Security Target, Version 3.9

March 18, 2008

 

 

4 Security Objectives

This section identifies the security objectives for the TOE and its supporting environment. The security objectives identify the responsibilities of the TOE and its environment in meeting the security needs.

4.1 Security Objectives for the TOE

The specific security objectives are as follows:

O.I&A

The TOE must be able to identify and authenticate users prior to allowing access to TOE

 

functions and data.

O.AUDIT

The TOE must record audit records for data accesses and use of the System functions.

O.SELFPROTECT

The TOE must protect itself from unauthorized modifications and access to its functions

 

and data.

O.FUNCTIONS

The TOE must provide functionality that enables only authorized users to establish VPN

 

sessions with the TOE using the IPSec protocol.

O.ADMIN

The TOE must provide facilities to enable an authorized administrator to effectively

 

manage the TOE and its security function, and must ensure that only authorized

 

administrators are able to access such functionality.

O.TEST

The TOE must provide functionality that enables testing of its correct functioning and

 

integrity.

O.REPLAY

The TOE must provide functionality that enables detection of replay attack and take

 

appropriate action if an attack is detected.

O.CONFIDENT

The TOE must use the IPSec tunneling protocol to ensure confidentiality of data

 

transmitted between the Nortel VPN Client and the Nortel VPN Router, and/or between

 

two Nortel VPN Routers.

O.INTEGRITY

The TOE must use the IPSec tunneling protocol to ensure integrity of data transmitted

 

between the Nortel VPN Client and the Nortel VPN Router, and/or between two Nortel

 

VPN Routers.

O.FILTER

The TOE must filter all incoming and outgoing packets that pass through it, and accept or

 

reject packets based on their attributes.

Nortel VPN Router v7.05 and Client Workstation v7.11

Page 18 of 67

© 2008 Nortel Networks

 

Page 18
Image 18
Nortel Networks 7.05, 7.11 manual Security Objectives for the TOE