Nortel Networks 7.05, 7.11 manual Certificate

Page 54

Security Target, Version 3.9

March 18, 2008

 

 

TE.PHYSICAL An attacker may physically attack the Hardware appliance in order to compromise its secure operation.

The environment ensures that the TOE is physically protected so that only TOE users who possess the appropriate privileges have access (OE.PHYS-SEC).

OE.PHYS-SEC ensures that this threat is removed.

TE.AUDIT_FAILURE An attacker may conduct an undetected attack on the information protected by the TOE as a result of unreliable time stamps used by the audit mechanism, which may result in failure to prevent further attacks using the same method.

The environment ensures that reliable timestamps are provided for the time-stamping of audit events (OE.TIME).

OE.TIME ensures that this threat is removed.

TE.BAD_CERT An attacker may successfully authenticate to the VPN Router using a revoked, expired or untrusted certificate in order to gain access to information residing on the private network.

The environment ensures that the required certificate infrastructure is provided so that the validity of certificates can be verified. The Environment also ensures that the chosen infrastructure is maintained so that certificates have their state accurately provided to the TOE (OE.CERTIFICATE). The TOE provides functionality that enables only authorized user to establish VPN sessions with the TOE using IPSec protocol (O.FUNCTIONS).

OE.CERTIFICATE and O.FUNCTIONS ensure that this threat is removed.

A.TRAINED-ADMIN It is Assumed that administrators will be trained in the secure use of the TOE and will follow the policies and procedures defined in the TOE documentation for secure administration of the TOE. Administrators are assumed to be non-hostile.

Those responsible for the TOE ensure that the TOE users are trained to establish and maintain sound security policies and practices (OE.TRAINED).

OE.TRAINED satisfies this assumption.

A.TIMESTAMPS It is assumed that the TOE relies on the operating environment of TOE which provides the accurate clock time to maintain an accurate time stamp for audit events. Administrators are responsible for the maintenance of a reliable time source to provide accurate time for use with audit operations.

The environment ensures that reliable timestamps are provided for the time-stamping of audit events (OE.TIME).

OE.TIME satisfies this assumption.

A.PHYSICAL It is assumed that the TOE may be susceptible to physical attacks by an attacker. It is assumed that the TOE will be housed within a physically secure environment in order to mitigate this risk.

The environment ensures that the TOE is physically protected so that only TOE users who possess the appropriate privileges have access (OE.PHYS-SEC).

OE.PHYS-SEC satisfies this assumption.

A.CERTIFICATE

It is assumed that the environment will provide the necessary infrastructure to

ensure that certificates can be validated when digital certificates are used for authentication.

 

 

Nortel VPN Router v7.05 and Client Workstation v7.11

Page 54 of 67

 

© 2008 Nortel Networks

 

Page 53 Page 55
Image 54
Page 53 Page 55
Contents Nortel Networks Corsec Security, Inc Revision History Version Modification Date Modified By Description of ChangesTable of Contents Protection Profile Claims Table of FiguresTable of Tables RationaleSecurity Target, TOE and CC Identification and Conformance Security Target IntroductionPurpose ST, TOE, and CC Identification and ConformanceTerminology Conventions, Acronyms, and TerminologyConventions TerminologyPrimary Admin password TOE Description Product TypeProduct Description Branch Office Deployment Configuration of the TOE TOE Boundaries and Scope Physical BoundaryLogical Boundary TOE EnvironmentWorld EnterpriseSecurity Audit Cryptographic SupportUser Data Protection Protection of the TOE Security Functions Identification and AuthenticationSecurity Management Trusted Path/ChannelsExcluded TOE Functionality TOE Security Environment AssumptionsThreats to Security Threats Addressed by the TOE Threats Addressed by the TOE EnvironmentSecurity Objectives Security Objectives for the TOENon-IT Security Objectives Security Objectives for the EnvironmentIT Security Objectives OE.TIMETOE Security Functional Requirements IT Security RequirementsTOE Security Functional Requirements ST OperationDescription ST Operation FAUSAR.1 Audit review Class FAU Security AuditFAUGEN.1 Audit Data Generation Auditable EventsDependencies FAUGEN.1 Audit data generation FCSCKM.1b Cryptographic key generation RSA Class FCS Cryptographic SupportFCSCKM.1a Cryptographic key generation Diffie-Hellman FCSCKM.4 Cryptographic key destructionFCSCOP.1b Cryptographic operation authentication FCSCOP.1d Cryptographic operation random number generationFCSCOP.1e Cryptographic operation hashing Security Target, Version March 18 Class FDP User Data Protection FDPACC.2 Complete access controlFDPACF.1 Security attribute based access control FDPIFC.2a Complete information flow control VPNFDPIFC.2b Complete information flow control Firewall FDPIFF.1a Simple security attributes VPNFDPIFF.1b Simple security attributes Firewall FDPUCT.1.1 FDPUCT.1 Basic data exchange confidentialityFDPUIT.1 Data exchange integrity FDPUIT.1.1FIAUAU.5 Multiple authentication mechanisms Class FIA Identification and AuthenticationFIAUAU.1 Timing of authentication FIAUID.2 User identification before any actionDependencies No dependencies FMTMOF.1b Management of security functions behaviour Class FMT Security ManagementFMTMOF.1a Management of security functions behaviour FMTMSA.1a Management of security attributesFMTMSA.3a Static attribute initialisation FMTMSA.1c Management of security attributesFMTMSA.2 Secure security attributes FMTMSA.2.1FMTMSA.3c Static attribute initialisation FMTSMF.1 Specification of Management FunctionsFMTMSA.3b Static attribute initialisation FMTSMR.1 Security rolesFMTSMR.1.2 Class FPT Protection of the TSF FPTAMT.1 Abstract machine testingFPTTST.1 TSF testing FPTRPL.1 Replay detectionFTPTRP.1.1 Class FTP Trusted Path/ChannelsFTPTRP.1 Trusted path FTPTRP.1.2FPTSEP.1 TSF domain separation Security Functional Requirements on the IT EnvironmentFPTRVM.1 Non-bypassability of the TSP FPTSTM.1 Reliable time stampsSecurity Target, Version 3.9March 18 Assurance Requirements Assurance ComponentsAssurance Requirements TOE Security TOE Summary SpecificationTOE Security Functions Description FunctionAccounting Logs Configuration LogSecurity Audit Security LogSystem Log Event LogFIPS-Validated Cryptographic Algorithms Cryptographic SupportFips Validated Modules Validation Modules Fips 140-2 Certificate #User Data Protection Identification and Authentication Security ManagementPower-Up Self-Tests Protection of the TOE Security FunctionsConditional Self-Tests TOE Security Functional Requirements Satisfied FTPTRP.1 TOE Security Assurance MeasuresTrusted Path/Channels Assurance Assurance Measure ComponentAugmentation to EAL 4+ assurance level Protection Profile Claims Protection Profile ReferenceRelationship of Security Threats to Objectives RationaleSecurity Objectives Rationale TOE Objectives Environmental Objectives Non-ITHack Certificate Security Functional Requirements Rationale OE.CERTIFICATERelationship of Security Requirements to Objectives Objectives RequirementsFunctions and data EnvAble to access such functionality FMTMSA.3a,b,cReject packets based on their attributes IntegrityDependency Rationale Security Assurance Requirements RationaleRationale for Strength of Function Functional Requirements DependenciesFCSCOP.1 TOE Summary Specification Rationale Configuration Management Secure Delivery and OperationDevelopment Guidance Documentation Life Cycle Support DocumentsTests Strength of Function Vulnerability and TOE Strength of Function AnalysesAcronym Definition AcronymsAcronyms DoDSHA
Top Page Image Contents