CRP-C0266-01
6
Identifier Threat
T.TRANSIT
Attackers may illegally obtain, leak or tamper with
document data or print data sent or received by the TOE
via the internal network.
*Note: The "document and print data sent or received by
the TOE" can exist on the USB interface or telephone
lines; however, obtaining and tampering with data that
is in transit through these media is not considered a
threat.
T.FAX_LINE
Attackers may illegally gain access to the TOE through
telephone lines.
3.1.1.2 Security Function Policies against Threats
The TOE counters the threats shown in Table 3-1 by the following security function policies.
(1) Countermeasures against the threat T.ILLEGAL_USE
T.ILLEGAL_USE in which attackers may read or delete document data by gaining
unauthorised access to the TOE is countered by the user identification and authentication
and the audit as follows.
The TOE requires those who attempt to use the functions (hereafter, operators) to enter their
user IDs and authentication information (hereafter, password). The TOE then verifies the
authenticity of the entered user ID and password. After the TOE verifies the user ID and
password, either 1) or 2) happens:
1) If the TOE does not recognise the user ID and password as valid, the TOE prevents the
operator from using TOE functions. Operator who is authorised to use the TOE has valid
user ID and password, while operator who is unauthorised to use the TOE do not have
any valid user ID and password. Therefore, unauthorised operator is regarded as
unpermitted user for the TOE and they cannot use the TOE functions.
2) If the TOE recognises the entered user ID and password as valid, it identifies the
operator and furthermore, operator role by the user ID. The TOE, in accordance with the
operator (hereafter, user) role that is permitted for the TOE usage, allows the usage of
the TOE functions.
In order to counter spoofing by entering the user ID and password, the TOE has the following
functions
1) If with the same user ID, the number of consecutive unsuccessful attempts to
authenticate reaches the specified Number of Attempts before Lockout, the TOE locks
out that user ID (will not authenticate users with that user ID).
2) When requiring registering or changing their passwords, the TOE only accepts
passwords that satisfy the conditions of minimum password length and complexity
setting for password.
3) Recording the entry of the user ID and password in the audit logs enables to re-detect
spoofing by users attempting to enter a user ID and password.
As mentioned above, T.ILLEGAL_USE in which attackers illegally access the TOE and
operate the document data is countered by the user identification and authentication and the
audit because the unpermitted TOE users cannot use the TOE functions.
(2) Countermeasures against the threat T.UNAUTH_ACCESS
T.UNAUTH_ACCESS, by which authorised TOE users may breach the limits of authorised
(231 Seiten)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Kommentare zu diesen Handbüchern