Содержание
Скачать 2.18 Mb.
|
| 6,294 | Only an individual granted the access control level of “Administrator” SHALL be allowed to restore a locked out keyboard or session after the threshold for unauthorized/invalid attempts has been exceeded. | Comply |
| 6,295 | The device SHALL support Access Control Lists (ACLs) that define allowed access to administrator functions. | Comply |
| 6,296 | Devices SHALL support Access Control Lists (ACLs) that define allowed access to information (data) stored/maintained within a service function. | Comply |
| 6,297 | Device ACLs SHALL support “Read”, “Write”, “Delete”, and “Execute” access rights associated with information (data) stored/maintained within the function. | Comply |
| 6,298 | Device ACLs SHALL associate user identifiers and assigned security levels with allowed access to Administrative functions and information. | Comply |
| 6,299 | The device SHALL log unauthorized access attempts in a customer administrative log file. | Comply |
| 6,300 | The device SHALL support use of alarm thresholds for counts of unauthorized access attempts. | Comply |
| 6,301 | Device alarm count thresholds of unauthorized access attempts SHALL be settable only by those individuals, granted the access control level of “Administrator” or “Security”. . | Comply |
| 6,302 | Device OS Security Audit Trail Log | Comply |
| 6,303 | Device OS log file time & date stamps SHALL be based on Device system time & date information. | Comply |
| 6,304 | Device system time & date information SHALL be synchronized with other the Device and EML (Element Management Layer), NML (Network Management Layer), SML (Service Management Layer) and BML (Business Management Layer) systems by use of the Network Time Protocol version 3 (NTPv3) including support for RY 1305 Appendix C message authentication. | Comply |
| 6,305 | Device security log entries SHALL include the security level of the individual. | Comply |
| 6,306 | The device SHALL support the capability to securely transmit (i.e., with authentication, integrity, and confidentiality mechanisms) audit data to a network designated audit data collection node to off-load the audit capability from other network nodes. | Comply |
| 6,307 | The device RADIUS clients SHALL employ mechanisms to maximize entropy of the Request Authenticator. | Comply |
| 6,308 | The Request Authenticator SHALL be temporarily and globally unique to the device. | Comply |
| 6,309 | Different RADIUS server parameters (Server address, Secret, Timeouts) SHALL be configurable for each authentication method (e.g. EAP [Extensible Authentication Protocol], PAP). | Comply |
| 6,310 | Device RADIUS clients SHALL include failover logic to new RADIUS servers if the current server stops responding. | Comply |
| 6,311 | The device RADIUS client MUST support EAP-TLS as specified in RY 3748, RY 2716. | Comply |
| 6,312 | The secret shared between the client and the RADIUS server SHALL be at least 16 octets in size. | Comply |
| 6,313 | The device SHALL be able to forward RADIUS accounting traffic to accounting servers that are different than the RADIUS authentication servers. | Comply |
| 6,314 | The device SHALL be configurable to attach to multiple RADIUS authentication servers. | Comply |
| 6,315 | The device SHALL be configurable to attach to multiple RADIUS accounting servers. | Comply |
| 6,316 | The device SHALL have the option to strip the domain name extension before forwarding the user name to a RADIUS server. | Comply |
| 6,317 | The device SHALL support RADIUS accounting of DHCP IP address assignment. | Comply |
| 6,318 | The protocols used to provide assurance of authenticity and confidentiality for signaling and routing SHALL be IPsec. Please specify if ANY routing and signaling protocols cannot be protected with IPsec in your device implementation. | Comply |
| 6,319 | The protocols used to provide assurance of management protocols SHALL be: TLSv1, SSH, IPsec, and CORBA - XML Security mechanisms. | Comply |
| 6,320 | Management Plane functions supported by the protocols, SNMP, HTTP, Telnet, TL1, FTP, CORBA and XML SHALL be secured by the use of TLS mechanisms (i.e. SSH/TLSv1 ) or by the use of network layer mechanisms (specifically IPsec over IP version 4 or the native IPsec capabilities of IP version 6). | Comply |
| 6,321 | Regarding IEEE 802.1q, MAC addresses SHALL be specified for each port or some other mechanism is used to prevent malicious users from sending rootid bpdu. | Comply |
| 6,322 | 802.1q signaling SHALL be settable (on/off) on all ports. | Comply |
| 6,323 | 802.1q auto trunking SHALL be settable (on/off) on all ports. | Comply |
| 6,324 | Regarding IEEE 802.1d (Spanning Tree Protocol), separate spanning tree instances SHALL be supported for each VLAN. | Comply |
| 6,325 | Method(s) to manage memory resources used in tracking MAC addresses and VLAN parameters SHALL be supported. Please explain how this is accomplished. | Comply |
| 6,326 | Regarding Definition of the Differentiated Services (DS) Field as specified in RY 2474, the device SHALL provide mechanisms to validate that ingress traffic is marked with codepoint values appropriate for the traffic and the ingress port. | Comply |
| 6,327 | The device use of IPsec in a DS environment SHALL NOT change the inner header's DS field by decapsulation processing to ensure that modifications to the DS field cannot be used to launch theft of service or DoS attacks across an IPsec tunnel endpoint. | Comply |
| 6,328 | Does it implement an authentication mechanism for NTP? Please describe. What are the other security features available? Please describe. Ability to use filter list to define only IP server need? | Comply |
| 6,329 | ftp protection | Comply |
| 6,330 | Does the router implement access control list on data plane? If so please provide a list of available criteria that can be used in the matches | Comply |
| 6,331 | Do these access control list support IPv6? If so is there any restriction or new criteria that can be used in the matches? | Comply |
| 6,332 | Is it possible to name access lists? | Comply |
| 6,333 | Is it possible to use criteria referenced by a name (a group of network prefixes or tag for instance) in an access list ? | Comply |
| 6,334 | Is it possible to log the hits (success and failure)? Does the router implement a summarization mechanism? Do these logs could be exported via syslog? Can we configure a logging rate? | Comply |
| 6,335 | Does the router implement dedicated security filters to protect the router processor? If so, please elaborate on the mechanism and give an exhausted list of available criteria for the matches. | Comply |
| 6,336 | Do these security filters (above question) support IPv6 traffic? If so, is there any restriction or new criteria for the matches? | Comply |
| 6,337 | Possibility to apply IP filter rules (input and output) per interface? If so, does this filtering have any impact on the forwarding performances? | Comply |
| 6,338 | Can filters be applied to MPLS traffic without traffic needing to leave MPLS environment? | Comply |
| 6,339 | Is it possible to associate an ACL rule to - a BGP tag like "filter all IP packet where destination @IP is known in the local routing table as belonging to 3215:200 community - ISIS learn @ (aka all address learn by ISIS must not be joignable from an external interface) | Comply |
| 6,340 | Does log action of drop packets have an impact on CPU in case of massive drop (DoS) ? | Comply |
Похожие:
 | Пояснительные записки, тематическое планирование и тексты учебных пособий Летней физико-математической школы. 2002 и 2003 гг | | Общие требования к первой (предквалификационной) и второй частям заявок (содержание, оформление, подача, изменение, отзыв) 15 |
| Общие требования к первой (предквалификационной) и второй частям заявок (содержание, оформление, подача, изменение, отзыв) 15 | | В соответствии с решением Совета депутатов г. Мурманска от 26. 12. 2006 года №30-357 «Об организации дошкольного образования и родительской... |
 | В соответствии с решением Совета депутатов г. Мурманска от 26. 12. 2006 года №30-357 «Об организации дошкольного образования и родительской... | | Научное содержание нир, оформленное по образцу научной публикации (объемом до 15 машинописных страниц, через 1,5 интервала) |
| Неправильное составление договора или неполное содержание влечёт за собой проблемы различного характера | | Разъяснения по выгрузке информации о прекращении банковской гарантии в иных, отличных от окончания срока гарантии случаях. 145 |
| Характеристики, структура и содержание Раздел Характеристики, структура и содержание учебной дисциплины | | Суть и содержание понятия «маркетинг». Цели, задачи, объект и предмет маркетинга. Эволюция содержания маркетинга |