Nortel Networks 7.05, 7.11 manual Identification and Authentication, Security Management

Nortel VPN Routers, as well as providing protection against external attack. The architecture of the TOE ensures that VPN data is subject to enforcement of the VPN IFC SFP, and that all data passing through the firewall is subject to enforcement of the Firewall IFC SFP. These SFPs are enforced by the TOE based upon the privilege criteria defined in the SFPs.

2.3.2.4Identification and Authentication

All identification and authentication for the TOE occurs on the Nortel VPN Router and is based on user attributes. Each user has a username, password, and one or more assigned roles. The TOE ensures that users are authenticated prior to any use of the TOE functions, and user authentication is performed using a unique username and password combination.

TOE users must identify and authenticate their identities in order to gain access to services provided by the TOE. Identification and authentication is enforced by the Nortel VPN Router, the GUI, and the CLI. The Nortel VPN Client accepts two types of authentication credentials: a username/password combination or a digital certificate.3 The GUI and CLI accepts username/password authentication.

2.3.2.5Security Management

The TOE maintains three main user roles:

Primary Admin

Restricted Admin

VPN User

The Primary Admin has full administrative access to the TOE; the Restricted Admin has access to specific administrative functions as defined by the Primary Admin; and the VPN User has no administrative privileges and can only connect to the Nortel VPN Router via the Nortel VPN Client.

The Primary Admin and Restricted Admins perform administrative and troubleshooting tasks via the GUI, and they perform configuration tasks via the CLI. VPN Users utilize the Nortel VPN Client to access the private network through the Nortel VPN Router. After successful authentication to the TOE, users can access only the management functions to which their role grants them access. As described in the SFP, management and modification of TOE security attributes is restricted to authorized administrators in order to ensure that only secure values are accepted for those security attributes and that the default values used for initialization of the security attributes are not maliciously altered.

2.3.2.6Protection of the TOE Security Functions

The TOE runs a series of self-tests both at initial TOE start-up and periodically during normal TOE operation. These tests check for the correct operation of the TSFs. The TOE is able to detect IPSec sessions replay attacks and take appropriate countermeasures (by dropping the suspect packets) while performing the self-tests. The TOE’s architecture is specifically designed to eliminate the possibility of any user bypassing the TSFs. Users must be identified and authenticated before the TOE will make any actions on their behalf. The underlying OS is not accessible by any TOE user (authorized or unauthorized).

2.3.2.7Trusted Path/Channels

Connections from the Nortel VPN Client to the Nortel VPN Router are initiated by the VPN Users. IPSec is required during these connections in order to ensure that the communication is via a trusted path. The architecture of the TOE and of the IPSec protocol ensures that the trusted paths between the Nortel VPN Router and the Nortel VPN Clients are logically distinct and secure.

3The Nortel VPN Client also supports the use of Smart Cards for authentication. Smart Card authentication is beyond the scope of this evaluation and is not included in the evaluated configuration.