Manuals / Nortel Networks / Computer Equipment / Network Router

Nortel Networks 7.11, 7.05 manual Vulnerability and TOE Strength of Function Analyses

Models: 7.11 7.05

1 67

Download 67 pages 33.01 Kb

Page 65

8.6.2.7Vulnerability and TOE Strength of Function Analyses

Security Target, Version 3.9	March 18, 2008

Corresponding CC Assurance Components:

Analysis of Coverage

High-Level Design

Functional Testing

Independent Testing

8.6.2.7Vulnerability and TOE Strength of Function Analyses

The Validation of Analysis documentation identifies all possible modes of operation of the TOE, their consequences and implications for maintaining secure operation. The Strength of TOE Security Function Analysis demonstrates the strength of the probabilistic or permutational mechanisms employed to provide security functions within the TOE and how they exceed the minimum SOF requirements. The Vulnerability Analysis documentation describes the analysis of the TOE deliverables performed to search for ways in which a user can violate the TSP, and the disposition of the identified vulnerabilities.

Corresponding CC Assurance Components:

Validation of Analysis

Strength of TOE Security Function Evaluation

Independent Vulnerability Analysis

8.7 Strength of Function

A Strength of Function rating of “SOF-basic” is claimed for this TOE to meet the EAL 4+ assurance requirements. This SOF is sufficient to resist the threats identified in Section 3. Section 4 provides evidence that demonstrates that TOE threats are countered by the TOE security objectives. Section 8 demonstrates that the security objectives for the TOE and the TOE environment are satisfied by the security requirements. The evaluated TOE is intended to operate in commercial and DoD low robustness environments processing unclassified information.

The overall TOE SOF claim is SOF-basic because this SOF is sufficient to resist the threats identified in Section 3.2. Section 8.1 provides evidence that demonstrates that TOE threats are countered by the TOE security objectives. Section 8.2 demonstrates that the security objectives for the TOE and the TOE environment are satisfied by the security requirements.

The relevant security functions and security functional requirements which have probabilistic or permutational functions are FIA_UAU.1, and FIA_UAU.5.

Nortel VPN Router v7.05 and Client Workstation v7.11	Page 65 of 67
© 2008 Nortel Networks

Image 65

Nortel Networks 7.11, 7.05 manual Vulnerability and TOE Strength of Function Analyses

Contents

Prepared for Evaluation Assurance Level EAL 4+ Document VersionPrepared by Nortel NetworksVersion Revision HistoryModification Date Modified ByTABLE OF CONTENTS Table of ContentsTOE SUMMARY SPECIFICATION REVISION HISTORYTable of Tables Table of FiguresPROTECTION PROFILE CLAIMS RATIONALE1.1 Purpose 1 Security Target Introduction1.2 Security Target, TOE and CC Identification and Conformance Table 1 - ST, TOE, and CC Identification and Conformance1.3.1 Conventions 1.3 Conventions, Acronyms, and Terminology1.3.2 Terminology Table 2 - TerminologyPage 7 of Primary Admin passwordView Nortel VPN Router rights 2 TOE Description Figure 1 - VPN Client Deployment Configuration of the TOE2.1 Product Type 2.2 Product DescriptionFigure 2 - Branch Office Deployment Configuration of the TOE 2.3 TOE Boundaries and Scope Figure 4 - Physical TOE Boundary in Branch Office Tunnel Mode2.3.1 Physical Boundary Figure 3 - Physical TOE Boundary2.3.1.1 TOE Environment 2.3.2 Logical BoundaryFigure 6 - TOE Logical Boundary in Branch Office Tunnel Mode Nortel VPN Switch Software VxWorks OS Contivity Hardware ApplianceThe World Software2.3.2.3 User Data Protection 2.3.2.1 Security Audit2.3.2.2 Cryptographic Support 2.3.2.5 Security Management 2.3.2.4 Identification and Authentication2.3.2.6 Protection of the TOE Security Functions 2.3.2.7 Trusted Path/Channels2.3.3 Excluded TOE Functionality 3.2 Threats to Security 3 TOE Security Environment3.1 Assumptions 3.2.2 Threats Addressed by the TOE Environment 3.2.1 Threats Addressed by the TOET.HACK TE.PHYSICAL4.1 Security Objectives for the TOE 4 Security Objectives4.2.2 Non-IT Security Objectives 4.2 Security Objectives for the Environment4.2.1 IT Security Objectives Table 3 - TOE Security Functional Requirements 5 IT Security Requirements5.1 TOE Security Functional Requirements Page 21 of FAUGEN.1 Audit Data Generation 5.1.1 Class FAU Security AuditFAUSAR.1 Audit review Table 4 - Auditable EventsPage 23 of Dependencies FAUGEN.1 Audit data generationFCSCKM.1a 5.1.2 Class FCS Cryptographic SupportCryptographic key generation Diffie-Hellman FCSCKM.1bFCSCOP.1b Cryptographic operation authenticationFCSCOP.1d Cryptographic operation random number generationFCSCKM.1 Cryptographic key generation FDPITC.2 Import of user data with security attributes, orFCSCKM.4 Cryptographic key destruction FMTMSA.2 Secure security attributesFDPACF.1 Security attribute based access control FDPACC.2 Complete access control5.1.3 Class FDP User Data Protection FDPIFC.2a Complete information flow control VPNFDPIFF.1a Simple security attributes VPN FDPIFC.2b Complete information flow control FirewallFDPIFF.1b Simple security attributes Firewall Page 30 of FDPUCT.1 Basic data exchange confidentialityFDPUIT.1 Data exchange integrity FIAUAU.1 Timing of authentication 5.1.4 Class FIA Identification and AuthenticationFIAUAU.5 Multiple authentication mechanisms FIAUID.2 User identification before any actionPage 32 of FMTMOF.1a Management of security functions behaviour 5.1.5 Class FMT Security ManagementFMTMOF.1b Management of security functions behaviour FMTMSA.1a Management of security attributesFMTMSA.2 Secure security attributes FMTMSA.1c Management of security attributesFMTMSA.3a Static attribute initialisation Page 34 ofFMTMSA.3b Static attribute initialisation FMTSMF.1 Specification of Management FunctionsFMTMSA.3c Static attribute initialisation FMTSMR.1 Security rolesPage 36 of The TSF shall be able to associate users with rolesFPTTST.1 TSF testing FPTAMT.1 Abstract machine testing5.1.6 Class FPT Protection of the TSF FPTRPL.1 Replay detectionFTPTRP.1 Trusted path 5.1.7 Class FTP Trusted Path/ChannelsFPTRVM.1 Non-bypassability of the TSP 5.2 Security Functional Requirements on the IT EnvironmentFPTSEP.1 TSF domain separation FPTSTM.1 Reliable time stampsPage 40 of Table 6 - Assurance Components 5.3 Assurance Requirements6.1 TOE Security Functions 6 TOE Summary SpecificationConfiguration Log 6.1.1 Security AuditAccounting Logs Security LogTOE Security Functional Requirements Satisfied FAUGEN.1, FAUSAR.1 System LogEvent Log Table 9 - FIPS-Validated Cryptographic Algorithms 6.1.2 Cryptographic SupportTable 8 - FIPS Validated Modules Page 46 of 6.1.3 User Data Protection6.1.5 Security Management 6.1.4 Identification and Authentication6.1.6.2 Conditional Self-Tests 6.1.6.1 Power-Up Self-Tests6.1.6 Protection of the TOE Security Functions 6.1.7 Trusted Path/Channels 6.2 TOE Security Assurance MeasuresPage 50 of 8 Augmentation to EAL 4+ assurance level7.1 Protection Profile Reference 7 Protection Profile ClaimsTable 11 - Relationship of Security Threats to Objectives 8 Rationale8.1 Security Objectives Rationale T.HACK Page 54 of Nortel VPN Router v7.05 and Client Workstation2008 Nortel Networks Page 55 of 8.2 Security Functional Requirements RationaleRequirements Table 12 - Relationship of Security Requirements to ObjectivesObjectives  The Primary Admin access to all the administrative functions that are used to enforce the SFP FMTMSA.3a,b,c O.REPLAY 8.4 Rationale for Strength of Function 8.3 Security Assurance Requirements Rationale8.5 Dependency Rationale Table 13 - Functional Requirements DependenciesMet by hierarchical SFR FDPIFC.2 9 Met by hierarchical SFR FDPACC.2Met by hierarchical SFR FIAUID.2 SFR IDFDPUCT.1 8.6 TOE Summary Specification RationaleFCSCOP.1 8.6.2.3 Development 8.6.2.1 Configuration Management8.6.2.2 Secure Delivery and Operation 8.6.2.5 Life Cycle Support Documents 8.6.2.4 Guidance Documentation8.6.2.6 Tests Page 64 of8.6.2.7 Vulnerability and TOE Strength of Function Analyses 8.7 Strength of FunctionTable 15 - Acronyms 9 AcronymsPage 67 of