Table of Contents
Advertisement
Security Target, Version 3.9
FDP_IFF.1.3(a)
The TSF shall enforce the [none].
FDP_IFF.1.4(a)
The TSF shall provide the following [stateful Firewall, Network Address Translation (NAT), IPSec].
FDP_IFF.1.5(a)
The TSF shall explicitly authorise an information flow based on the following rules: [none].
FDP_IFF.1.6(a)
The TSF shall explicitly deny an information flow based on the following rules: [none].
Dependencies:
FDP_IFC.1 Subset information flow control
FMT_MSA.3 Static attribute initialisation
FDP_IFF.1(b) Simple security attributes (Firewall)
Hierarchical to: No other components.
FDP_IFF.1.1(b)
The TSF shall enforce the [Firewall Information Flow Control SFP] based on the following types of
subject and information security attributes: [
o
Source, destination interface;
o
Source, destination IP addresses;
o
Source, destination port;
o
Direction
o
Service].
FDP_IFF.1.2(b)
The TSF shall permit an information flow between a controlled subject and controlled information via a
controlled operation if the following rules hold: [attempted connection from external source has an entry in
the state-based connection table permitting its inflow].
FDP_IFF.1.3(b)
The TSF shall enforce the [none].
FDP_IFF.1.4(b)
The TSF shall provide the following [stateful Firewall, Network Address Translation (NAT)].
FDP_IFF.1.5(b)
The TSF shall explicitly authorise an information flow based on the following rules: [none].
FDP_IFF.1.6(b)
The TSF shall explicitly deny an information flow based on the following rules: [if packet sequence
number indicates repeated packet, signaling a replay attack].
Nortel VPN Router v7.05 and Client Workstation v7.11
© 2008 Nortel Networks
March 18, 2008
Page 29 of 67
Advertisement
Table of Contents
