Manuals / Nortel Networks / Computer Equipment / Network Router

Nortel Networks 7.11 Table of Contents, Revision History, Table Of Contents, Table Of Figures

Models: 7.11 7.05

1 67

Download 67 pages 33.01 Kb

Page 3

Table of Contents

Security Target, Version 3.9March 18, 2008

Table of Contents

REVISION HISTORY				2
TABLE OF CONTENTS				3
TABLE OF FIGURES				4
TABLE OF TABLES				4
1	SECURITY TARGET INTRODUCTION			5
	1.1	PURPOSE		5
	1.2	SECURITY TARGET, TOE AND CC IDENTIFICATION AND CONFORMANCE		5
	1.3	CONVENTIONS, ACRONYMS, AND TERMINOLOGY		6
	1.3.1		Conventions	6
	1.3.2		Terminology	6
2	TOE DESCRIPTION			8
	2.1	PRODUCT TYPE		8
	2.2	PRODUCT DESCRIPTION		8
	2.3	TOE BOUNDARIES AND SCOPE		10
	2.3.1		Physical Boundary	10
	2.3.2		Logical Boundary	11
	2.3.3		Excluded TOE Functionality	15
3	TOE SECURITY ENVIRONMENT			16
	3.1	ASSUMPTIONS		16
	3.2	THREATS TO SECURITY		16
	3.2.1		Threats Addressed by the TOE	17
	3.2.2		Threats Addressed by the TOE Environment	17
4	SECURITY OBJECTIVES			18
	4.1	SECURITY OBJECTIVES FOR THE TOE		18
	4.2	SECURITY OBJECTIVES FOR THE ENVIRONMENT		19
	4.2.1		IT Security Objectives	19
	4.2.2		Non-IT Security Objectives	19
5	IT SECURITY REQUIREMENTS			20
	5.1	TOE SECURITY FUNCTIONAL REQUIREMENTS		20
	5.1.1		Class FAU: Security Audit	22
	5.1.2		Class FCS: Cryptographic Support	24
	5.1.3		Class FDP: User Data Protection	27
	5.1.4		Class FIA: Identification and Authentication	31
	5.1.5		Class FMT: Security Management	33
	5.1.6		Class FPT: Protection of the TSF	37
	5.1.7		Class FTP: Trusted Path/Channels	38
	5.2	SECURITY FUNCTIONAL REQUIREMENTS ON THE IT ENVIRONMENT		39
	5.3	ASSURANCE REQUIREMENTS		41
6	TOE SUMMARY SPECIFICATION			42
	6.1	TOE SECURITY FUNCTIONS		42
	6.1.1		Security Audit	43
	6.1.2		Cryptographic Support	45
	6.1.3		User Data Protection	46
	6.1.4		Identification and Authentication	47
	6.1.5		Security Management	47
	6.1.6		Protection of the TOE Security Functions	48
	6.1.7		Trusted Path/Channels	49
	6.2	TOE SECURITY ASSURANCE MEASURES		49

Nortel VPN Router v7.05 and Client Workstation v7.11				Page 3 of 67
			© 2008 Nortel Networks

Image 3

Nortel Networks 7.11, 7.05 manual Table of Contents, Revision History, Table Of Contents, Table Of Figures, Table Of Tables

Contents

Nortel Networks Evaluation Assurance Level EAL 4+ Document VersionPrepared for Prepared byModified By Revision HistoryVersion Modification DateREVISION HISTORY Table of ContentsTABLE OF CONTENTS TOE SUMMARY SPECIFICATIONRATIONALE Table of FiguresTable of Tables PROTECTION PROFILE CLAIMSTable 1 - ST, TOE, and CC Identification and Conformance 1 Security Target Introduction1.1 Purpose 1.2 Security Target, TOE and CC Identification and ConformanceTable 2 - Terminology 1.3 Conventions, Acronyms, and Terminology1.3.1 Conventions 1.3.2 TerminologyPrimary Admin password View Nortel VPN Router rightsPage 7 of 2.2 Product Description Figure 1 - VPN Client Deployment Configuration of the TOE2 TOE Description 2.1 Product TypeFigure 2 - Branch Office Deployment Configuration of the TOE Figure 3 - Physical TOE Boundary Figure 4 - Physical TOE Boundary in Branch Office Tunnel Mode2.3 TOE Boundaries and Scope 2.3.1 Physical Boundary2.3.1.1 TOE Environment 2.3.2 Logical BoundarySoftware Nortel VPN Switch Software VxWorks OS Contivity Hardware ApplianceFigure 6 - TOE Logical Boundary in Branch Office Tunnel Mode The World2.3.2.1 Security Audit 2.3.2.2 Cryptographic Support2.3.2.3 User Data Protection 2.3.2.7 Trusted Path/Channels 2.3.2.4 Identification and Authentication2.3.2.5 Security Management 2.3.2.6 Protection of the TOE Security Functions2.3.3 Excluded TOE Functionality 3 TOE Security Environment 3.1 Assumptions3.2 Threats to Security TE.PHYSICAL 3.2.1 Threats Addressed by the TOE3.2.2 Threats Addressed by the TOE Environment T.HACK4.1 Security Objectives for the TOE 4 Security Objectives4.2 Security Objectives for the Environment 4.2.1 IT Security Objectives4.2.2 Non-IT Security Objectives 5 IT Security Requirements 5.1 TOE Security Functional RequirementsTable 3 - TOE Security Functional Requirements Page 21 of Table 4 - Auditable Events 5.1.1 Class FAU Security AuditFAUGEN.1 Audit Data Generation FAUSAR.1 Audit reviewPage 23 of Dependencies FAUGEN.1 Audit data generationFCSCKM.1b 5.1.2 Class FCS Cryptographic SupportFCSCKM.1a Cryptographic key generation Diffie-HellmanCryptographic operation random number generation Cryptographic operation authenticationFCSCOP.1b FCSCOP.1dFMTMSA.2 Secure security attributes FDPITC.2 Import of user data with security attributes, orFCSCKM.1 Cryptographic key generation FCSCKM.4 Cryptographic key destructionFDPIFC.2a Complete information flow control VPN FDPACC.2 Complete access controlFDPACF.1 Security attribute based access control 5.1.3 Class FDP User Data ProtectionFDPIFF.1a Simple security attributes VPN FDPIFC.2b Complete information flow control FirewallFDPIFF.1b Simple security attributes Firewall FDPUCT.1 Basic data exchange confidentiality FDPUIT.1 Data exchange integrityPage 30 of FIAUID.2 User identification before any action 5.1.4 Class FIA Identification and AuthenticationFIAUAU.1 Timing of authentication FIAUAU.5 Multiple authentication mechanismsPage 32 of FMTMSA.1a Management of security attributes 5.1.5 Class FMT Security ManagementFMTMOF.1a Management of security functions behaviour FMTMOF.1b Management of security functions behaviourPage 34 of FMTMSA.1c Management of security attributesFMTMSA.2 Secure security attributes FMTMSA.3a Static attribute initialisationFMTSMR.1 Security roles FMTSMF.1 Specification of Management FunctionsFMTMSA.3b Static attribute initialisation FMTMSA.3c Static attribute initialisationPage 36 of The TSF shall be able to associate users with rolesFPTRPL.1 Replay detection FPTAMT.1 Abstract machine testingFPTTST.1 TSF testing 5.1.6 Class FPT Protection of the TSFFTPTRP.1 Trusted path 5.1.7 Class FTP Trusted Path/ChannelsFPTSTM.1 Reliable time stamps 5.2 Security Functional Requirements on the IT EnvironmentFPTRVM.1 Non-bypassability of the TSP FPTSEP.1 TSF domain separationPage 40 of Table 6 - Assurance Components 5.3 Assurance Requirements6.1 TOE Security Functions 6 TOE Summary SpecificationSecurity Log 6.1.1 Security AuditConfiguration Log Accounting LogsSystem Log Event LogTOE Security Functional Requirements Satisfied FAUGEN.1, FAUSAR.1 6.1.2 Cryptographic Support Table 8 - FIPS Validated ModulesTable 9 - FIPS-Validated Cryptographic Algorithms Page 46 of 6.1.3 User Data Protection6.1.5 Security Management 6.1.4 Identification and Authentication6.1.6.1 Power-Up Self-Tests 6.1.6 Protection of the TOE Security Functions6.1.6.2 Conditional Self-Tests 6.1.7 Trusted Path/Channels 6.2 TOE Security Assurance MeasuresPage 50 of 8 Augmentation to EAL 4+ assurance level7.1 Protection Profile Reference 7 Protection Profile Claims8 Rationale 8.1 Security Objectives RationaleTable 11 - Relationship of Security Threats to Objectives T.HACK Nortel VPN Router v7.05 and Client Workstation 2008 Nortel NetworksPage 54 of Page 55 of 8.2 Security Functional Requirements RationaleTable 12 - Relationship of Security Requirements to Objectives ObjectivesRequirements  The Primary Admin access to all the administrative functions that are used to enforce the SFP FMTMSA.3a,b,c O.REPLAY Table 13 - Functional Requirements Dependencies 8.3 Security Assurance Requirements Rationale8.4 Rationale for Strength of Function 8.5 Dependency RationaleSFR ID 9 Met by hierarchical SFR FDPACC.2Met by hierarchical SFR FDPIFC.2 Met by hierarchical SFR FIAUID.28.6 TOE Summary Specification Rationale FCSCOP.1FDPUCT.1 8.6.2.1 Configuration Management 8.6.2.2 Secure Delivery and Operation8.6.2.3 Development Page 64 of 8.6.2.4 Guidance Documentation8.6.2.5 Life Cycle Support Documents 8.6.2.6 Tests8.6.2.7 Vulnerability and TOE Strength of Function Analyses 8.7 Strength of FunctionTable 15 - Acronyms 9 AcronymsPage 67 of