Nortel 7.05 - Manual

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 5 of 67 © 2008 Nortel Networks 1 Security Target Introduction This section identifies the Security Target (ST), Target of Evaluation (TOE) identification, ST conventions, ST conformance claims, and ...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 6 of 67 © 2008 Nortel Networks Keywords VPN, Router, Firewall, IPSec 1.3 Conventions, Acronyms, and Terminology 1.3.1 Conventions There are several font variations used within this ST. Selected pres...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 8 of 67 © 2008 Nortel Networks 2 TOE Description This section provides a general overview of the TOE as an aid to understanding the general capabilities and security requirements provided by the TOE...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 9 of 67 © 2008 Nortel Networks mode, a Nortel VPN Router on one Enterprise network segment will establish a VPN tunnel with another Nortel VPN Router on another Enterprise network segment. All commu...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 10 of 67 © 2008 Nortel Networks Configuration of the TOE is performed via a Command Line Interface (CLI) by physically connecting a device (such as a laptop) to the serial interface of the TOE and u...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 11 of 67 © 2008 Nortel Networks In Figure 3 above, the TOE is installed at the boundary of the private (“Enterprise”) network and the public (“Internet”) network. In Figure 4 above, the TOE is insta...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 12 of 67 © 2008 Nortel Networks Legend: TOE Boundary The World Enterprise Corporate Network Internet Nortel VPN Client Workstation Nortel VPN Router VPN Tunnel Windows OS General Purpose Computing H...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 13 of 67 © 2008 Nortel Networks Nortel VPN Router: Each of the logical components contained within the physical Nortel VPN Router are included within the TOE boundary. These components are: o Nortel...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 14 of 67 © 2008 Nortel Networks Nortel VPN Routers, as well as providing protection against external attack. The architecture of the TOE ensures that VPN data is subject to enforcement of the VPN IF...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 16 of 67 © 2008 Nortel Networks 3 TOE Security Environment This section describes the security aspects of the environment in which the TOE will be used and the manner in which the TOE is expected to...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 17 of 67 © 2008 Nortel Networks Attackers who are not TOE users: These attackers have no knowledge of how the TOE operates and are assumed to possess a low skill level, a low level of motivation, li...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 18 of 67 © 2008 Nortel Networks 4 Security Objectives This section identifies the security objectives for the TOE and its supporting environment. The security objectives identify the responsibilitie...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 19 of 67 © 2008 Nortel Networks 4.2 Security Objectives for the Environment 4.2.1 IT Security Objectives The following IT security objectives are to be satisfied by the environment: OE.TIME The envi...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 20 of 67 © 2008 Nortel Networks 5 IT Security Requirements This section defines the Security Functional Requirements (SFRs) and Security Assurance Requirements (SARs) met by the TOE as well as SFRs ...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 22 of 67 © 2008 Nortel Networks 5.1.1 Class FAU: Security Audit FAU_GEN.1 Audit Data Generation Hierarchical to: No other components. FAU_GEN.1.1 The TSF shall be able to generate an audit record of...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 24 of 67 © 2008 Nortel Networks 5.1.2 Class FCS: Cryptographic Support FCS_CKM.1(a) Cryptographic key generation (Diffie-Hellman) Hierarchical to: No other components. FCS_CKM.1.1(a) The TSF shall g...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 25 of 67 © 2008 Nortel Networks FCS_COP.1.1(a) The TSF shall perform [ encryption and decryption ] in accordance with a specified cryptographic algorithm [ 3DES and AES ] and cryptographic key sizes...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 27 of 67 © 2008 Nortel Networks 5.1.3 Class FDP: User Data Protection FDP_ACC.2 Complete access control Hierarchical to: FDP_ACC.1 FDP_ACC.2.1 The TSF shall enforce the [ Access Control SFP ] on [ S...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 29 of 67 © 2008 Nortel Networks FDP_IFF.1.3(a) The TSF shall enforce the [ none ]. FDP_IFF.1.4(a) The TSF shall provide the following [ stateful Firewall, Network Address Translation (NAT), IPSec ]....

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 30 of 67 © 2008 Nortel Networks Dependencies: FDP_IFC.1 Subset information flow control FMT_MSA.3 Static attribute initialisation FDP_UCT.1 Basic data exchange confidentiality Hierarchical to: No ot...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 31 of 67 © 2008 Nortel Networks 5.1.4 Class FIA: Identification and Authentication FIA_UAU.1 Timing of authentication Hierarchical to: No other components. FIA_UAU.1.1 The TSF shall allow [ o connec...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 32 of 67 © 2008 Nortel Networks The TSF shall require each user to identify itself before allowing any other 4 TSF-mediated actions on behalf of that user. Dependencies: No dependencies 4 “Other” in...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 33 of 67 © 2008 Nortel Networks 5.1.5 Class FMT: Security Management FMT_MOF.1(a) Management of security functions behaviour Hierarchical to: No other components. FMT_MOF.1.1(a) The TSF shall restri...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 35 of 67 © 2008 Nortel Networks FMT_MSA.3(b) Static attribute initialisation Hierarchical to: No other components. FMT_MSA.3.1(b) The TSF shall enforce the [ Firewall Information Control SFP ] to pr...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 36 of 67 © 2008 Nortel Networks The TSF shall maintain the roles [ Primary Admin, Restricted Admin, VPN User ]. FMT_SMR.1.2 The TSF shall be able to associate users with roles. Dependencies: FIA_UID...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 37 of 67 © 2008 Nortel Networks 5.1.6 Class FPT: Protection of the TSF FPT_AMT.1 Abstract machine testing Hierarchical to: No other components. FPT_AMT.1.1 The TSF shall run a suite of tests [ durin...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 38 of 67 © 2008 Nortel Networks 5.1.7 Class FTP: Trusted Path/Channels FTP_TRP.1 Trusted path Hierarchical to: No other components. FTP_TRP.1.1 The TSF shall provide a communication path between its...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 39 of 67 © 2008 Nortel Networks 5.2 Security Functional Requirements on the IT Environment The TOE has the following security requirement for its IT environment. Table 5 identifies all SFRs implemen...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 40 of 67 © 2008 Nortel Networks The TSF TOE Environment shall be able to provide reliable time stamps for it’s the TOE’s own use. Dependencies: No dependencies

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 41 of 67 © 2008 Nortel Networks 5.3 Assurance Requirements This section defines the assurance requirements for the TOE. The assurance requirements are taken from Part 3 of the CC and are EAL 4 augme...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 42 of 67 © 2008 Nortel Networks 6 TOE Summary Specification This section presents information to detail how the TOE meets the functional and assurance requirements described in previous sections of ...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 43 of 67 © 2008 Nortel Networks TOE Security Function SFR ID Description FMT_MSA.3(b) Static Attribute Initialization FMT_MSA.3(c) Static Attribute Initialization FMT_SMF.1 Specification of Manageme...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 44 of 67 © 2008 Nortel Networks System Log The System Log records data about System events which are considered significant enough to be written to disk, including those displayed in the Configurati...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 45 of 67 © 2008 Nortel Networks 6.1.2 Cryptographic Support The TOE’s cryptographic functionality is provided by a FIPS 140-2-validated cryptographic module. All modules have received either a Level...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 46 of 67 © 2008 Nortel Networks for reuse. This ensures that the keys are completely destroyed before any other process might have access to that memory location. TOE Security Functional Requirement...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 47 of 67 © 2008 Nortel Networks VPN Information Flow Control SFP and Firewall Information Flow Control SFP: Both SFPs enforce a stateful Firewall. Each time a TCP connection is established from a ho...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 48 of 67 © 2008 Nortel Networks functions. The VPN User has no access to administrative functions and may only authenticate to the Nortel VPN Router through the Nortel VPN Client in order to access ...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 49 of 67 © 2008 Nortel Networks o Runs when a random number needs to be generated. Continuous RNG for Entropy Gathering: Verifies that the seed for the FIPS 182-2 PRNG is not failing to a constant v...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 50 of 67 © 2008 Nortel Networks Assurance Component Assurance Measure ALC_DVS.1 Nortel Networks Virtual Private Network Router v7.05 Life Cycle Support ALC_FLR.2 8 Nortel Networks Virtual Private Ne...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 51 of 67 © 2008 Nortel Networks 7 Protection Profile Claims This section provides the identification and justification for any Protection Profile conformance claims. 7.1 Protection Profile Reference...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 52 of 67 © 2008 Nortel Networks 8 Rationale This section provides the rationale for the selection of the security requirements, objectives, assumptions, and threats. In particular, it shows that the...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 54 of 67 © 2008 Nortel Networks TE.PHYSICAL An attacker may physically attack the Hardware appliance in order to compromise its secure operation. The environment ensures that the TOE is physically p...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 55 of 67 © 2008 Nortel Networks This may mean the environment provides a connection to a trusted Certificate Authority, or that the required certificates are otherwise available to the TOE. It is as...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 56 of 67 © 2008 Nortel Networks Table 12 - Relationship of Security Requirements to Objectives Objectives Requirements O .I &A O .AUDIT O .SEL FPRO TECT O .CO NFIDENT O .F UN CTION S O .ADM IN O...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 58 of 67 © 2008 Nortel Networks required to use SHA-1 and it must be implemented according to RFC 3174 [FCS_CKM.1(a), FCS_CKM.4, and FCS_COP.1(a,b,c,d,e,f)]. O.CONFIDENT The TOE must use the IPSec t...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 59 of 67 © 2008 Nortel Networks The TSF is required to perform security management functions such as create users and assign roles to users [FMT_SMF.1]. The TOE must be able to recognize the differe...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 60 of 67 © 2008 Nortel Networks authorized users with the ability to verify the integrity of TSF Data and TSF executable code [FPT_AMT.1 and FPT_TST.1]. OE.TIME The environment must provide reliable...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 62 of 67 © 2008 Nortel Networks SFR ID Dependencies Dependency Met FPT_TST.1 FPT_AMT.1  FTP_TRP.1 [none]  8.6 TOE Summary Specification Rationale 8.6.1 TOE Summary Specification Rationale for the ...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 63 of 67 © 2008 Nortel Networks 8.6.2 TOE Summary Specification Rationale for the Security Assurance Requirements 8.6.2.1 Configuration Management The Configuration Management documentation provides...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 64 of 67 © 2008 Nortel Networks Corresponding CC Assurance Components: Functional Specification with Complete Summary Security-Enforcing High-Level Design Descriptive Low-Level Design Implementation...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 65 of 67 © 2008 Nortel Networks Corresponding CC Assurance Components: Analysis of Coverage High-Level Design Functional Testing Independent Testing 8.6.2.7 Vulnerability and TOE Strength of Functio...

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client Workstation v7.11 Page 66 of 67 © 2008 Nortel Networks 9 Acronyms Table 15 - Acronyms Acronym Definition 3DES Triple DES AES Advanced Encryption Standard CC Common Criteria CLI Command Line Interface CPU Central Processin...