Manuals / Nortel Networks / Computer Equipment / Network Router

Nortel Networks 7.11, 7.05 manual Logical Boundary, TOE Environment

Models: 7.11 7.05

1 67

Download 67 pages 33.01 Kb

Page 11

2.3.1.1TOE Environment

Security Target, Version 3.9	March 18, 2008

In Figure 3 above, the TOE is installed at the boundary of the private (“Enterprise”) network and the public (“Internet”) network. In Figure 4 above, the TOE is installed at the boundary of the two private (“Enterprise”) networks. The essential physical components of the TOE are:

Nortel VPN Router v7.05 build 100: The Nortel VPN Router is a dedicated hardware/software appliance running a Nortel-hardened version of the VxWorks OS. All non-essential OS processes have been removed and direct access to the OS is impossible. The Nortel VPN Router is produced at seven performance levels (models 600, 1010, 1050, 1100, 1750, 2750, and 5000) which provide identical functionality; they differ only in network throughput and performance.

Nortel VPN Client Workstation v7.11 build 100: The Nortel VPN Client is used to access to establish VPN sessions with the Nortel VPN Router from a remote location.

2.3.1.1TOE Environment

The TOE environment is composed of the following:

Nortel VPN Client Workstation2

oProvides the underlying OS (Microsoft Windows 2000 SP4 or XP SP2) and general-purpose computing hardware platform for the VPN user to connect to the Nortel VPN Router.

Management Workstation

oProvides the underlying OS and general-purpose computing hardware platform for the TOE user to interact with the administrative GUI provided by the TOE.

CLI Workstation

oProvides the underlying OS and general-purpose computing hardware platform for the TOE user to interact with the administrative CLI provided by the TOE.

Corporate Servers

oProvide data and services to VPN users through the VPN services provided by the TOE.

2.3.2Logical Boundary

Figure 5 and Figure 6 below illustrates the logical boundary of this CC evaluation:

2 Note that the Nortel VPN Client Software is included within the TOE boundary but the underlying OS and hardware are not.

Nortel VPN Router v7.05 and Client Workstation v7.11	Page 11 of 67
© 2008 Nortel Networks

Image 11

Nortel Networks 7.11, 7.05 manual Logical Boundary, TOE Environment

Contents

Nortel Networks Evaluation Assurance Level EAL 4+ Document VersionPrepared for Prepared byModified By Revision HistoryVersion Modification DateREVISION HISTORY Table of ContentsTABLE OF CONTENTS TOE SUMMARY SPECIFICATIONRATIONALE Table of FiguresTable of Tables PROTECTION PROFILE CLAIMSTable 1 - ST, TOE, and CC Identification and Conformance 1 Security Target Introduction1.1 Purpose 1.2 Security Target, TOE and CC Identification and ConformanceTable 2 - Terminology 1.3 Conventions, Acronyms, and Terminology1.3.1 Conventions 1.3.2 TerminologyPage 7 of Primary Admin passwordView Nortel VPN Router rights 2.2 Product Description Figure 1 - VPN Client Deployment Configuration of the TOE2 TOE Description 2.1 Product TypeFigure 2 - Branch Office Deployment Configuration of the TOE Figure 3 - Physical TOE Boundary Figure 4 - Physical TOE Boundary in Branch Office Tunnel Mode2.3 TOE Boundaries and Scope 2.3.1 Physical Boundary2.3.1.1 TOE Environment 2.3.2 Logical BoundarySoftware Nortel VPN Switch Software VxWorks OS Contivity Hardware ApplianceFigure 6 - TOE Logical Boundary in Branch Office Tunnel Mode The World2.3.2.3 User Data Protection 2.3.2.1 Security Audit2.3.2.2 Cryptographic Support 2.3.2.7 Trusted Path/Channels 2.3.2.4 Identification and Authentication2.3.2.5 Security Management 2.3.2.6 Protection of the TOE Security Functions2.3.3 Excluded TOE Functionality 3.2 Threats to Security 3 TOE Security Environment3.1 Assumptions TE.PHYSICAL 3.2.1 Threats Addressed by the TOE3.2.2 Threats Addressed by the TOE Environment T.HACK4.1 Security Objectives for the TOE 4 Security Objectives4.2.2 Non-IT Security Objectives 4.2 Security Objectives for the Environment4.2.1 IT Security Objectives Table 3 - TOE Security Functional Requirements 5 IT Security Requirements5.1 TOE Security Functional Requirements Page 21 of Table 4 - Auditable Events 5.1.1 Class FAU Security AuditFAUGEN.1 Audit Data Generation FAUSAR.1 Audit reviewPage 23 of Dependencies FAUGEN.1 Audit data generationFCSCKM.1b 5.1.2 Class FCS Cryptographic SupportFCSCKM.1a Cryptographic key generation Diffie-HellmanCryptographic operation random number generation Cryptographic operation authenticationFCSCOP.1b FCSCOP.1dFMTMSA.2 Secure security attributes FDPITC.2 Import of user data with security attributes, orFCSCKM.1 Cryptographic key generation FCSCKM.4 Cryptographic key destructionFDPIFC.2a Complete information flow control VPN FDPACC.2 Complete access controlFDPACF.1 Security attribute based access control 5.1.3 Class FDP User Data ProtectionFDPIFF.1a Simple security attributes VPN FDPIFC.2b Complete information flow control FirewallFDPIFF.1b Simple security attributes Firewall Page 30 of FDPUCT.1 Basic data exchange confidentialityFDPUIT.1 Data exchange integrity FIAUID.2 User identification before any action 5.1.4 Class FIA Identification and AuthenticationFIAUAU.1 Timing of authentication FIAUAU.5 Multiple authentication mechanismsPage 32 of FMTMSA.1a Management of security attributes 5.1.5 Class FMT Security ManagementFMTMOF.1a Management of security functions behaviour FMTMOF.1b Management of security functions behaviourPage 34 of FMTMSA.1c Management of security attributesFMTMSA.2 Secure security attributes FMTMSA.3a Static attribute initialisationFMTSMR.1 Security roles FMTSMF.1 Specification of Management FunctionsFMTMSA.3b Static attribute initialisation FMTMSA.3c Static attribute initialisationPage 36 of The TSF shall be able to associate users with rolesFPTRPL.1 Replay detection FPTAMT.1 Abstract machine testingFPTTST.1 TSF testing 5.1.6 Class FPT Protection of the TSFFTPTRP.1 Trusted path 5.1.7 Class FTP Trusted Path/ChannelsFPTSTM.1 Reliable time stamps 5.2 Security Functional Requirements on the IT EnvironmentFPTRVM.1 Non-bypassability of the TSP FPTSEP.1 TSF domain separationPage 40 of Table 6 - Assurance Components 5.3 Assurance Requirements6.1 TOE Security Functions 6 TOE Summary SpecificationSecurity Log 6.1.1 Security AuditConfiguration Log Accounting LogsTOE Security Functional Requirements Satisfied FAUGEN.1, FAUSAR.1 System LogEvent Log Table 9 - FIPS-Validated Cryptographic Algorithms 6.1.2 Cryptographic SupportTable 8 - FIPS Validated Modules Page 46 of 6.1.3 User Data Protection6.1.5 Security Management 6.1.4 Identification and Authentication6.1.6.2 Conditional Self-Tests 6.1.6.1 Power-Up Self-Tests6.1.6 Protection of the TOE Security Functions 6.1.7 Trusted Path/Channels 6.2 TOE Security Assurance MeasuresPage 50 of 8 Augmentation to EAL 4+ assurance level7.1 Protection Profile Reference 7 Protection Profile ClaimsTable 11 - Relationship of Security Threats to Objectives 8 Rationale8.1 Security Objectives Rationale T.HACK Page 54 of Nortel VPN Router v7.05 and Client Workstation2008 Nortel Networks Page 55 of 8.2 Security Functional Requirements RationaleRequirements Table 12 - Relationship of Security Requirements to ObjectivesObjectives  The Primary Admin access to all the administrative functions that are used to enforce the SFP FMTMSA.3a,b,c O.REPLAY Table 13 - Functional Requirements Dependencies 8.3 Security Assurance Requirements Rationale8.4 Rationale for Strength of Function 8.5 Dependency RationaleSFR ID 9 Met by hierarchical SFR FDPACC.2Met by hierarchical SFR FDPIFC.2 Met by hierarchical SFR FIAUID.2FDPUCT.1 8.6 TOE Summary Specification RationaleFCSCOP.1 8.6.2.3 Development 8.6.2.1 Configuration Management8.6.2.2 Secure Delivery and Operation Page 64 of 8.6.2.4 Guidance Documentation8.6.2.5 Life Cycle Support Documents 8.6.2.6 Tests8.6.2.7 Vulnerability and TOE Strength of Function Analyses 8.7 Strength of FunctionTable 15 - Acronyms 9 AcronymsPage 67 of