobile Installation Guide Version 6.2 Revision History Version Date 1.0 October 2, 2012 2.0 September 18, 2013 2 CONTENTS TABLE OF CONTENTS PREFACE... 5 Purpose of this Document... 5 Version Compatibility...
More informationF-Secure Messaging Security Gateway. Deployment Guide
F-Secure Messaging Security Gateway Deployment Guide TOC F-Secure Messaging Security Gateway Contents Chapter 1: Deploying F-Secure Messaging Security Gateway...3 1.1 The typical product deployment model...4
More informationDell OpenManage Mobile Version 1.4 User s Guide (Android)
Dell OpenManage Mobile Version 1.4 User s Guide (Android) Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION
More informationNetworking Guide Redwood Manager 3.0 August 2013
Networking Guide Redwood Manager 3.0 August 2013 Table of Contents 1 Introduction... 3 1.1 IP Addresses... 3 1.1.1 Static vs. DHCP... 3 1.2 Required Ports... 4 2 Adding the Redwood Engine to the Network...
More informationGigabyte Content Management System Console User s Guide. Version: 0.1
Gigabyte Content Management System Console User s Guide Version: 0.1 Table of Contents Using Your Gigabyte Content Management System Console... 2 Gigabyte Content Management System Key Features and Functions...
More informationGigabyte Management Console User s Guide (For ASPEED AST 2400 Chipset)
Gigabyte Management Console User s Guide (For ASPEED AST 2400 Chipset) Version: 1.4 Table of Contents Using Your Gigabyte Management Console... 3 Gigabyte Management Console Key Features and Functions...
More informationSystem Area Manager. Remote Management
System Area Manager Remote Management Remote Management System Area Manager provides remote management functions for its managed systems, including Wake on LAN, Shutdown, Restart, Remote Console and for
More informationSetup Cisco Call Manager on VMware
created by: Rainer Bemsel Version 1.0 Dated: July/09/2011 The purpose of this document is to provide the necessary steps to setup a Cisco Call Manager to run on VMware. I ve been researching for a while
More informationZyWALL 5. Internet Security Appliance. Quick Start Guide Version 3.62 (XD.0) May 2004
ZyWALL 5 Internet Security Appliance Quick Start Guide Version 3.62 (XD.0) May 2004 Introducing the ZyWALL The ZyWALL 5 is the ideal secure gateway for all data passing between the Internet and the LAN.
More informationAdministering the Network Analysis Module. Cisco IOS Software. Logging In to the NAM with Cisco IOS Software CHAPTER
CHAPTER 4 How you administer the NAM on your Catalyst 6500 series switch or Cisco 7600 series router depends on whether you are using the Cisco IOS software or the Catalyst operating system software. Several
More informationSSL VPN. Virtual Appliance Installation Guide. Virtual Private Networks
SSL VPN Virtual Appliance Installation Guide Virtual Private Networks C ONTENTS Introduction... 2 Installing the Virtual Appliance... 2 Configuring Appliance Operating System Settings... 3 Setting up the
More informationWatchGuard SSL v3.2 Update 1 Release Notes. Introduction. Windows 8 and 64-bit Internet Explorer Support. Supported Devices SSL 100 and 560
WatchGuard SSL v3.2 Update 1 Release Notes Supported Devices SSL 100 and 560 WatchGuard SSL OS Build 445469 Revision Date 3 April 2014 Introduction WatchGuard is pleased to announce the release of WatchGuard
More informationFile Transfers. Contents
A File Transfers Contents Overview..................................................... A-2................................... A-2 General Switch Software Download Rules..................... A-3 Using
More informationDEPLOYMENT GUIDE. This document gives a brief overview of deployment preparation, installation and configuration of a Vectra X-series platform.
This document gives a brief overview of deployment preparation, installation and configuration of a Vectra X-series platform. Traffic Requirements The Vectra X-series platform detects threats and attacks
More informationStorSimple Appliance Quick Start Guide
StorSimple Appliance Quick Start Guide 5000 and 7000 Series Appliance Software Version 2.1.1 (2.1.1-267) Exported from Online Help on September 15, 2012 Contents Getting Started... 3 Power and Cabling...
More informationASA 8.x: VPN Access with the AnyConnect VPN Client Using Self Signed Certificate Configuration Example
ASA 8.x: VPN Access with the AnyConnect VPN Client Using Self Signed Certificate Configuration Example Document ID: 99756 Contents Introduction Prerequisites Requirements Components Used Conventions Background
More informationImplementing Secure Shell
Secure Shell (SSH) is an application and a protocol that provides a secure replacement to the Berkeley r-tools. The protocol secures sessions using standard cryptographic mechanisms, and the application
More informationSecure Access Complete Visibility
PACKET CAPTURE APPLIANCE PACKET CAPTURE APPLIANCE PACKET CAPTURE APPLIANCE PACKET CAPTURE APPLIANCE Intrusion Detection Switch TAP Data Recorder VoIP Analyzer Switch Secure Access Complete Visibility Web
More informationSecurity Configuration Guide P/N 300-010-493 Rev A05
EMC VPLEX Security Configuration Guide P/N 300-010-493 Rev A05 June 7, 2011 This guide provides an overview of VPLEX security configuration settings, including secure deployment and usage settings needed
More informationActive Directory Management. Agent Deployment Guide
Active Directory Management Agent Deployment Guide Document Revision Date: June 12, 2014 Active Directory Management Deployment Guide i Contents System Requirements...1 Hardware Requirements...1 Installation...3
More informationThis chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:
CHAPTER 1 SAML Single Sign-On This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: Junos Pulse Secure Access
More informationCisco ISE Command-Line Interface
This chapter provides information on the Cisco Identity Services Engine (Cisco ISE) command-line interface (CLI) that you can use to configure and maintain Cisco ISE. Cisco ISE Administration and Configuration
More informationBackup and Recovery Procedures
CHAPTER 10 This chapter provides Content Distribution Manager database backup and ACNS software recovery procedures. This chapter contains the following sections: Performing Backup and Restore Operations
More informationManaging Software and Configurations
55 CHAPTER This chapter describes how to manage the ASASM software and configurations and includes the following sections: Saving the Running Configuration to a TFTP Server, page 55-1 Managing Files, page
More informationBasic System. Vyatta System. REFERENCE GUIDE Using the CLI Working with Configuration System Management User Management Logging VYATTA, INC.
VYATTA, INC. Vyatta System Basic System REFERENCE GUIDE Using the CLI Working with Configuration System Management User Management Logging Vyatta Suite 200 1301 Shoreway Road Belmont, CA 94002 vyatta.com
More informationInstalling, Uninstalling, and Upgrading Service Monitor
CHAPTER 2 Installing, Uninstalling, and Upgrading Service Monitor This section contains the following topics: Preparing to Install Service Monitor, page 2-1 Installing Cisco Unified Service Monitor, page
More informationLab 8.3.1.2 Configure Basic AP Security through IOS CLI
Lab 8.3.1.2 Configure Basic AP Security through IOS CLI Estimated Time: 30 minutes Number of Team Members: Students will work in teams of two. Objective In this lab, the student will learn the following
More informationA Guide to New Features in Propalms OneGate 4.0
A Guide to New Features in Propalms OneGate 4.0 Propalms Ltd. Published April 2013 Overview This document covers the new features, enhancements and changes introduced in Propalms OneGate 4.0 Server (previously
More informationAdministering Cisco ISE
CHAPTER 8 This chapter describes the administrative activities for the Cisco Identity Services Engine (ISE) and how to perform them. The following topics are covered: Logging In, page 8-1 System Time and
More informationMcAfee Firewall Enterprise
Hardware Guide Revision C McAfee Firewall Enterprise S1104, S2008, S3008 The McAfee Firewall Enterprise Hardware Product Guide describes the features and capabilities of appliance models S1104, S2008,
More informationSmart Card Authentication Client. Administrator's Guide
Smart Card Authentication Client Administrator's Guide April 2013 www.lexmark.com Contents 2 Contents Overview...3 Configuring Smart Card Authentication Client...4 Configuring printer settings for use
More informationSSL... 2 2.1. 3 2.2. 2.2.1. 2.2.2. SSL VPN
1. Introduction... 2 2. Remote Access via SSL... 2 2.1. Configuration of the Astaro Security Gateway... 3 2.2. Configuration of the Remote Client...10 2.2.1. Astaro User Portal: Getting Software and Certificates...10
More informationSecurity Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0
Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features
More informationACS 5.x and later: Integration with Microsoft Active Directory Configuration Example
ACS 5.x and later: Integration with Microsoft Active Directory Configuration Example Document ID: 113571 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information
More informationCreating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client
A P P L I C A T I O N N O T E Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client This application note describes how to set up a VPN connection between a Mac client and a Sidewinder
More informationUpgrading Redwood Engine Software. Version 2.0.x to 3.1.0
Upgrading Redwood Engine Software Version 2.0.x to 3.1.0 December 2013 APP NOTE Table of Contents 1 Introduction... 3 1.1 Backing Up the Redwood Engine Configuration, Statistics, and Log Files... 3 2 Checking
More informationNEFSIS DEDICATED SERVER
NEFSIS TRAINING SERIES Nefsis Dedicated Server version 5.2.0.XXX (DRAFT Document) Requirements and Implementation Guide (Rev5-113009) REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER Nefsis
More informationCCNA Security. Chapter Two Securing Network Devices. 2009 Cisco Learning Institute.
CCNA Security Chapter Two Securing Network Devices 1 The Edge Router What is the edge router? - The last router between the internal network and an untrusted network such as the Internet - Functions as
More informationConfiguring Security Features of Session Recording
Configuring Security Features of Session Recording Summary This article provides information about the security features of Citrix Session Recording and outlines the process of configuring Session Recording
More informationTivoli Endpoint Manager for Remote Control Version 8 Release 2. User s Guide
Tivoli Endpoint Manager for Remote Control Version 8 Release 2 User s Guide Tivoli Endpoint Manager for Remote Control Version 8 Release 2 User s Guide Note Before using this information and the product
More informationVirtual Appliance Setup Guide
The Barracuda SSL VPN Vx Virtual Appliance includes the same powerful technology and simple Web based user interface found on the Barracuda SSL VPN hardware appliance. It is designed for easy deployment
More informationUnified Access Point Administrator's Guide
Unified Access Point Administrator's Guide Product Model: DWL-3600AP DWL-6600AP DWL-8600AP Unified Wired & Wireless Access System Release 2.0 November 2011 Copyright 2011. All rights reserved. November
More information50-Port 10/100/1000Mbps with 4 Shared SFP. Managed Gigabit Switch WGSW-50040. Quick Installation Guide
50-Port 10/100/1000Mbps with 4 Shared SFP Managed Gigabit Switch WGSW-50040 Quick Installation Guide Table of Contents 1. Package Content... 3 2. Switch Management... 4 3. Requirements... 5 4. Terminal
More informationOnCommand Performance Manager 1.1
OnCommand Performance Manager 1.1 Installation and Setup Guide For Red Hat Enterprise Linux NetApp, Inc. 495 East Java Drive Sunnyvale, CA 94089 U.S. Telephone: +1 (408) 822-6000 Fax: +1 (408) 822-4501
More informationReboot the ExtraHop System and Test Hardware with the Rescue USB Flash Drive
Reboot the ExtraHop System and Test Hardware with the Rescue USB Flash Drive This guide explains how to create and use a Rescue USB flash drive to reinstall and recover the ExtraHop system. When booting
More informationGX-V. Quick Start Guide. VMware vsphere / vsphere Hypervisor. Before You Begin SUMMARY OF TASKS WORKSHEET
If you re not using VMware vsphere Client 4.0, your screens may vary. GX-V VIRTUAL GMS SERVER VMware vsphere / vsphere Hypervisor 2012 Silver Peak Systems, Inc. Before You Begin Comply with the GX-V Host
More informationSD-T225/SD-T245 ViewSonic Device Manager Pro User Guide
SD-T225/SD-T245 ViewSonic Device Manager Pro User Guide Copyright and Trademark Statements 2015 ViewSonic Corporation. All rights reserved. This document contains proprietary information that is protected
More informationSet Up Panorama. Palo Alto Networks. Panorama Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks
Set Up Panorama Palo Alto Networks Panorama Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
More informationMaintaining the Content Server
CHAPTER 7 This chapter includes the following Content Server maintenance procedures: Backing Up the Content Server, page 7-1 Restoring Files, page 7-3 Upgrading the Content Server, page 7-5 Shutting Down
More informationDecryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks
Decryption Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
More informationGX-V. Quick Start Guide. Microsoft Hyper-V Hypervisor. Before You Begin SUMMARY OF TASKS. Before You Begin WORKSHEET VIRTUAL GMS SERVER
Quick Start Guide GX-V VIRTUAL GMS SERVER Microsoft Hyper-V Hypervisor 2012 Silver Peak Systems, Inc. Before You Begin Windows 2008 server installed and Hyper-V is running Hyper-V management software is
More informationPrestige 314 Read Me First
Prestige 314 Read Me First Console WAN 10M PORT Prestige Rear Panel Connections CONNECTION Use an RS-232 console cable. Use the cable that came with your broadband modem. LAN 10/100M Port Number COMPUTER
More informationConfiguring Secure Socket Layer (SSL)
7 Configuring Secure Socket Layer (SSL) Contents Overview...................................................... 7-2 Terminology................................................... 7-3 Prerequisite for Using
More informationLifeSize Video Communications Systems Administrator Guide
LifeSize Video Communications Systems Administrator Guide November 2009 Copyright Notice 2005-2009 LifeSize Communications Inc, and its licensors. All rights reserved. LifeSize Communications has made
More informationSharp Remote Device Manager (SRDM) Server Software Setup Guide
Sharp Remote Device Manager (SRDM) Server Software Setup Guide This Guide explains how to install the software which is required in order to use Sharp Remote Device Manager (SRDM). SRDM is a web-based
More informationGrandstream Networks, Inc. UCM6100 Security Manual
Grandstream Networks, Inc. UCM6100 Security Manual Index Table of Contents OVERVIEW... 3 WEB UI ACCESS... 4 UCM6100 HTTP SERVER ACCESS... 4 PROTOCOL TYPE... 4 USER LOGIN... 4 LOGIN TIMEOUT... 5 TWO-LEVEL
More informationIntroduction to Mobile Access Gateway Installation
Introduction to Mobile Access Gateway Installation This document describes the installation process for the Mobile Access Gateway (MAG), which is an enterprise integration component that provides a secure
More informationERserver. iseries. Secure Sockets Layer (SSL)
ERserver iseries Secure Sockets Layer (SSL) ERserver iseries Secure Sockets Layer (SSL) Copyright International Business Machines Corporation 2000, 2002. All rights reserved. US Government Users Restricted
More informationFIPS 140 2 Non Proprietary Security Policy: IBM Internet Security Systems Proventia GX Series Security
FIPS 140 2 Non Proprietary Security Policy IBM Internet Security Systems Proventia GX Series Security Document Version 1.2 January 31, 2013 Document Version 1.2 IBM Internet Security Systems Page 1 of
More informationInstalling and Configuring vcloud Connector
Installing and Configuring vcloud Connector vcloud Connector 2.0.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationBaseManager & BACnet Manager VM Server Configuration Guide
BaseManager & BACnet Manager VM Server Configuration Guide For Self-Hosted BaseManager & BACnet Manager Servers Deployed as Virtual Machines August 27, 2015 Customer Service 1-866-294-5847 i Baseline Inc.
More informationVMware vcenter Log Insight Security Guide
VMware vcenter Log Insight Security Guide vcenter Log Insight 2.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationSecurity Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2
BlackBerry Enterprise Service 10 BlackBerry Device Service Solution Version: 10.2 Security Technical Overview Published: 2014-09-10 SWD-20140908123239883 Contents 1 About BlackBerry Device Service solution
More informationBasic Configuration of the Cisco 12000 Series Internet Router
CHAPTER 2 Basic Configuration of the Cisco 12000 Series Internet Router This chapter describes how to boot and configure the Cisco 12000 Series Internet Router. It discusses the following subjects: Cisco
More informationCloud Services ADM. Agent Deployment Guide
Cloud Services ADM Agent Deployment Guide 10/15/2014 CONTENTS System Requirements... 1 Hardware Requirements... 1 Installation... 2 SQL Connection... 4 AD Mgmt Agent... 5 MMC... 7 Service... 8 License
More informationAAR Test Summary. FireEye CM, FX, EX, and NX Series Appliances
AAR Test Summary FireEye CM, FX, EX, and NX Series Appliances FireEye CM, FX, EX, and NX Series Appliances Series Security Target, version 1.0 Protection Profile for Network Devices (NDPP), version 1.1,
More informationMobility System Software Quick Start Guide
Mobility System Software Quick Start Guide Version 8.0 P/N 530-041387 Rev.05 Table of Contents About this Guide Using the Web Quick Start (WLC2, WLC8, WLC200,WLC800R, and WLC880R) Remotely Configuring
More informationInstalling and Using the vnios Trial
Installing and Using the vnios Trial The vnios Trial is a software package designed for efficient evaluation of the Infoblox vnios appliance platform. Providing the complete suite of DNS, DHCP and IPAM
More informationConfiguring the Switch with the CLI-Based Setup Program
APPENDIX D Configuring the Switch with the CLI-Based Setup Program This appendix provides a command-line interface (CLI)-based setup procedure for a standalone switch. For product overview information,
More informationSonicWALL SRA Virtual Appliance Getting Started Guide
COMPREHENSIVE INTERNET SECURITY SonicWALL Secure Remote Access Appliances SonicWALL SRA Virtual Appliance Getting Started Guide SonicWALL SRA Virtual Appliance5.0 Getting Started Guide This Getting Started
More informationDeployment Guide for Maximum Security Environments Polycom HDX Systems, Version 3.0.5
Polycom HDX Systems, Version 3.0.5 A warning about operating in a maximum security environment The maximum security profile is designed to lock down communications to the most stringent requirements of
More informationQUICK START GUIDE Cisco M380 and Cisco M680 Content Security Management Appliance
QUICK START GUIDE Cisco M380 and Cisco M680 Content Security Management Appliance 1 Welcome 2 Before You Begin 3 Document Network Settings 4 Plan the Installation 5 Install the Appliance in a Rack 6 Plug
More informationConfiguring CSS Remote Access Methods
CHAPTER 11 Configuring CSS Remote Access Methods This chapter describes how to configure the Secure Shell Daemon (SSH), Remote Authentication Dial-In User Service (RADIUS), and the Terminal Access Controller
More informationUser Guide. Cloud Gateway Software Device
User Guide Cloud Gateway Software Device This document is designed to provide information about the first time configuration and administrator use of the Cloud Gateway (web filtering device software).
More informationFIPS 140-2 Security Policy LogRhythm 6.0.4 Log Manager
FIPS 140-2 Security Policy LogRhythm 6.0.4 Log Manager LogRhythm 3195 Sterling Circle, Suite 100 Boulder CO, 80301 USA September 17, 2012 Document Version 1.0 Module Version 6.0.4 Page 1 of 23 Copyright
More informationArchitecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference
Architecture and Data Flow Overview BlackBerry Enterprise Service 10 721-08877-123 Version: Quick Reference Published: 2013-11-28 SWD-20131128130321045 Contents Key components of BlackBerry Enterprise
More informationManagement Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version 1.0.0. 613-001339 Rev.
Management Software AT-S106 Web Browser User s Guide For the AT-GS950/48 Gigabit Ethernet Smart Switch Version 1.0.0 613-001339 Rev. A Copyright 2010 Allied Telesis, Inc. All rights reserved. No part of
More informationHow To Use 1Bay 1Bay From Awn.Net On A Pc Or Mac Or Ipad (For Pc Or Ipa) With A Network Box (For Mac) With An Ipad Or Ipod (For Ipad) With The
1-bay NAS User Guide INDEX Index... 1 Log in... 2 Basic - Quick Setup... 3 Wizard... 3 Add User... 6 Add Group... 7 Add Share... 9 Control Panel... 11 Control Panel - User and groups... 12 Group Management...
More informationChapter 7 Transport-Level Security
Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell
More informationAstaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client
Astaro Security Gateway V8 Remote Access via SSL Configuring ASG and Client 1. Introduction This guide contains complementary information on the Administration Guide and the Online Help. If you are not
More informationIntel Active Management Technology with System Defense Feature Quick Start Guide
Intel Active Management Technology with System Defense Feature Quick Start Guide Introduction...3 Basic Functions... 3 System Requirements... 3 Configuring the Client System...4 Intel Management Engine
More informationIntroduction to Google Apps for Business Integration
Introduction to Google Apps for Business Integration Overview Providing employees with mobile email access can introduce a number of security concerns not addressed by most standard email security infrastructures.
More informationIMM2 Configurations User's Guide Version 1.0 (Jan 2013)
Integrated Management Module II IMM2 Configurations User's Guide Version 1.0 (Jan 2013) Table of Contents Table of Contents... I 1 Introduction... 1 1.1 Definitions... 1 1.2 Related Documents... 1 2 Help
More informationDominion KX II-101-V2
Dominion KX II-101-V2 Quick Setup Guide Thank you for your purchase of the Dominion KX II-101-V2, the economical, full-featured, single-port digital KVM-over-IP device. For details on using the KX II-101-V2,
More informationVirtual Code Authentication User Guide for Administrators
Virtual Code Authentication User Guide for Administrators Virtual Code Authentication - User Guide for Administrators Document No.: 05-001 2001-2015 All rights reserved. Under copyright laws, this document
More informationVMware vcenter Log Insight Getting Started Guide
VMware vcenter Log Insight Getting Started Guide vcenter Log Insight 1.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by
More information- The PIX OS Command-Line Interface -
1 PIX OS Versions - The PIX OS Command-Line Interface - The operating system for Cisco PIX/ASA firewalls is known as the PIX OS. Because the PIX product line was acquired and not originally developed by
More informationHow To Industrial Networking
How To Industrial Networking Prepared by: Matt Crites Product: Date: April 2014 Any RAM or SN 6xxx series router Legacy firmware 3.14/4.14 or lower Subject: This document provides a step by step procedure
More informationCA Performance Center
CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is
More informationEMC Data Protection Search
EMC Data Protection Search Version 1.0 Security Configuration Guide 302-001-611 REV 01 Copyright 2014-2015 EMC Corporation. All rights reserved. Published in USA. Published April 20, 2015 EMC believes
More informationSonian Getting Started Guide October 2008
Sonian Getting Started Guide October 2008 Sonian, Inc. For Authorized Use Only 1 Create your new archiving account 3 Configure your firewall for IMAP collections 4 (Skip this step if you will be using
More informationManaging Users and Identity Stores
CHAPTER 8 Overview ACS manages your network devices and other ACS clients by using the ACS network resource repositories and identity stores. When a host connects to the network through ACS requesting
More informationCHAPTER 7 SSL CONFIGURATION AND TESTING
CHAPTER 7 SSL CONFIGURATION AND TESTING 7.1 Configuration and Testing of SSL Nowadays, it s very big challenge to handle the enterprise applications as they are much complex and it is a very sensitive
More information