Manuals / Nortel Networks / Computer Equipment / Network Router

Nortel Networks 7.05, 7.11 manual FDPIFC.2b Complete information flow control Firewall

Models: 7.11 7.05

1 67

Download 67 pages 33.01 Kb

Page 28

Security Target, Version 3.9	March 18, 2008

The TSF shall enforce the [VPN Information Flow Control SFP] on [remote authenticated VPN Clients connecting to a Nortel VPN Router] and all operations that cause that information to flow to and from subjects covered by the SFP.

FDP_IFC.2.2(a)

The TSF shall ensure that all operations that cause any information in the TSC to flow to and from any subject in the TSC are covered by an information flow control SFP.

Dependencies: FDP_IFF.1 Simple security attributes

FDP_IFC.2(b) Complete information flow control (Firewall)

Hierarchical to: FDP_IFC.1

FDP_IFC.2.1(b)

The TSF shall enforce the [Firewall Information Flow Control SFP] on [hosts on either side of a Nortel VPN Router (subject), and the Nortel VPN Router (subject), and all data flowing between the subjects (information)] and all operations that cause that information to flow to and from subjects covered by the SFP.

FDP_IFC.2.2(b)

The TSF shall ensure that all operations that cause any information in the TSC to flow to and from any subject in the TSC are covered by an information flow control SFP.

Dependencies: FDP_IFF.1 Simple security attributes

FDP_IFF.1(a) Simple security attributes (VPN)

Hierarchical to: No other components.

FDP_IFF.1.1(a)

The TSF shall enforce the [VPN Information Flow Control SFP] based on the following types of subject and information security attributes: [

ouser identity,

ouser authentication credentials and tunnel filtering of packets is based on

oProtocol ID, o Direction,

o Source, destination IP addresses, o Source, destination ports,

o Service].

FDP_IFF.1.2(a)

The TSF shall permit an information flow between a controlled subject and controlled information via a controlled operation if the following rules hold: [the VPN Client successfully authenticates to the Nortel VPN Router].

Nortel VPN Router v7.05 and Client Workstation v7.11	Page 28 of 67
© 2008 Nortel Networks

Image 28

Nortel Networks 7.05, 7.11 FDPIFC.2b Complete information flow control Firewall, FDPIFF.1a Simple security attributes VPN

Contents

Evaluation Assurance Level EAL 4+ Document Version Prepared forPrepared by Nortel NetworksRevision History VersionModification Date Modified ByTable of Contents TABLE OF CONTENTSTOE SUMMARY SPECIFICATION REVISION HISTORYTable of Figures Table of TablesPROTECTION PROFILE CLAIMS RATIONALE1 Security Target Introduction 1.1 Purpose1.2 Security Target, TOE and CC Identification and Conformance Table 1 - ST, TOE, and CC Identification and Conformance1.3 Conventions, Acronyms, and Terminology 1.3.1 Conventions1.3.2 Terminology Table 2 - TerminologyView Nortel VPN Router rights Primary Admin passwordPage 7 of Figure 1 - VPN Client Deployment Configuration of the TOE 2 TOE Description2.1 Product Type 2.2 Product DescriptionFigure 2 - Branch Office Deployment Configuration of the TOE Figure 4 - Physical TOE Boundary in Branch Office Tunnel Mode 2.3 TOE Boundaries and Scope2.3.1 Physical Boundary Figure 3 - Physical TOE Boundary2.3.2 Logical Boundary 2.3.1.1 TOE EnvironmentNortel VPN Switch Software VxWorks OS Contivity Hardware Appliance Figure 6 - TOE Logical Boundary in Branch Office Tunnel ModeThe World Software2.3.2.2 Cryptographic Support 2.3.2.1 Security Audit2.3.2.3 User Data Protection 2.3.2.4 Identification and Authentication 2.3.2.5 Security Management2.3.2.6 Protection of the TOE Security Functions 2.3.2.7 Trusted Path/Channels2.3.3 Excluded TOE Functionality 3.1 Assumptions 3 TOE Security Environment3.2 Threats to Security 3.2.1 Threats Addressed by the TOE 3.2.2 Threats Addressed by the TOE EnvironmentT.HACK TE.PHYSICAL4 Security Objectives 4.1 Security Objectives for the TOE4.2.1 IT Security Objectives 4.2 Security Objectives for the Environment4.2.2 Non-IT Security Objectives 5.1 TOE Security Functional Requirements 5 IT Security RequirementsTable 3 - TOE Security Functional Requirements Page 21 of 5.1.1 Class FAU Security Audit FAUGEN.1 Audit Data GenerationFAUSAR.1 Audit review Table 4 - Auditable EventsDependencies FAUGEN.1 Audit data generation Page 23 of5.1.2 Class FCS Cryptographic Support FCSCKM.1aCryptographic key generation Diffie-Hellman FCSCKM.1bCryptographic operation authentication FCSCOP.1bFCSCOP.1d Cryptographic operation random number generationFDPITC.2 Import of user data with security attributes, or FCSCKM.1 Cryptographic key generationFCSCKM.4 Cryptographic key destruction FMTMSA.2 Secure security attributesFDPACC.2 Complete access control FDPACF.1 Security attribute based access control5.1.3 Class FDP User Data Protection FDPIFC.2a Complete information flow control VPNFDPIFC.2b Complete information flow control Firewall FDPIFF.1a Simple security attributes VPNFDPIFF.1b Simple security attributes Firewall FDPUIT.1 Data exchange integrity FDPUCT.1 Basic data exchange confidentialityPage 30 of 5.1.4 Class FIA Identification and Authentication FIAUAU.1 Timing of authenticationFIAUAU.5 Multiple authentication mechanisms FIAUID.2 User identification before any actionPage 32 of 5.1.5 Class FMT Security Management FMTMOF.1a Management of security functions behaviourFMTMOF.1b Management of security functions behaviour FMTMSA.1a Management of security attributesFMTMSA.1c Management of security attributes FMTMSA.2 Secure security attributesFMTMSA.3a Static attribute initialisation Page 34 ofFMTSMF.1 Specification of Management Functions FMTMSA.3b Static attribute initialisationFMTMSA.3c Static attribute initialisation FMTSMR.1 Security rolesThe TSF shall be able to associate users with roles Page 36 ofFPTAMT.1 Abstract machine testing FPTTST.1 TSF testing5.1.6 Class FPT Protection of the TSF FPTRPL.1 Replay detection5.1.7 Class FTP Trusted Path/Channels FTPTRP.1 Trusted path5.2 Security Functional Requirements on the IT Environment FPTRVM.1 Non-bypassability of the TSPFPTSEP.1 TSF domain separation FPTSTM.1 Reliable time stampsPage 40 of 5.3 Assurance Requirements Table 6 - Assurance Components6 TOE Summary Specification 6.1 TOE Security Functions6.1.1 Security Audit Configuration LogAccounting Logs Security LogEvent Log System LogTOE Security Functional Requirements Satisfied FAUGEN.1, FAUSAR.1 Table 8 - FIPS Validated Modules 6.1.2 Cryptographic SupportTable 9 - FIPS-Validated Cryptographic Algorithms 6.1.3 User Data Protection Page 46 of6.1.4 Identification and Authentication 6.1.5 Security Management6.1.6 Protection of the TOE Security Functions 6.1.6.1 Power-Up Self-Tests6.1.6.2 Conditional Self-Tests 6.2 TOE Security Assurance Measures 6.1.7 Trusted Path/Channels8 Augmentation to EAL 4+ assurance level Page 50 of7 Protection Profile Claims 7.1 Protection Profile Reference8.1 Security Objectives Rationale 8 RationaleTable 11 - Relationship of Security Threats to Objectives T.HACK 2008 Nortel Networks Nortel VPN Router v7.05 and Client WorkstationPage 54 of 8.2 Security Functional Requirements Rationale Page 55 ofObjectives Table 12 - Relationship of Security Requirements to ObjectivesRequirements  The Primary Admin access to all the administrative functions that are used to enforce the SFP FMTMSA.3a,b,c O.REPLAY 8.3 Security Assurance Requirements Rationale 8.4 Rationale for Strength of Function8.5 Dependency Rationale Table 13 - Functional Requirements Dependencies9 Met by hierarchical SFR FDPACC.2 Met by hierarchical SFR FDPIFC.2Met by hierarchical SFR FIAUID.2 SFR IDFCSCOP.1 8.6 TOE Summary Specification RationaleFDPUCT.1 8.6.2.2 Secure Delivery and Operation 8.6.2.1 Configuration Management8.6.2.3 Development 8.6.2.4 Guidance Documentation 8.6.2.5 Life Cycle Support Documents8.6.2.6 Tests Page 64 of8.7 Strength of Function 8.6.2.7 Vulnerability and TOE Strength of Function Analyses9 Acronyms Table 15 - AcronymsPage 67 of