Security Target, Version 3.9March 18, 2008
System Log | The System Log records data about System events which are considered significant enough |
| to be written to disk, including those displayed in the Configuration and Security logs. |
| Examples of events that would appear in the System log include: |
| LDAP activity |
| Configuration activity |
| Server authentication and authorization requests |
| The following list gives the general format of System Log entries: |
| Time stamp |
| Task that issued the event (“tEvtLgMgr”, “tObjMgr”, “tHttpdTask”) |
| A number that indicates the Central Processing Unit (CPU) that issued the event |
| (“0” = “CPU(0)”, “1” = “CPU(1)”) |
| Software module that issued the event |
| A number that indicates the event’s persistence (“0” = |
| “persistent”) |
| A number that indicates the event’s severity level (“0” = “Debug”, “1” = “Low”, |
| “2” = “Medium”, “3” = “High”) |
| Rule section matched by this event |
| Matching packet source, destination, protocol, and action configured for the |
| matched rule |
Event Log | The Event Log records detailed data about all events that take place on the system. These |
| entries are not necessarily written to disk (as with the System Log). The Event Log records |
| data about all system activity |
| System Log (i.e., on disk). |
| The Event Log includes information on tunneling, security, backups, debugging, hardware, |
| security, daemon processes, software drivers, interface card driver events, and other system |
| components and event types. |
| The Event Log retains the most recent 2000 log entries. Once this maximum capacity has |
| been reached the Event Log overwrites the oldest entry when a new entry needs to be made. |
TOE administrators interact with the TOE through the management GUI [or CLI], but unprivileged TOE users are restricted to establishing VPN sessions with the TOE via the Nortel VPN Client. All of the user actions (detailed above) performed through either of these interfaces are recorded in the appropriate audit log. The TOE creates an audit record when a TOE user causes any of the events in “Table 4 - Auditable Events” to occur. Audit records generated in the Nortel VPN Router are stored locally as flat files on internal storage with no direct TOE administrator access.
Since audit functionality is critical to the secure operation of the TOE, both internal and external backups of the audit logs are supported. Automatic backup and archiving of the logs ensures that the logs are always available. External storage backup of audit records occurs outside of the TOE and it is the administrator’s responsibility to specify an external backup server.
TOE administrators may view audit records via a management GUI display (in a manner suitable for human consumption and understanding). This display includes the date and time of the event; the type of event; the subject identity; the outcome (success or failure) of the event; and the identity of the user responsible for the event. TOE users can read audit records only through the TOE’s management GUI, and only after being authenticated to an appropriately privileged role. TOE users are never given write access to the audit records.
TOE Security Functional Requirements Satisfied: FAU_GEN.1, FAU_SAR.1.
Nortel VPN Router v7.05 and Client Workstation v7.11 | Page 44 of 67 |
© 2008 Nortel Networks |
|
