Manuals / Nortel Networks / Computer Equipment / Network Router

Nortel Networks 7.11, 7.05 manual  The Primary Admin access to all the administrative functions

Models: 7.11 7.05

1 67
Download 67 pages 33.01 Kb
Page 57
Image 57
The Primary Admin access to all the administrative functions.

Security Target, Version 3.9

March 18, 2008

 

 

 

Objectives

 

 

 

 

 

 

 

 

 

 

 

 

 

Requirements

O.I&A

O.AUDIT

O.SELFPROTECT

O.CONFIDENT

O.FUNCTIONS

O.ADMIN

O.INTEGRITY

O.REPLAY

O.FILTER

O.TEST

OE.TIME

OE.PROTECT

OE.NONBYPASS

 

 

 

 

 

 

 

 

 

 

 

 

 

 

FPT_AMT.1

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

FPT_RLT.1

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

FPT_TST.1

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

FTP_TRP.1

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Env

FPT_RVM.1

 

 

 

 

 

 

 

 

 

 

 

 

FPT_SEP.1

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

FPT_STM.1

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

O.I&A

The TOE must be able to identify and authenticate users prior to allowing access to TOE

 

functions and data.

The TOE is required to enforce the Access Control SFP on subject and object by only allowing operations permitted by the Access Control SFP [FDP_ACC.2]. Prior to allowing an operation of subjects performed on an object, the TOE is required to check the authentication status and the privilege of the subject. Upon authentication, the TOE is required to provide

The Primary Admin access to all the administrative functions.

The Restricted Admin access to only authorized administrative functions while denying access to non authorized functions.

The VPN User access to only the private network protected by the VPN while denying access to the administrative functions of the VPN.[FDP_ACF.1].

The TOE is required to allow to the user access to very limited functions prior to successfully authenticating and identifying themselves. Prior to accessing the functions of the TOE, users are required to successfully identify and authenticate themselves. The TOE is required to provide to users the following authentication mechanisms: username and password, RSA digital certificates. [FIA_UAU.1, FIA_UAU.5, and FIA_UID.2].

O.AUDIT

The TOE must record audit records for data accesses and use of the System functions.

Security-relevant events must be defined and auditable for the TOE and all audit records will be associated with a user identity [FAU_GEN.1]. The TOE must provide the ability to review the audit trail of the System [FAU_SAR.1]. Time stamps associated with an audit record must be reliable [FPT_STM.1].

O.SELFPROTECT The TOE must protect itself from unauthorized modifications and access to its functions and data.

The TOE is required to use the specified algorithms to better protect itself. The RSA suite of algorithms and the Diffie-Hellman algorithm used by the TOE for cryptographic operations must be implemented according to RFC 3447 for RSA and RFC 2631 for Diffie-Hellman. The TOE is required to destroy unused keys by zeroizing them. For encryption and decryption operations, the TOE is required to use the 3DES and AES algorithms and they must be implemented according to FIPS 46-3 for 3DES and FIPS 197 for AES. For authentication, the TOE is required to use HMAC-SHA-1 and it must be implemented according to RFC 2104. For hashing, the TOE is

Nortel VPN Router v7.05 and Client Workstation v7.11

Page 57 of 67

© 2008 Nortel Networks

Page 56 Page 58
Page 57
Image 57
Nortel Networks 7.11, 7.05 manual  The Primary Admin access to all the administrative functions
Page 56 Page 58