Nortel Networks 7.11, 7.05 manual Reject packets based on their attributes, Integrity

Page 59

Security Target, Version 3.9

March 18, 2008

 

 

The TSF is required to perform security management functions such as create users and assign roles to users [FMT_SMF.1]. The TOE must be able to recognize the different administrative and user roles that exist for the TOE [FMT_SMR.1].

O.INTEGRITY The TOE must use the IPSec tunneling protocol to ensure integrity of data transmitted between the Nortel VPN Client and the Nortel VPN Router, and/or between two Nortel VPN Routers.

 

The TSF is required to enforce the information flow control SFP on connections and all

 

operations that cause information to flow

to and

from subjects

covered by the

SFP

 

[FDP_IFC.2(a,b)].

 

 

 

 

 

The TSF is required to enforce the information flow control SFP based the types of subject and

 

information security attributes. The TSF is required to permit information flow between a

 

controlled subject and controlled information via a controlled operation if the connection is

 

allowed. The TSF is required to deny an information flow based on the packet sequence number

 

[FDP_IFF.1(a,b)].

 

 

 

 

 

The TSF is required to enforce the information flow control SFP in order to send or receive objects

 

in a manner protected from unauthorised disclosure [FDP_UCT.1].

 

 

 

The TSF is required to enforce the information flow control SFP in order to send or receive user

 

data in a manner protected from errors, and to determine whether

an error has occurred

 

[FDP_UIT.1].

 

 

 

 

 

The TOE is required to use the specified tunneling protocol to better protect the integrity of the

 

data transmitted in between its different parts. The RSA suite of algorithms and the Diffie-

 

Hellman algorithm used by the TOE for cryptographic operations must be implemented according

 

to RFC 3447 for RSA and RFC 2631 for Diffie-Hellman. The TOE is required to destroy unused

 

keys by zeroizing them. For encryption and decryption operations, the TOE is required to use the

 

3DES and AES algorithms and they must be implemented according to FIPS 46-3 for 3DES and

 

FIPS 197 for AES. For authentication, the TOE is required to use HMAC-SHA-1 and it must be

 

implemented according to RFC 2104. For hashing, the TOE is required to use SHA-1 and it must

 

be implemented according to RFC

3174

[FCS_CKM.1(a),

FCS_CKM.4,

and

 

FCS_COP.1(a,b,c,d,e,f)].

 

 

 

 

O.REPLAY

The TOE must provide functionality that enables detection of replay attack and

take

 

appropriate action if an attack is detected.

 

 

 

 

 

The TOE is required to detect replay attacks on established IPSec sessions; if a replay attack is

 

detected, the TOE is TOE is required to drop packets from the attacker [FPT_RLT.1].

 

O.FILTER

The TOE must filter all incoming and outgoing packets that pass through it, and accept or

 

reject packets based on their attributes.

 

 

 

 

 

All operations between the different parts of the TOE must be scrutinized by the TOE against the

 

VPN information flow control SFP and the Firewall information flow control SFP using specific

 

security attributes. During this task, the TOE is required to make use of its Firewall, NAT, and

 

IPSec tunneling protocol implementations [FDP_IFC.2(a,b), FDP_IFF.1(a,b), FDP_UCT.1, and

 

FDP_UIT.1].

 

 

 

 

O.TEST

The TOE must provide functionality that enables testing of its correct functioning and

 

integrity.

 

 

 

 

 

During start-up and periodically during normal operation, the TOE is required to run a suite of self

 

tests to demonstrate the correct operation of the TSF. The TOE is also required to provide

 

 

 

 

Nortel VPN Router v7.05 and Client Workstation v7.11

 

 

Page 59 of 67

 

© 2008 Nortel Networks

 

 

 

Image 59
Contents Nortel Networks Corsec Security, Inc Version Modification Date Modified By Description of Changes Revision HistoryTable of Contents Rationale Table of FiguresTable of Tables Protection Profile ClaimsST, TOE, and CC Identification and Conformance Security Target IntroductionPurpose Security Target, TOE and CC Identification and ConformanceTerminology Conventions, Acronyms, and TerminologyConventions TerminologyPrimary Admin password Product Description TOE DescriptionProduct Type Branch Office Deployment Configuration of the TOE Physical Boundary TOE Boundaries and ScopeTOE Environment Logical BoundaryEnterprise WorldUser Data Protection Security AuditCryptographic Support Trusted Path/Channels Identification and AuthenticationSecurity Management Protection of the TOE Security FunctionsExcluded TOE Functionality Threats to Security TOE Security EnvironmentAssumptions Threats Addressed by the TOE Environment Threats Addressed by the TOESecurity Objectives for the TOE Security ObjectivesOE.TIME Security Objectives for the EnvironmentIT Security Objectives Non-IT Security ObjectivesST Operation IT Security RequirementsTOE Security Functional Requirements TOE Security Functional RequirementsDescription ST Operation Auditable Events Class FAU Security AuditFAUGEN.1 Audit Data Generation FAUSAR.1 Audit reviewDependencies FAUGEN.1 Audit data generation FCSCKM.4 Cryptographic key destruction Class FCS Cryptographic SupportFCSCKM.1a Cryptographic key generation Diffie-Hellman FCSCKM.1b Cryptographic key generation RSAFCSCOP.1e Cryptographic operation hashing FCSCOP.1b Cryptographic operation authenticationFCSCOP.1d Cryptographic operation random number generation Security Target, Version March 18 FDPIFC.2a Complete information flow control VPN FDPACC.2 Complete access controlFDPACF.1 Security attribute based access control Class FDP User Data ProtectionFDPIFF.1a Simple security attributes VPN FDPIFC.2b Complete information flow control FirewallFDPIFF.1b Simple security attributes Firewall FDPUIT.1.1 FDPUCT.1 Basic data exchange confidentialityFDPUIT.1 Data exchange integrity FDPUCT.1.1FIAUID.2 User identification before any action Class FIA Identification and AuthenticationFIAUAU.1 Timing of authentication FIAUAU.5 Multiple authentication mechanismsDependencies No dependencies FMTMSA.1a Management of security attributes Class FMT Security ManagementFMTMOF.1a Management of security functions behaviour FMTMOF.1b Management of security functions behaviourFMTMSA.2.1 FMTMSA.1c Management of security attributesFMTMSA.2 Secure security attributes FMTMSA.3a Static attribute initialisationFMTSMR.1 Security roles FMTSMF.1 Specification of Management FunctionsFMTMSA.3b Static attribute initialisation FMTMSA.3c Static attribute initialisationFMTSMR.1.2 FPTRPL.1 Replay detection FPTAMT.1 Abstract machine testingFPTTST.1 TSF testing Class FPT Protection of the TSFFTPTRP.1.2 Class FTP Trusted Path/ChannelsFTPTRP.1 Trusted path FTPTRP.1.1FPTSTM.1 Reliable time stamps Security Functional Requirements on the IT EnvironmentFPTRVM.1 Non-bypassability of the TSP FPTSEP.1 TSF domain separationSecurity Target, Version 3.9March 18 Assurance Requirements Assurance RequirementsAssurance Components Description Function TOE Summary SpecificationTOE Security Functions TOE SecuritySecurity Log Configuration LogSecurity Audit Accounting LogsEvent Log System LogValidation Modules Fips 140-2 Certificate # Cryptographic SupportFips Validated Modules FIPS-Validated Cryptographic AlgorithmsUser Data Protection Security Management Identification and AuthenticationConditional Self-Tests Power-Up Self-TestsProtection of the TOE Security Functions Assurance Assurance Measure Component TOE Security Assurance MeasuresTrusted Path/Channels TOE Security Functional Requirements Satisfied FTPTRP.1Augmentation to EAL 4+ assurance level Protection Profile Reference Protection Profile ClaimsTOE Objectives Environmental Objectives Non-IT RationaleSecurity Objectives Rationale Relationship of Security Threats to ObjectivesHack Certificate OE.CERTIFICATE Security Functional Requirements RationaleObjectives Requirements Relationship of Security Requirements to ObjectivesEnv Functions and dataFMTMSA.3a,b,c Able to access such functionalityIntegrity Reject packets based on their attributesFunctional Requirements Dependencies Security Assurance Requirements RationaleRationale for Strength of Function Dependency RationaleFCSCOP.1 TOE Summary Specification Rationale Development Configuration ManagementSecure Delivery and Operation Tests Guidance DocumentationLife Cycle Support Documents Vulnerability and TOE Strength of Function Analyses Strength of FunctionDoD AcronymsAcronyms Acronym DefinitionSHA