Nortel Networks 7.05, 7.11 manual Identification and Authentication, Security Management

Page 14

Security Target, Version 3.9

March 18, 2008

 

 

Nortel VPN Routers, as well as providing protection against external attack. The architecture of the TOE ensures that VPN data is subject to enforcement of the VPN IFC SFP, and that all data passing through the firewall is subject to enforcement of the Firewall IFC SFP. These SFPs are enforced by the TOE based upon the privilege criteria defined in the SFPs.

2.3.2.4Identification and Authentication

All identification and authentication for the TOE occurs on the Nortel VPN Router and is based on user attributes. Each user has a username, password, and one or more assigned roles. The TOE ensures that users are authenticated prior to any use of the TOE functions, and user authentication is performed using a unique username and password combination.

TOE users must identify and authenticate their identities in order to gain access to services provided by the TOE. Identification and authentication is enforced by the Nortel VPN Router, the GUI, and the CLI. The Nortel VPN Client accepts two types of authentication credentials: a username/password combination or a digital certificate.3 The GUI and CLI accepts username/password authentication.

2.3.2.5Security Management

The TOE maintains three main user roles:

Primary Admin

Restricted Admin

VPN User

The Primary Admin has full administrative access to the TOE; the Restricted Admin has access to specific administrative functions as defined by the Primary Admin; and the VPN User has no administrative privileges and can only connect to the Nortel VPN Router via the Nortel VPN Client.

The Primary Admin and Restricted Admins perform administrative and troubleshooting tasks via the GUI, and they perform configuration tasks via the CLI. VPN Users utilize the Nortel VPN Client to access the private network through the Nortel VPN Router. After successful authentication to the TOE, users can access only the management functions to which their role grants them access. As described in the SFP, management and modification of TOE security attributes is restricted to authorized administrators in order to ensure that only secure values are accepted for those security attributes and that the default values used for initialization of the security attributes are not maliciously altered.

2.3.2.6Protection of the TOE Security Functions

The TOE runs a series of self-tests both at initial TOE start-up and periodically during normal TOE operation. These tests check for the correct operation of the TSFs. The TOE is able to detect IPSec sessions replay attacks and take appropriate countermeasures (by dropping the suspect packets) while performing the self-tests. The TOE’s architecture is specifically designed to eliminate the possibility of any user bypassing the TSFs. Users must be identified and authenticated before the TOE will make any actions on their behalf. The underlying OS is not accessible by any TOE user (authorized or unauthorized).

2.3.2.7Trusted Path/Channels

Connections from the Nortel VPN Client to the Nortel VPN Router are initiated by the VPN Users. IPSec is required during these connections in order to ensure that the communication is via a trusted path. The architecture of the TOE and of the IPSec protocol ensures that the trusted paths between the Nortel VPN Router and the Nortel VPN Clients are logically distinct and secure.

3The Nortel VPN Client also supports the use of Smart Cards for authentication. Smart Card authentication is beyond the scope of this evaluation and is not included in the evaluated configuration.

Nortel VPN Router v7.05 and Client Workstation v7.11

Page 14 of 67

© 2008 Nortel Networks

 

Page 13 Page 15
Image 14
Page 13 Page 15
Contents Nortel Networks Corsec Security, Inc Revision History Version Modification Date Modified By Description of ChangesTable of Contents Protection Profile Claims Table of FiguresTable of Tables RationaleSecurity Target, TOE and CC Identification and Conformance Security Target IntroductionPurpose ST, TOE, and CC Identification and ConformanceTerminology Conventions, Acronyms, and TerminologyConventions TerminologyPrimary Admin password Product Description TOE DescriptionProduct Type Branch Office Deployment Configuration of the TOE TOE Boundaries and Scope Physical BoundaryLogical Boundary TOE EnvironmentWorld EnterpriseUser Data Protection Security AuditCryptographic Support Protection of the TOE Security Functions Identification and AuthenticationSecurity Management Trusted Path/ChannelsExcluded TOE Functionality Threats to Security TOE Security EnvironmentAssumptions Threats Addressed by the TOE Threats Addressed by the TOE EnvironmentSecurity Objectives Security Objectives for the TOENon-IT Security Objectives Security Objectives for the EnvironmentIT Security Objectives OE.TIMETOE Security Functional Requirements IT Security RequirementsTOE Security Functional Requirements ST OperationDescription ST Operation FAUSAR.1 Audit review Class FAU Security AuditFAUGEN.1 Audit Data Generation Auditable EventsDependencies FAUGEN.1 Audit data generation FCSCKM.1b Cryptographic key generation RSA Class FCS Cryptographic SupportFCSCKM.1a Cryptographic key generation Diffie-Hellman FCSCKM.4 Cryptographic key destructionFCSCOP.1e Cryptographic operation hashing FCSCOP.1b Cryptographic operation authenticationFCSCOP.1d Cryptographic operation random number generation Security Target, Version March 18 Class FDP User Data Protection FDPACC.2 Complete access controlFDPACF.1 Security attribute based access control FDPIFC.2a Complete information flow control VPNFDPIFC.2b Complete information flow control Firewall FDPIFF.1a Simple security attributes VPNFDPIFF.1b Simple security attributes Firewall FDPUCT.1.1 FDPUCT.1 Basic data exchange confidentialityFDPUIT.1 Data exchange integrity FDPUIT.1.1FIAUAU.5 Multiple authentication mechanisms Class FIA Identification and AuthenticationFIAUAU.1 Timing of authentication FIAUID.2 User identification before any actionDependencies No dependencies FMTMOF.1b Management of security functions behaviour Class FMT Security ManagementFMTMOF.1a Management of security functions behaviour FMTMSA.1a Management of security attributesFMTMSA.3a Static attribute initialisation FMTMSA.1c Management of security attributesFMTMSA.2 Secure security attributes FMTMSA.2.1FMTMSA.3c Static attribute initialisation FMTSMF.1 Specification of Management FunctionsFMTMSA.3b Static attribute initialisation FMTSMR.1 Security rolesFMTSMR.1.2 Class FPT Protection of the TSF FPTAMT.1 Abstract machine testingFPTTST.1 TSF testing FPTRPL.1 Replay detectionFTPTRP.1.1 Class FTP Trusted Path/ChannelsFTPTRP.1 Trusted path FTPTRP.1.2FPTSEP.1 TSF domain separation Security Functional Requirements on the IT EnvironmentFPTRVM.1 Non-bypassability of the TSP FPTSTM.1 Reliable time stampsSecurity Target, Version 3.9March 18 Assurance Requirements Assurance RequirementsAssurance Components TOE Security TOE Summary SpecificationTOE Security Functions Description FunctionAccounting Logs Configuration LogSecurity Audit Security LogSystem Log Event LogFIPS-Validated Cryptographic Algorithms Cryptographic SupportFips Validated Modules Validation Modules Fips 140-2 Certificate #User Data Protection Identification and Authentication Security ManagementConditional Self-Tests Power-Up Self-TestsProtection of the TOE Security Functions TOE Security Functional Requirements Satisfied FTPTRP.1 TOE Security Assurance MeasuresTrusted Path/Channels Assurance Assurance Measure ComponentAugmentation to EAL 4+ assurance level Protection Profile Claims Protection Profile ReferenceRelationship of Security Threats to Objectives RationaleSecurity Objectives Rationale TOE Objectives Environmental Objectives Non-ITHack Certificate Security Functional Requirements Rationale OE.CERTIFICATERelationship of Security Requirements to Objectives Objectives RequirementsFunctions and data EnvAble to access such functionality FMTMSA.3a,b,cReject packets based on their attributes IntegrityDependency Rationale Security Assurance Requirements RationaleRationale for Strength of Function Functional Requirements DependenciesFCSCOP.1 TOE Summary Specification Rationale Development Configuration ManagementSecure Delivery and Operation Tests Guidance DocumentationLife Cycle Support Documents Strength of Function Vulnerability and TOE Strength of Function AnalysesAcronym Definition AcronymsAcronyms DoDSHA
Top Page Image Contents