Security Target, Version 3.9

March 18, 2008

 

 

3 TOE Security Environment

This section describes the security aspects of the environment in which the TOE will be used and the manner in which the TOE is expected to be employed. Section 3.1 provides assumptions about the secure usage of the TOE, including physical, personnel, and connectivity aspects. Section 3.2 lists the known and presumed threats countered by either the TOE or by the security environment.

3.1 Assumptions

This section contains assumptions regarding the security environment and the intended usage of the TOE. The following specific conditions are required to ensure the security of the TOE and are assumed to exist in an environment where this TOE is employed.

A.TRAINED-ADMIN

It is assumed that administrators will be trained in the secure use of the TOE and will

 

follow the policies and procedures defined in the TOE documentation for secure

 

administration of the TOE. Administrators are assumed to be non-hostile.

A.TIMESTAMPS

It is assumed that the TOE relies on the operating environment of TOE to provide

 

accurate clock time in order to create an accurate time stamp for audit events.

 

Administrators are responsible for the maintenance of a reliable time source for use with

 

audit operations.

A.PHYSICAL

It is assumed that the TOE may be susceptible to physical attacks by an attacker. It is

 

assumed that the TOE will be housed within a physically secure environment in order to

 

mitigate this risk.

A.CERTIFICATE

It is assumed that the environment will provide the necessary infrastructure to ensure that

 

certificates can be validated when digital certificates are used for authentication. This

 

may mean the environment provides a connection to a trusted Certificate Authority, or

 

that the required certificates are otherwise available to the TOE. It is assumed that the

 

appropriate infrastructure is properly maintained in order to ensure the accuracy and

 

security of the certificates (e.g., certificates are revoked in a timely manner).

A.INSTALL

It is assumed that the TOE is delivered, installed, and setup in accordance with

 

documented delivery and installation/setup procedures.

A.ACCESS

It is assumed that the TOE has access to all of the Information Technology (IT) System

 

data it needs to perform its functions.

A.DOMSEP

It is assumed that the IT environment will maintain a security domain for the Nortel VPN

 

software that protects it from interference and tampering by untrusted subjects.

3.2 Threats to Security

This section identifies the threats to the IT assets (private networks) against which protection is required by the TOE or by the security environment. The threat agents are divided into two categories:

Nortel VPN Router v7.05 and Client Workstation v7.11

Page 16 of 67

© 2008 Nortel Networks

 

Page 16
Image 16
Nortel Networks 7.05, 7.11 manual TOE Security Environment, Assumptions, Threats to Security