Nortel Networks 7.05, 7.11 manual Able to access such functionality, FMTMSA.3a,b,c

Page 58

Security Target, Version 3.9

March 18, 2008

 

 

required to use SHA-1 and it must be implemented according to RFC 3174 [FCS_CKM.1(a), FCS_CKM.4, and FCS_COP.1(a,b,c,d,e,f)].

O.CONFIDENT The TOE must use the IPSec tunneling protocol to ensure confidentiality of data transmitted between the Nortel VPN Client and the Nortel VPN Router, and/or between two Nortel VPN Routers.

The TOE is required to use the specified tunneling protocol to better protect the confidentiality of the data transmitted between its different parts. The RSA suite of algorithms and the Diffie- Hellman algorithm used by the TOE for cryptographic operations must be implemented according to RFC 3447 for RSA and RFC 2631 for Diffie-Hellman. The TOE is required to destroy unused keys by zeroizing them. For encryption and decryption operations, the TOE is required to use the 3DES and AES algorithms and they must be implemented according to FIPS 46-3 for 3DES and FIPS 197 for AES. For authentication, the TOE is required to use HMAC-SHA-1 and it must be implemented according to RFC 2104. For hashing, the TOE is required to use SHA-1 and it must be implemented according to RFC 3174 [FCS_CKM.1(a), FCS_CKM.4, and FCS_COP.1(a,b,d,c,e,f)].

All the operations between the different parts of the TOE must be scrutinized by the TOE against the VPN information flow control SFP and the Firewall information flow control SFP using specific security attributes. During this task, the TOE is required to make use of its Firewall, NAT, and IPSec tunneling protocol implementations [FDP_IFC.2(a), FDP_IFF.1(a), FDP_UCT.1, and FDP_UIT.1].

O.FUNCTIONS The TOE must provide functionality that enables only authorized user to establish VPN sessions with the TOE using IPSec protocol.

 

Using the Access Control SFP, the TSF is required to provide the ability to restrict managing the

 

behavior, and modifying the security attributes of functions of the TOE to authorized users of the

 

TOE [FMT_MOF.1(a,b)]. The TOE is required to only accept secure values for security attributes

 

[FMT_MSA.2]. The TOE SFPs are required to provide restrictive default values and to

 

alternatively provide authorized users the ability to override default values for security attributes

 

that are used to enforce the SFP [FMT_MSA.3(a,b,c)].

 

The TSF is required to perform security management functions such as create log-ins and assign

 

roles to user log-in IDs [FMT_SMF.1]. The TOE must be able to recognize the different

 

administrative and user roles that exist for the TOE [FMT_SMR.1].

 

The TSF is required to provide a logically distinct and protected communication path for secure

 

VPN communication with remote users [FTP_TRP.1].

O.ADMIN

The TOE will provide facilities to enable an authorized administrator to effectively manage

 

the TOE and its security function, and will ensure that only authorized administrators are

 

able to access such functionality.

 

The TSF is required to provide the ability to restrict managing the behavior, and modifying the

 

security attributes of functions of the TOE to authorized users of the TOE [FMT_MOF.1(a,b)].

 

The TSF is required to enforce the Access Control SFP to restrict the ability to modify the security

 

attributes to authorized administrators [FMT_MSA.1(a,b,c,d,e)].

 

The TOE is required to only accept secure values for security attributes [FMT_MSA.2]. The TOE

 

SFPs are required to provide restrictive default values and to alternatively provide authorized users

 

the ability to override default values for security attributes that are used to enforce the SFP

 

[FMT_MSA.3(a,b,c)].

Nortel VPN Router v7.05 and Client Workstation v7.11

Page 58 of 67

© 2008 Nortel Networks

 

Page 57 Page 59
Image 58
Page 57 Page 59
Contents Nortel Networks Corsec Security, Inc Revision History Version Modification Date Modified By Description of ChangesTable of Contents Protection Profile Claims Table of FiguresTable of Tables RationaleSecurity Target, TOE and CC Identification and Conformance Security Target IntroductionPurpose ST, TOE, and CC Identification and ConformanceTerminology Conventions, Acronyms, and TerminologyConventions TerminologyPrimary Admin password Product Type TOE DescriptionProduct Description Branch Office Deployment Configuration of the TOE TOE Boundaries and Scope Physical BoundaryLogical Boundary TOE EnvironmentWorld EnterpriseCryptographic Support Security AuditUser Data Protection Protection of the TOE Security Functions Identification and AuthenticationSecurity Management Trusted Path/ChannelsExcluded TOE Functionality Assumptions TOE Security EnvironmentThreats to Security Threats Addressed by the TOE Threats Addressed by the TOE EnvironmentSecurity Objectives Security Objectives for the TOENon-IT Security Objectives Security Objectives for the EnvironmentIT Security Objectives OE.TIMETOE Security Functional Requirements IT Security RequirementsTOE Security Functional Requirements ST OperationDescription ST Operation FAUSAR.1 Audit review Class FAU Security AuditFAUGEN.1 Audit Data Generation Auditable EventsDependencies FAUGEN.1 Audit data generation FCSCKM.1b Cryptographic key generation RSA Class FCS Cryptographic SupportFCSCKM.1a Cryptographic key generation Diffie-Hellman FCSCKM.4 Cryptographic key destructionFCSCOP.1d Cryptographic operation random number generation FCSCOP.1b Cryptographic operation authenticationFCSCOP.1e Cryptographic operation hashing Security Target, Version March 18 Class FDP User Data Protection FDPACC.2 Complete access controlFDPACF.1 Security attribute based access control FDPIFC.2a Complete information flow control VPNFDPIFC.2b Complete information flow control Firewall FDPIFF.1a Simple security attributes VPNFDPIFF.1b Simple security attributes Firewall FDPUCT.1.1 FDPUCT.1 Basic data exchange confidentialityFDPUIT.1 Data exchange integrity FDPUIT.1.1FIAUAU.5 Multiple authentication mechanisms Class FIA Identification and AuthenticationFIAUAU.1 Timing of authentication FIAUID.2 User identification before any actionDependencies No dependencies FMTMOF.1b Management of security functions behaviour Class FMT Security ManagementFMTMOF.1a Management of security functions behaviour FMTMSA.1a Management of security attributesFMTMSA.3a Static attribute initialisation FMTMSA.1c Management of security attributesFMTMSA.2 Secure security attributes FMTMSA.2.1FMTMSA.3c Static attribute initialisation FMTSMF.1 Specification of Management FunctionsFMTMSA.3b Static attribute initialisation FMTSMR.1 Security rolesFMTSMR.1.2 Class FPT Protection of the TSF FPTAMT.1 Abstract machine testingFPTTST.1 TSF testing FPTRPL.1 Replay detectionFTPTRP.1.1 Class FTP Trusted Path/ChannelsFTPTRP.1 Trusted path FTPTRP.1.2FPTSEP.1 TSF domain separation Security Functional Requirements on the IT EnvironmentFPTRVM.1 Non-bypassability of the TSP FPTSTM.1 Reliable time stampsSecurity Target, Version 3.9March 18 Assurance Components Assurance RequirementsAssurance Requirements TOE Security TOE Summary SpecificationTOE Security Functions Description FunctionAccounting Logs Configuration LogSecurity Audit Security LogSystem Log Event LogFIPS-Validated Cryptographic Algorithms Cryptographic SupportFips Validated Modules Validation Modules Fips 140-2 Certificate #User Data Protection Identification and Authentication Security ManagementProtection of the TOE Security Functions Power-Up Self-TestsConditional Self-Tests TOE Security Functional Requirements Satisfied FTPTRP.1 TOE Security Assurance MeasuresTrusted Path/Channels Assurance Assurance Measure ComponentAugmentation to EAL 4+ assurance level Protection Profile Claims Protection Profile ReferenceRelationship of Security Threats to Objectives RationaleSecurity Objectives Rationale TOE Objectives Environmental Objectives Non-ITHack Certificate Security Functional Requirements Rationale OE.CERTIFICATERelationship of Security Requirements to Objectives Objectives RequirementsFunctions and data EnvAble to access such functionality FMTMSA.3a,b,cReject packets based on their attributes IntegrityDependency Rationale Security Assurance Requirements RationaleRationale for Strength of Function Functional Requirements DependenciesFCSCOP.1 TOE Summary Specification Rationale Secure Delivery and Operation Configuration ManagementDevelopment Life Cycle Support Documents Guidance DocumentationTests Strength of Function Vulnerability and TOE Strength of Function AnalysesAcronym Definition AcronymsAcronyms DoDSHA
Top Page Image Contents