CRP-C0266-01
12
The TOE generates a 256 bit encryption key by using a generation algorithm for the
encryption key which conforms to BSI-AIS 31. The TOE uses the generated encryption key
and cryptographic algorithm AES that matches and FIPS PUB 197, encrypts the document
data, and stores it on the HDD. The TOE decrypts this when loading the document data from
the HDD. Furthermore, the TOE checks the validity for the encryption key and performance
of the hardware "Ic Ctlr" to process the encryption and decryption at start-up. Finally, the
TOE confirms that the processing of the encryption is performed correctly.
Also, recording the results of the encryption key generation and encryption processing in
audit logs enables re-detection of security breaches if the encryption key generation and the
encryption processing are not correctly performed.
Therefore, T.SALVAGE, by which attackers may remove the HDD from the TOE and disclose
document data, is countered by the prevention of disclosing the memory storage data and the
audit.
(5) Countermeasures against the threat T.TRANSIT
T.TRANSIT, by which attackers may illegally obtain, leak, or tamper with document data or
print data sent or received by the TOE via the internal network, is countered by the
protection of the network communication data and the audit.
The TOE uses IPSec Protocol for data communications and encrypts the document data that
is delivered to folders between the TOE and FTP server and between the TOE and SMB
server.
The TOE uses S/MIME and sends the encrypted document data sent by e-mail from the TOE
to client computers.
The SSL protocol is used for communication between the TOE and a client computer when
connecting via an internal network and accessing the Web service of the TOE. The SSL
protocol is also used when sending and printing print data from a client computer to the TOE
via an internal network and also when sending document data by fax from a client computer
via an internal network. The TOE encrypts the communication including the document data
or the print data.
As mentioned above, communication for the Web service, document data, and print data are
encrypted in order to prevent leakage and tampering. However, the document data and the
print data sent or received via a USB interface or telephone line by the TOE are not regarded
as a threat of leakage and tampering.
Also, recording implemented action of the above-encrypted communication in audit logs
enables re-detection of security breaches if the encryption communication is not correctly
performed.
Therefore, T.TRANSIT, by which attackers may illegally obtain, leak or tamper with
document data or print data sent or received by the TOE via the internal network, is
countered by the protection of the network communication data and the audit.
(6) Countermeasures against the threat T.FAX_LINE
T.FAX_LINE, by which attackers may illegally gain access to the TOE through the telephone
line, is countered by the intrusion prevention via telephone lines and the audit.
The TOE, only if the type of data received from the telephone line connected to a fax device is
(231 páginas)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentários a estes Manuais