Xerox WorkCentre 5632/5638/5645/5655 - Common Criteria
Xerox WorkCentre 5632/5638/5645/5655 - Common Criteria
Xerox WorkCentre 5632/5638/5645/5655 - Common Criteria
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Xerox</strong> <strong>WorkCentre</strong> <strong>5632</strong>/<strong>5638</strong>/<strong>5645</strong>/<strong>5655</strong>/5665/5675/5687<br />
Multifunction Systems Security Target<br />
6.1.3. Authentication (TSF_ AUT)<br />
FIA_UAU.2, FIA_UAU.7, FIA_UID.2, FIA_AFL.1 (AUT 1), FIA_AFL.1 (AUT 2),<br />
FIA_AFL.1 (AUT 3), FMT_SMR.1<br />
The system administrator must authenticate by entering a password prior to being<br />
granted access to the system administration functions (see 6.1.9). While the system<br />
administrator is typing the password , the TOE obscures 7 each character entered to<br />
hide the value entered. Identification of the system administrator at the Local User<br />
Interface is explicit -- the administrator will identify themselves by entering the username<br />
“admin” in the authentication window. Identification of the system administrator at the<br />
Web user Interface is explicit -- the administrator will identify themselves by entering the<br />
username “admin” in the authentication dialog window.<br />
The authentication process will be delayed at the Local User Interface, for 3 minutes if 3<br />
wrong passwords were entered in succession. If a wrong password is entered at the<br />
web interface, the TOE will give an error message that has to acknowledge before<br />
another attempt to complete the authentication process can be made.<br />
There are no more roles than “System Administrator” which can authenticate.<br />
The Web user interface can be configured such that authentication of the system<br />
administrator is based upon individual credentials. If configured for local authentication<br />
the system requires the system administrator to enter a username and password. The<br />
system will authenticate the user against an internal database. Alternatively the system<br />
may be configured such that authentication is performed remotely by the network’s<br />
domain controller. In this case, the SA must enter a valid fully-qualified username and<br />
password. In both cases, privileged user status is granted based upon successful<br />
authentication.<br />
6.1.4. Network Identification (TSF_NET_ID)<br />
FIA_AFL.1 (AUT 3), FIA_UAU.2, FIA_UID.2, FIA_UAU.7<br />
The TOE can prevent unauthorized use of the installed network options (network<br />
scanning, scan-to-email, and LanFax); the network options available are determined<br />
(selectable) by the system administrator. To access a network service, the user is<br />
required to provide a user name and password which is then validated by the<br />
designated authentication server (a trusted remote IT entity). The user is not required to<br />
login to the network; the account is authenticated by the server as a valid user. The<br />
remote authentication services supported by the TOE are: CAC two-factor local<br />
authentication, LDAP v4, Kerberos v5 (Solaris), Kerberos v5 (Windows 2000/2003),<br />
NDS (Novell 4.x, 5.x), and SMB (Windows NT.4x/2000/2003). The cryptography used<br />
by remote authentication services has been scoped out of the evaluation.<br />
7 The LUI obscures input with the asterisk character. The specific character used to obscure input at the WebUI is browser dependent<br />
72<br />
Copyright 2009 <strong>Xerox</strong> Corporation, All rights reserved