Hello,
[size="2"]I'm looking for the best configuration to pass the [style="background-color: #ffffff;"]Common Criteria ISO/IEC 15408 (Evaluation Criteria for IT security Part :1,2,3)[/style][/size]
[size="2"][style="background-color: #ffffff;"]I have FortiDB-1000D and my OS is 5.1.3-0009, r20485.[/style][/size]
[style="background-color: #ffffff;"][size="2"]For Example FortiDB-1000 D is using diffie-hellman-group1-sha1 and [size="2"]diffie-hellman-groupe-exchange-sha1 but these algorithm not supported with IEC 15408 ([size="2"]FCS_SSHC_EXT.1.7[/size]).[/size] [/size][/style]
[style="background-color: #ffffff;"][size="2"][size="2"]Also base on the FCS_SSHS_EXT.1.2 we should authenticate the SSH Connection base on public key and password.[/size][/size][/style]
[style="background-color: #ffffff;"][size="2"][size="2"]But the FortiDB-1000D doesn't use public key for SSH authentication[/size][size="2"].[/size][size="2"] [/size][/size][/style]
[style="background-color: #ffffff;"][size="2"]Or Also based on FCS_TLSC_EXR.1.1 when device is in client mode and we have TLS connection, we should use TLSV1.2 and TLS_RSA_WUTH_AES_18_CBC_SHA key chain but FortiDB 1000D is using TLSv1.0 and the prohibited key chine like TLS_RSA_WITH_DES_CBC_SHA or SSL2_DES_64_CBC_WITH_MD5. [/size][/style]
[style="background-color: #ffffff;"][size="2"]Please help me to solve these problems and set the best cofiguration for [/size][/style][style="background-color: #ffffff;"][size="2"]Common Criteria ISO/IEC 15408[/size][/style][style="background-color: #ffffff;"].[/style]
[style="background-color: #ffffff;"][size="2"]Thank you very much for your considerations.[/size][/style]
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.