Nortel Networks 7.11, 7.05 manual TOE Security Assurance Measures, Trusted Path/Channels

Page 49

Security Target, Version 3.9

March 18, 2008

 

 

oRuns when a random number needs to be generated.

Continuous RNG for Entropy Gathering: Verifies that the seed for the FIPS 182-2 PRNG is not failing to a constant value.

oRuns when a seed for the RNG needs to be generated.

Pair-wise Consistency Test for RSA Key Generation: Verifies that a newly generated RSA public/private keypair works properly.

oRuns when an RSA public/private keypair is generated.

Software Load Test: Verifies the authenticity and integrity of new software binaries which are to be installed on the module.

oRuns when a new software image is loaded onto the module.

TOE Security Functional Requirements Satisfied: FPT_AMT.1, FPT_RPL.1, FPT_TST.1.

6.1.7 Trusted Path/Channels

Connections from the Nortel VPN Client to the Nortel VPN Router are initiated by the VPN users. IPSec is required to ensure that the communication is via trusted path. Because of this, trusted path connections between components of the TOE are logically distinct, and secure.

TOE Security Functional Requirements Satisfied: FTP_TRP.1.

6.2 TOE Security Assurance Measures

EAL 4 augmented with ALC_FLR.2 was chosen to provide a basic level of independently assured security. This section of the ST maps the assurance requirements of the TOE for a CC EAL 4+ (augmented with ALC_FLR.2) level of assurance to the assurance measures used for the development and maintenance of the TOE. The following table provides a mapping of the appropriate documentation to the TOE assurance requirements.

Table 10 - Assurance Measures Mapping to TOE Security Assurance Requirements (SARs)

 

Assurance

 

Assurance Measure

 

 

 

 

 

 

 

 

 

 

 

Component

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

ACM_AUT.1

 

Nortel Networks Virtual Private Network Router v7.05 Configuration Management

 

 

 

 

 

 

 

ACM_CAP.4

 

Nortel Networks Virtual Private Network Router v7.05 Configuration Management

 

 

 

 

 

 

 

ACM_SCP.2

 

Nortel Networks Virtual Private Network Router v7.05 Configuration Management

 

 

 

 

 

 

 

 

ADO_DEL.2

 

Nortel Networks Virtual Private Network Router v7.05 Secure Delivery

 

 

 

 

 

 

 

 

 

ADO_IGS.1

 

Nortel Virtual Private Network Router v7.05 Installation Guidance

 

 

 

 

 

 

 

 

 

ADV_FSP.2

 

Nortel Networks Virtual Private Network Router v7.05 Functional Specification

 

 

 

 

 

 

 

 

 

ADV_HLD.2

 

Nortel Networks Virtual Private Network Router v7.05 TOE Architecture: High

 

 

 

 

 

Level Design, Low Level Design, and Representation Correspondence

 

 

 

 

 

 

 

 

 

ADV_IMP.1

 

Nortel Networks Virtual Private Network Router v7.05 - Implementation

 

 

 

 

 

Representation

 

 

 

 

 

 

 

 

 

ADV_LLD.1

 

Nortel Networks Virtual Private Network Router v7.05 TOE Architecture: High

 

 

 

 

 

Level Design, Low Level Design, and Representation Correspondence

 

 

 

 

 

 

 

 

 

ADV_RCR.1

 

Nortel Networks Virtual Private Network Router v7.05 TOE Architecture: High

 

 

 

 

 

Level Design, Low Level Design, and Representation Correspondence

 

 

 

 

 

 

 

 

 

ADV_SPM.1

 

Nortel Networks Virtual Private Network Router v7.05 Informal Security Policy

 

 

 

 

 

Model

 

 

 

 

 

 

 

 

 

AGD_ADM.1

 

Nortel Networks Virtual Private Network Router v7.05 Supplement Guide

 

 

 

 

 

 

 

 

 

AGD_USR.1

 

Nortel Networks Virtual Private Network Router v7.05 Supplement Guide

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Nortel VPN Router v7.05 and Client Workstation v7.11

Page 49 of 67

 

 

 

© 2008 Nortel Networks

 

 

Page 48 Page 50
Image 49
Page 48 Page 50
Contents Nortel Networks Corsec Security, Inc Version Modification Date Modified By Description of Changes Revision HistoryTable of Contents Table of Tables Table of FiguresProtection Profile Claims RationalePurpose Security Target IntroductionSecurity Target, TOE and CC Identification and Conformance ST, TOE, and CC Identification and ConformanceConventions Conventions, Acronyms, and TerminologyTerminology TerminologyPrimary Admin password Product Type TOE DescriptionProduct Description Branch Office Deployment Configuration of the TOE Physical Boundary TOE Boundaries and ScopeTOE Environment Logical BoundaryEnterprise WorldCryptographic Support Security AuditUser Data Protection Security Management Identification and AuthenticationProtection of the TOE Security Functions Trusted Path/ChannelsExcluded TOE Functionality Assumptions TOE Security EnvironmentThreats to Security Threats Addressed by the TOE Environment Threats Addressed by the TOESecurity Objectives for the TOE Security ObjectivesIT Security Objectives Security Objectives for the EnvironmentNon-IT Security Objectives OE.TIMETOE Security Functional Requirements IT Security RequirementsTOE Security Functional Requirements ST OperationDescription ST Operation FAUGEN.1 Audit Data Generation Class FAU Security AuditFAUSAR.1 Audit review Auditable EventsDependencies FAUGEN.1 Audit data generation FCSCKM.1a Cryptographic key generation Diffie-Hellman Class FCS Cryptographic SupportFCSCKM.1b Cryptographic key generation RSA FCSCKM.4 Cryptographic key destructionFCSCOP.1d Cryptographic operation random number generation FCSCOP.1b Cryptographic operation authenticationFCSCOP.1e Cryptographic operation hashing Security Target, Version March 18 FDPACF.1 Security attribute based access control FDPACC.2 Complete access controlClass FDP User Data Protection FDPIFC.2a Complete information flow control VPNFDPIFF.1a Simple security attributes VPN FDPIFC.2b Complete information flow control FirewallFDPIFF.1b Simple security attributes Firewall FDPUIT.1 Data exchange integrity FDPUCT.1 Basic data exchange confidentialityFDPUCT.1.1 FDPUIT.1.1FIAUAU.1 Timing of authentication Class FIA Identification and AuthenticationFIAUAU.5 Multiple authentication mechanisms FIAUID.2 User identification before any actionDependencies No dependencies FMTMOF.1a Management of security functions behaviour Class FMT Security ManagementFMTMOF.1b Management of security functions behaviour FMTMSA.1a Management of security attributesFMTMSA.2 Secure security attributes FMTMSA.1c Management of security attributesFMTMSA.3a Static attribute initialisation FMTMSA.2.1FMTMSA.3b Static attribute initialisation FMTSMF.1 Specification of Management FunctionsFMTMSA.3c Static attribute initialisation FMTSMR.1 Security rolesFMTSMR.1.2 FPTTST.1 TSF testing FPTAMT.1 Abstract machine testingClass FPT Protection of the TSF FPTRPL.1 Replay detectionFTPTRP.1 Trusted path Class FTP Trusted Path/ChannelsFTPTRP.1.1 FTPTRP.1.2FPTRVM.1 Non-bypassability of the TSP Security Functional Requirements on the IT EnvironmentFPTSEP.1 TSF domain separation FPTSTM.1 Reliable time stampsSecurity Target, Version 3.9March 18 Assurance Components Assurance RequirementsAssurance Requirements TOE Security Functions TOE Summary SpecificationTOE Security Description FunctionSecurity Audit Configuration LogAccounting Logs Security LogEvent Log System LogFips Validated Modules Cryptographic SupportFIPS-Validated Cryptographic Algorithms Validation Modules Fips 140-2 Certificate # User Data Protection Security Management Identification and AuthenticationProtection of the TOE Security Functions Power-Up Self-TestsConditional Self-Tests Trusted Path/Channels TOE Security Assurance MeasuresTOE Security Functional Requirements Satisfied FTPTRP.1 Assurance Assurance Measure ComponentAugmentation to EAL 4+ assurance level Protection Profile Reference Protection Profile ClaimsSecurity Objectives Rationale RationaleRelationship of Security Threats to Objectives TOE Objectives Environmental Objectives Non-ITHack Certificate OE.CERTIFICATE Security Functional Requirements RationaleObjectives Requirements Relationship of Security Requirements to ObjectivesEnv Functions and dataFMTMSA.3a,b,c Able to access such functionalityIntegrity Reject packets based on their attributesRationale for Strength of Function Security Assurance Requirements RationaleDependency Rationale Functional Requirements DependenciesFCSCOP.1 TOE Summary Specification Rationale Secure Delivery and Operation Configuration ManagementDevelopment Life Cycle Support Documents Guidance DocumentationTests Vulnerability and TOE Strength of Function Analyses Strength of FunctionAcronyms AcronymsAcronym Definition DoDSHA
Top Page Image Contents