Nortel VPN Router v7.05 User Manual page 14

Security Target, Version 3.9
Nortel VPN Routers, as well as providing protection against external attack. The architecture of the TOE ensures
that VPN data is subject to enforcement of the VPN IFC SFP, and that all data passing through the firewall is subject
to enforcement of the Firewall IFC SFP. These SFPs are enforced by the TOE based upon the privilege criteria
defined in the SFPs.
2.3.2.4 Identification and Authentication
All identification and authentication for the TOE occurs on the Nortel VPN Router and is based on user attributes.
Each user has a username, password, and one or more assigned roles. The TOE ensures that users are authenticated
prior to any use of the TOE functions, and user authentication is performed using a unique username and password
combination.
TOE users must identify and authenticate their identities in order to gain access to services provided by the TOE.
Identification and authentication is enforced by the Nortel VPN Router, the GUI, and the CLI. The Nortel VPN
Client accepts two types of authentication credentials: a username/password combination or a digital certificate.
The GUI and CLI accepts username/password authentication.
2.3.2.5 Security Management
The TOE maintains three main user roles:
Primary Admin
Restricted Admin
VPN User
The Primary Admin has full administrative access to the TOE; the Restricted Admin has access to specific
administrative functions as defined by the Primary Admin; and the VPN User has no administrative privileges and
can only connect to the Nortel VPN Router via the Nortel VPN Client.
The Primary Admin and Restricted Admins perform administrative and troubleshooting tasks via the GUI, and they
perform configuration tasks via the CLI. VPN Users utilize the Nortel VPN Client to access the private network
through the Nortel VPN Router. After successful authentication to the TOE, users can access only the management
functions to which their role grants them access. As described in the SFP, management and modification of TOE
security attributes is restricted to authorized administrators in order to ensure that only secure values are accepted for
those security attributes and that the default values used for initialization of the security attributes are not
maliciously altered.
2.3.2.6 Protection of the TOE Security Functions
The TOE runs a series of self-tests both at initial TOE start-up and periodically during normal TOE operation.
These tests check for the correct operation of the TSFs. The TOE is able to detect IPSec sessions replay attacks and
take appropriate countermeasures (by dropping the suspect packets) while performing the self-tests. The TOE's
architecture is specifically designed to eliminate the possibility of any user bypassing the TSFs. Users must be
identified and authenticated before the TOE will make any actions on their behalf. The underlying OS is not
accessible by any TOE user (authorized or unauthorized).
2.3.2.7 Trusted Path/Channels
Connections from the Nortel VPN Client to the Nortel VPN Router are initiated by the VPN Users. IPSec is
required during these connections in order to ensure that the communication is via a trusted path. The architecture
of the TOE and of the IPSec protocol ensures that the trusted paths between the Nortel VPN Router and the Nortel
VPN Clients are logically distinct and secure.
3
The Nortel VPN Client also supports the use of Smart Cards for authentication. Smart Card authentication is
beyond the scope of this evaluation and is not included in the evaluated configuration.
Nortel VPN Router v7.05 and Client Workstation v7.11
© 2008 Nortel Networks
March 18, 2008
3
Page 14 of 67