To Next Page

To Previous Page

Chapter3

SECURITYPROBLEM

DEFINITION

InordertoclarifythenatureofthesecurityproblemthattheTOEisintendedtosolve,this

sectiondescribesthefollowing:

1.Anyknownorassumedthreatstotheassetsagainstwhichspecicprotectionwithin

theTOEoritsenvironmentisrequired

2.AnyorganizationalsecuritypolicystatementsorruleswithwhichtheTOEmustcomply

3.Anyassumptionsaboutthesecurityaspectsoftheenvironmentand/orofthemanner

inwhichtheTOEisintendedtobeused.

ThischapteridentiesthreatsasT.THREAT ,assumptionsasA.ASSUMPTIONandpolicies

asP .POLICY .

TableofContents

Threat........................................................................................................................3-1

Assumption................................................................................................................3-2

ORGANIZATIONALSECURITYPOLICIES................................................................3-3

3.1Threat

Athreatconsistsofathreatagent,anassetandanadverseactionofthatthreatagenton

thatasset.

1.Threatagentsareentitiesthatcanadverselyactonassets–thethreatagentsinthe

threatsbelowareunauthorizeduser,networkattacker,authorizeduserand

2.Assetsareentitiesthatsomeoneplacesvalueupon–theassetsareaccesstonetwork

services,

3.Adverseactionsareactionsperformedbyathreatagentonanasset–theadverse

actionsare:unauthorizedchangestoconguration,bothnetworkroutingconguration

andmanagementconguration.

Table3-1Threat

THREATDESCRIPTION

T.AUDIT_REVIEWActionsperformedbyusersmaynotbeknowntotheadministrators

duetoactionsnotbeingrecordedortheauditrecordsnotbeing

reviewedpriortothemachineshuttingdown,oranunauthorized

administratormodiesordestroysauditdata.

3-1

SJ-20110815105844-030|2011/08/19（R1.6）ZTECORPORATION

Zte ZXR10 M6000 Series User Manual

Questions and Answers: