Page 44
Security Target, Version 3.9March 18, 2008
System Log | The System Log records data about System events which are considered significant enough |
| to be written to disk, including those displayed in the Configuration and Security logs. |
| Examples of events that would appear in the System log include: |
| LDAP activity |
| Configuration activity |
| Server authentication and authorization requests |
| The following list gives the general format of System Log entries: |
| Time stamp |
| Task that issued the event (“tEvtLgMgr”, “tObjMgr”, “tHttpdTask”) |
| A number that indicates the Central Processing Unit (CPU) that issued the event |
| (“0” = “CPU(0)”, “1” = “CPU(1)”) |
| Software module that issued the event |
| A number that indicates the event’s persistence (“0” = “non-persistent”, “1” = |
| “persistent”) |
| A number that indicates the event’s severity level (“0” = “Debug”, “1” = “Low”, |
| “2” = “Medium”, “3” = “High”) |
| Rule section matched by this event |
| Matching packet source, destination, protocol, and action configured for the |
| matched rule |
Event Log | The Event Log records detailed data about all events that take place on the system. These |
| entries are not necessarily written to disk (as with the System Log). The Event Log records |
| data about all system activity in-memory, but only the significant entries are saved in the |
| System Log (i.e., on disk). |
| The Event Log includes information on tunneling, security, backups, debugging, hardware, |
| security, daemon processes, software drivers, interface card driver events, and other system |
| components and event types. |
| The Event Log retains the most recent 2000 log entries. Once this maximum capacity has |
| been reached the Event Log overwrites the oldest entry when a new entry needs to be made. |
TOE administrators interact with the TOE through the management GUI [or CLI], but unprivileged TOE users are restricted to establishing VPN sessions with the TOE via the Nortel VPN Client. All of the user actions (detailed above) performed through either of these interfaces are recorded in the appropriate audit log. The TOE creates an audit record when a TOE user causes any of the events in “Table 4 - Auditable Events” to occur. Audit records generated in the Nortel VPN Router are stored locally as flat files on internal storage with no direct TOE administrator access.
Since audit functionality is critical to the secure operation of the TOE, both internal and external backups of the audit logs are supported. Automatic backup and archiving of the logs ensures that the logs are always available. External storage backup of audit records occurs outside of the TOE and it is the administrator’s responsibility to specify an external backup server.
TOE administrators may view audit records via a management GUI display (in a manner suitable for human consumption and understanding). This display includes the date and time of the event; the type of event; the subject identity; the outcome (success or failure) of the event; and the identity of the user responsible for the event. TOE users can read audit records only through the TOE’s management GUI, and only after being authenticated to an appropriately privileged role. TOE users are never given write access to the audit records.
TOE Security Functional Requirements Satisfied: FAU_GEN.1, FAU_SAR.1.
Nortel VPN Router v7.05 and Client Workstation v7.11 | Page 44 of 67 |
© 2008 Nortel Networks | |
Contents
Nortel Networks Corsec Security, Inc
Revision History
Version Modification Date Modified By Description of Changes
Table of Contents
Table of Figures
Table of Tables
Protection Profile Claims
Rationale
Security Target Introduction
Purpose
Security Target, TOE and CC Identification and Conformance
ST, TOE, and CC Identification and Conformance
Conventions, Acronyms, and Terminology
Conventions
Terminology
Terminology
Primary Admin password
Product Description
TOE Description
Product Type
Branch Office Deployment Configuration of the TOE
TOE Boundaries and Scope
Physical Boundary
Logical Boundary
TOE Environment
World
Enterprise
User Data Protection
Security Audit
Cryptographic Support
Identification and Authentication
Security Management
Protection of the TOE Security Functions
Trusted Path/Channels
Excluded TOE Functionality
Threats to Security
TOE Security Environment
Assumptions
Threats Addressed by the TOE
Threats Addressed by the TOE Environment
Security Objectives
Security Objectives for the TOE
Security Objectives for the Environment
IT Security Objectives
Non-IT Security Objectives
OE.TIME
IT Security Requirements
TOE Security Functional Requirements
TOE Security Functional Requirements
ST Operation
Description ST Operation
Class FAU Security Audit
FAUGEN.1 Audit Data Generation
FAUSAR.1 Audit review
Auditable Events
Dependencies FAUGEN.1 Audit data generation
Class FCS Cryptographic Support
FCSCKM.1a Cryptographic key generation Diffie-Hellman
FCSCKM.1b Cryptographic key generation RSA
FCSCKM.4 Cryptographic key destruction
FCSCOP.1e Cryptographic operation hashing
FCSCOP.1b Cryptographic operation authentication
FCSCOP.1d Cryptographic operation random number generation
Security Target, Version March 18
FDPACC.2 Complete access control
FDPACF.1 Security attribute based access control
Class FDP User Data Protection
FDPIFC.2a Complete information flow control VPN
FDPIFC.2b Complete information flow control Firewall
FDPIFF.1a Simple security attributes VPN
FDPIFF.1b Simple security attributes Firewall
FDPUCT.1 Basic data exchange confidentiality
FDPUIT.1 Data exchange integrity
FDPUCT.1.1
FDPUIT.1.1
Class FIA Identification and Authentication
FIAUAU.1 Timing of authentication
FIAUAU.5 Multiple authentication mechanisms
FIAUID.2 User identification before any action
Dependencies No dependencies
Class FMT Security Management
FMTMOF.1a Management of security functions behaviour
FMTMOF.1b Management of security functions behaviour
FMTMSA.1a Management of security attributes
FMTMSA.1c Management of security attributes
FMTMSA.2 Secure security attributes
FMTMSA.3a Static attribute initialisation
FMTMSA.2.1
FMTSMF.1 Specification of Management Functions
FMTMSA.3b Static attribute initialisation
FMTMSA.3c Static attribute initialisation
FMTSMR.1 Security roles
FMTSMR.1.2
FPTAMT.1 Abstract machine testing
FPTTST.1 TSF testing
Class FPT Protection of the TSF
FPTRPL.1 Replay detection
Class FTP Trusted Path/Channels
FTPTRP.1 Trusted path
FTPTRP.1.1
FTPTRP.1.2
Security Functional Requirements on the IT Environment
FPTRVM.1 Non-bypassability of the TSP
FPTSEP.1 TSF domain separation
FPTSTM.1 Reliable time stamps
Security Target, Version 3.9March 18
Assurance Requirements
Assurance Requirements
Assurance Components
TOE Summary Specification
TOE Security Functions
TOE Security
Description Function
Configuration Log
Security Audit
Accounting Logs
Security Log
System Log
Event Log
Cryptographic Support
Fips Validated Modules
FIPS-Validated Cryptographic Algorithms
Validation Modules Fips 140-2 Certificate #
User Data Protection
Identification and Authentication
Security Management
Conditional Self-Tests
Power-Up Self-Tests
Protection of the TOE Security Functions
TOE Security Assurance Measures
Trusted Path/Channels
TOE Security Functional Requirements Satisfied FTPTRP.1
Assurance Assurance Measure Component
Augmentation to EAL 4+ assurance level
Protection Profile Claims
Protection Profile Reference
Rationale
Security Objectives Rationale
Relationship of Security Threats to Objectives
TOE Objectives Environmental Objectives Non-IT
Hack
Certificate
Security Functional Requirements Rationale
OE.CERTIFICATE
Relationship of Security Requirements to Objectives
Objectives Requirements
Functions and data
Env
Able to access such functionality
FMTMSA.3a,b,c
Reject packets based on their attributes
Integrity
Security Assurance Requirements Rationale
Rationale for Strength of Function
Dependency Rationale
Functional Requirements Dependencies
FCSCOP.1
TOE Summary Specification Rationale
Development
Configuration Management
Secure Delivery and Operation
Tests
Guidance Documentation
Life Cycle Support Documents
Strength of Function
Vulnerability and TOE Strength of Function Analyses
Acronyms
Acronyms
Acronym Definition
DoD
SHA
