Security Target, Version 3.9 | March 18, 2008 |
|
|
Nortel VPN Router: Each of the logical components contained within the physical Nortel VPN Router are included within the TOE boundary. These components are:
oNortel VPN Switch Software o VxWorks OS
o Contivity Hardware Appliance.
Nortel VPN Client Workstation: The Nortel VPN Client software is part of the TOE but the underlying OS and hardware are excluded from the TOE boundary.
The TOE’s logical boundary includes all of the TOE Security Functions (TSFs). The Security Functional Requirements (SFRs) implemented by the TOE are usefully grouped under the following Security Function Classes:
FAU | Security Audit |
FCS | Cryptographic Support |
FDP | User Data Protection |
FIA | Identification and Authentication |
FMT | Security Management |
FPT | Protection of the TOE Security Functions |
FTP | Trusted Path/Channels |
These functions are discussed in greater detail below.
2.3.2.1Security Audit
The Security Audit function provides the generation and viewing of audit records. The TOE generates five categories of audit data:
Accounting Log: contains information about user activities.
Security Log: contains information about security relevant activities.
Configuration Log: contains information about configuration relevant activities.
System Log: contains information about system relevant activities.
Event Log: contains the last 2000 logs entries of all activities.
Audit data is generated by the TOE and stored locally as flat files on internal storage. The TOE controls access to the audit data, and direct access to these flat files by the TOE administrator is not possible. The TOE supports automatic backup and archiving of the logs.
TOE users assigned to the appropriate user roles may read audit records but do not have write access. The audit data is presented to TOE users in a manner suitable for human readability.
2.3.2.2Cryptographic Support
The TOE implements and utilizes cryptographic algorithms and various other security algorithms in order to protect information being transferred between physically separated parts of the TOE. These algorithms include Advanced Encryption Standard (AES), Triple Data Encryption Standard (3DES), RSA (Rivest, Shamir, and Adleman), and
2.3.2.3User Data Protection
The TOE enforces the Access Control Security Functional Policy (SFP) on TOE subjects, objects, and operations. The architecture of the TOE ensures that all operations between objects and subjects are regulated by the TOE based upon the privilege criteria defined in the Access Control SFP.
The TOE enforces the VPN Information Flow Control (IFC) SFP and the Firewall IFC SFP through the use of IPSec. The IPSec protocol ensures confidentiality of communications between remote Nortel VPN Clients and
Nortel VPN Router v7.05 and Client Workstation v7.11 | Page 13 of 67 |
© 2008 Nortel Networks |
|
