Page 6
| Security Target, Version 3.9 | March 18, 2008 |
| | | | |
| | | | |
| Keywords | VPN, Router, Firewall, IPSec | | |
| | | | |
1.3 Conventions, Acronyms, and Terminology
1.3.1 Conventions
There are several font variations used within this ST. Selected presentation choices are discussed here to aid the Security Target reader.
The CC allows for several operations to be performed on security requirements: assignment, refinement, selection and iteration. All of these operations are used within this ST. These operations are presented in the same manner in which they appear in Parts 2 and 3 of the CC with the following exceptions:
Completed assignment statements are identified using [italicized text within brackets]. Completed selection statements are identified using [underlined italicized text within brackets]. Refinements are identified using bold text. Any text removed is stricken (Example: TSF Data) and should be considered as a refinement.
Iterations are identified by appending a letter in parenthesis following the component title. For example, FAU_GEN.1(a) Audit Data Generation would be the first iteration and FAU_GEN.1(b) Audit Data Generation would be the second iteration.
1.3.2 Terminology
The acronyms used within this ST are described in Section 9 – “Acronyms.” TOE-specific terminology used throughout the Security Target is explained in Table 2 below:
| | | Table 2 - Terminology |
| | | |
| Term | | Explanation |
| | |
| Technology | | |
| | |
| | |
Contivity | | Refers to the marketing name of the Nortel VPN Router. |
| | |
| User Types | | |
| | |
Primary Admin | | The Primary Admin account has the ability to conduct all administrative privileges and |
| | | rights of the TOE. The Primary Admin also has the ability to create and assign various |
| | | rights to additional administrators. There can only be one Primary Admin of the TOE. |
| | |
Restricted Admin | | A Restricted Admin of the TOE has various administrative privileges as assigned by |
| | | the Primary Admin. The types of privileges available to Restricted Admins are: |
| | | Manage Nortel VPN Router |
| | | View Nortel VPN Router |
| | | Subgroups |
| | | Manage Users |
| | | View Users |
| | |
Administrators | | Refers to all administrators of the TOE (both the Primary Admin and any assigned |
| | | Restricted Admins) |
| | |
Users | | Refers to VPN users or any person authorized to use the TOE but lacking |
| | | administrative privileges. |
| | |
Operators | | Refers to any human that interacts with the TOE, including Administrators and Users. |
| | |
| Privilege Types | | |
| | | |
Nortel VPN Router v7.05 and Client Workstation v7.11 | Page 6 of 67 |
© 2008 Nortel Networks | |
Contents
Nortel Networks Corsec Security, Inc
Revision History
Version Modification Date Modified By Description of Changes
Table of Contents
Protection Profile Claims
Table of Figures
Table of Tables
Rationale
Security Target, TOE and CC Identification and Conformance
Security Target Introduction
Purpose
ST, TOE, and CC Identification and Conformance
Terminology
Conventions, Acronyms, and Terminology
Conventions
Terminology
Primary Admin password
TOE Description
Product Type
Product Description
Branch Office Deployment Configuration of the TOE
TOE Boundaries and Scope
Physical Boundary
Logical Boundary
TOE Environment
World
Enterprise
Security Audit
Cryptographic Support
User Data Protection
Protection of the TOE Security Functions
Identification and Authentication
Security Management
Trusted Path/Channels
Excluded TOE Functionality
TOE Security Environment
Assumptions
Threats to Security
Threats Addressed by the TOE
Threats Addressed by the TOE Environment
Security Objectives
Security Objectives for the TOE
Non-IT Security Objectives
Security Objectives for the Environment
IT Security Objectives
OE.TIME
TOE Security Functional Requirements
IT Security Requirements
TOE Security Functional Requirements
ST Operation
Description ST Operation
FAUSAR.1 Audit review
Class FAU Security Audit
FAUGEN.1 Audit Data Generation
Auditable Events
Dependencies FAUGEN.1 Audit data generation
FCSCKM.1b Cryptographic key generation RSA
Class FCS Cryptographic Support
FCSCKM.1a Cryptographic key generation Diffie-Hellman
FCSCKM.4 Cryptographic key destruction
FCSCOP.1b Cryptographic operation authentication
FCSCOP.1d Cryptographic operation random number generation
FCSCOP.1e Cryptographic operation hashing
Security Target, Version March 18
Class FDP User Data Protection
FDPACC.2 Complete access control
FDPACF.1 Security attribute based access control
FDPIFC.2a Complete information flow control VPN
FDPIFC.2b Complete information flow control Firewall
FDPIFF.1a Simple security attributes VPN
FDPIFF.1b Simple security attributes Firewall
FDPUCT.1.1
FDPUCT.1 Basic data exchange confidentiality
FDPUIT.1 Data exchange integrity
FDPUIT.1.1
FIAUAU.5 Multiple authentication mechanisms
Class FIA Identification and Authentication
FIAUAU.1 Timing of authentication
FIAUID.2 User identification before any action
Dependencies No dependencies
FMTMOF.1b Management of security functions behaviour
Class FMT Security Management
FMTMOF.1a Management of security functions behaviour
FMTMSA.1a Management of security attributes
FMTMSA.3a Static attribute initialisation
FMTMSA.1c Management of security attributes
FMTMSA.2 Secure security attributes
FMTMSA.2.1
FMTMSA.3c Static attribute initialisation
FMTSMF.1 Specification of Management Functions
FMTMSA.3b Static attribute initialisation
FMTSMR.1 Security roles
FMTSMR.1.2
Class FPT Protection of the TSF
FPTAMT.1 Abstract machine testing
FPTTST.1 TSF testing
FPTRPL.1 Replay detection
FTPTRP.1.1
Class FTP Trusted Path/Channels
FTPTRP.1 Trusted path
FTPTRP.1.2
FPTSEP.1 TSF domain separation
Security Functional Requirements on the IT Environment
FPTRVM.1 Non-bypassability of the TSP
FPTSTM.1 Reliable time stamps
Security Target, Version 3.9March 18
Assurance Requirements
Assurance Components
Assurance Requirements
TOE Security
TOE Summary Specification
TOE Security Functions
Description Function
Accounting Logs
Configuration Log
Security Audit
Security Log
System Log
Event Log
FIPS-Validated Cryptographic Algorithms
Cryptographic Support
Fips Validated Modules
Validation Modules Fips 140-2 Certificate #
User Data Protection
Identification and Authentication
Security Management
Power-Up Self-Tests
Protection of the TOE Security Functions
Conditional Self-Tests
TOE Security Functional Requirements Satisfied FTPTRP.1
TOE Security Assurance Measures
Trusted Path/Channels
Assurance Assurance Measure Component
Augmentation to EAL 4+ assurance level
Protection Profile Claims
Protection Profile Reference
Relationship of Security Threats to Objectives
Rationale
Security Objectives Rationale
TOE Objectives Environmental Objectives Non-IT
Hack
Certificate
Security Functional Requirements Rationale
OE.CERTIFICATE
Relationship of Security Requirements to Objectives
Objectives Requirements
Functions and data
Env
Able to access such functionality
FMTMSA.3a,b,c
Reject packets based on their attributes
Integrity
Dependency Rationale
Security Assurance Requirements Rationale
Rationale for Strength of Function
Functional Requirements Dependencies
FCSCOP.1
TOE Summary Specification Rationale
Configuration Management
Secure Delivery and Operation
Development
Guidance Documentation
Life Cycle Support Documents
Tests
Strength of Function
Vulnerability and TOE Strength of Function Analyses
Acronym Definition
Acronyms
Acronyms
DoD
SHA