1. Manuals
  2. Brands
  3. Zte Manuals
  4. Network Router
  5. ZXR10 M6000 Series
  6. Manual

Zte ZXR10 M6000 Series Manual

Routers and switches running the zxrosng operating system
Hide thumbs
Table of Contents

Advertisement

Quick Links

ZXR10 M6000&T8000&8900E
Series Routers and Switches Running the
ZXROSNG Operating System
Security Target
ZTE CORPORATION
NO. 55, Hi-tech Road South, ShenZhen, P.R.China
Postcode: 518057
Tel: +86-755-26771900
Fax: +86-755-26770801
URL: http://ensupport.zte.com.cn
E-mail: support@zte.com.cn
Version: R1.6

Advertisement

Table of Contents
loading

Related Manuals for Zte ZXR10 M6000 Series

Summary of Contents for Zte ZXR10 M6000 Series

  • Page 1 ZXR10 M6000&T8000&8900E Series Routers and Switches Running the ZXROSNG Operating System Security Target ZTE CORPORATION NO. 55, Hi-tech Road South, ShenZhen, P.R.China Postcode: 518057 Tel: +86-755-26771900 Fax: +86-755-26770801 URL: http://ensupport.zte.com.cn E-mail: support@zte.com.cn Version: R1.6...
  • Page 2 ZTE CORPORATION is prohibited. Additionally, the contents of this document are protected by contractual confidentiality obligations. All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE CORPORATION or of their respective owners.

  • Page 3: Table Of Contents

    Contents Chapter 1 ST INTRODUCTION..............1-1 1.1 ST IDENTIFICATION..................1-1 1.1.1 ST Title....................1-1 1.1.2 References ....................1-1 1.2 TOE IDENTIFICATION ..................1-2 1.3 TOE OVERVIEW ....................1-4 1.3.1 Intended usage and security features of the TOE ........1-4 1.3.2 Non-TOE components ................1-4 1.4 TOE DESCRIPTION...................
  • Page 4 6.1.2 Identification & Authentication ..............6-3 6.1.3 Security Management................6-4 6.1.4 TOE Access..................... 6-7 6.1.5 User data protection ................. 6-7 6.1.6 Trusted Channel..................6-9 Chapter 7 RATIONALE ................7-1 7.1 RATIONALE FOR SECURITY OBJECTIVES ............7-1 7.1.1 Rationale for Security Objectives for the TOE..........7-1 7.1.2 Rationale for Security Objectives for the Environment.........

  • Page 5: Chapter 1 St Introduction

    TOE OVERVIEW......................1-4 TOE DESCRIPTION ....................1-5 1.1 ST IDENTIFICATION 1.1.1 ST Title V1.6 of the Security Target for the ZXR10 M6000&T8000&8900E Series Routers and Switches running the ZXROSNG Operating System. 1.1.2 References The following documentation was used to prepare this ST.

  • Page 6: Toe Identification

    ZXR10 M6000&T8000&8900E Security Target 1.2 TOE IDENTIFICATION This Security Target describes the M6000&T8000&8900E Series of Routers and Switches running the ZXROSNG Operating System v1.00.20. The M6000&T8000&8900E series consists of the following: Table 1-1 M6000&T8000&8900E Series Models Series Model Interface Description...
  • Page 7 8900E Series 1 x Ethernet Management Interface à 1 x RS232 Console à LIC supported interfaces: 8-port 10GE Optical Ethernet à 12-port 10GE Optical interface à 48-port Gigabit Electrical interface à à 48 port Gigabit Optical interface SJ-20110815105844-030|2011/08/19(R1.6) ZTE CORPORATION...

  • Page 8: Toe Overview

    1.3 TOE OVERVIEW 1.3.1 Intended usage and security features of the TOE The TOE is ZXR10 M6000&T8000&8900E series routers and switches running the ZXROSNG 1.00.20. The TOE enables the delivery of metro Ethernet services and high-density service-aware Ethernet aggregation over IP/ MPLS-based networks.

  • Page 9: Toe Description

    SNMP/SYSLOG server, the NTP server and the RADIUS/TACACS+ server to the TOE. 1.4 TOE DESCRIPTION The TOE is ZXR10 M6000&T8000&8900E series routers and switches running on ZXROSNG. M6000&T8000 router is a device that determines the next network point to which a packet should be forwarded toward its destination.

  • Page 10: Physical Scope

    ZXR10 M6000&T8000&8900E Security Target Control Plane The control plane receives configuration commands, protocol information and keep-alive packets from other planes to implements the following functions: Configuration of command parameter, displaying statistics and status information. Local authentication, RADIUS authentication and TACACS+ authentication...

  • Page 11: Logical Scope

    Chapter 1 ST INTRODUCTION ZXR10 M6000-16 ZTE ZXR10 Software, à Version: M6000 v1.00.30(1.0.70), ZXROSNG V1.00.20, Release software Build on 2011/06/07 09:27:25 ZXR10 T8000-16 ZTE ZXR10 Software, à Version: T8000v1.00.12(1.0.70), ZXROSNG V1.00.20, Release software Build on 2011/06/07 09:27:25 à ZXR10 8902E Software, 8900&8900E Version: V3.00.01.B08P06, ZXROSNG V1.00.20 RE-...

  • Page 12: Evaluated Configuration

    ZXR10 M6000&T8000&8900E Security Target addresses only the client-side support of RADIUS and TACACS+: the servers themselves are out-of-scope. Profiles: Administrator profiles are configured to permit or deny access to a hierarchical branch or specific commands. Audit: The TOE provides an audit feature for actions related to authentication attempts...
  • Page 13 × × VLAN Not evaluated: Virtual LAN × Mitigate DoS Denial of service × attack URPF Unicast Reverse Path Forwarding × Not permitted in the evaluated × × configuration: WebVPN, IPSec, IKE, L2TP (Layer 2 Tunneling Protocol). SJ-20110815105844-030|2011/08/19(R1.6) ZTE CORPORATION...
  • Page 14 ZXR10 M6000&T8000&8900E Security Target Feature Description Evaluated Permitted Evaluated IPSEC Not evaluated: IPSec provides × confidentiality, authenticity and integrity for IP data transmitted between trusted (private) networks or remote clients over untrusted (public) links or networks. 1-10 SJ-20110815105844-030|2011/08/19(R1.6) ZTE CORPORATION...

  • Page 15: Chapter 2 Conformance Claims

    CC, version 3.1R3, as defined by [CCp1], [CCp2], [CCp3] and [CEM]. CC Part 2 as CC Part 2 conformant CC Part 3 as CC Part 3 conformant This ST conforms to no Protection Profile. This ST conforms to EAL 3+ALC_FLR.2, and to no other packages. SJ-20110815105844-030|2011/08/19(R1.6) ZTE CORPORATION...
  • Page 16 ZXR10 M6000&T8000&8900E Security Target This page intentionally left blank. SJ-20110815105844-030|2011/08/19(R1.6) ZTE CORPORATION...

  • Page 17: Chapter 3 Security Problem Definition

    Actions performed by users may not be known to the administrators due to actions not being recorded or the audit records not being reviewed prior to the machine shutting down, or an unauthorized administrator modifies or destroys audit data. SJ-20110815105844-030|2011/08/19(R1.6) ZTE CORPORATION...

  • Page 18: Assumption

    ZXR10 M6000&T8000&8900E Security Target THREAT DESCRIPTION T.NO_PRIVILEGE An unauthorized user may gain access to inappropriately view, tamper, modify, or delete TOE Security Functionality data. T.MEDIATE An unauthorized entity may send impermissible information through the TOE which results in the exploitation of resources on the network.

  • Page 19: Operational Assumptions

    TOE. All administrators are “vetted” to help ensure their trustworthiness, and administrator connectivity to the TOE is restricted. P.ROUTE The TOE must be able to accept routing data from trusted routers SJ-20110815105844-030|2011/08/19(R1.6) ZTE CORPORATION...
  • Page 20 ZXR10 M6000&T8000&8900E Security Target This page intentionally left blank. SJ-20110815105844-030|2011/08/19(R1.6) ZTE CORPORATION...

  • Page 21: Chapter 4 Security Objectives

    The TOE will provide mechanisms that control an administrator’s logical access to the TOE and to deny access to unattached session to configure the TOE. O.ROUTE The TOE shall be able to accept routing data from trusted routers according to BGPv4/OSPFv2/IS-IS/RIPv2. SJ-20110815105844-030|2011/08/19(R1.6) ZTE CORPORATION...

  • Page 22: Security Objectives For The Environment

    ZXR10 M6000&T8000&8900E Security Target 4.2 SECURITY OBJECTIVES FOR THE ENVIRONMENT The following IT security objectives for the environment are to be addressed by the operational environment via technical means. Table 4-2 Security Objective for the environment OBJECTIVES DESCRIPTION OE.TIMES NTP server must be available to provide accurate/synchronized time services to the TOE.

  • Page 23: Chapter 5 Security Requirements

    5.1.1 Overview The security functional requirements for this ST consist of the following components from Part 2 of the CC. Table 5-1 TOE Security Functional Requirements CC Part 2 Security Functional Components Identifier Name FAU_GEN.1 Audit data generation SJ-20110815105844-030|2011/08/19(R1.6) ZTE CORPORATION...
  • Page 24 ZXR10 M6000&T8000&8900E Security Target FAU_GEN.2 User identity association FAU_SAR.1 Audit review FAU_STG.1 Protected audit trail storage FAU_STG.4 Prevention of audit data loss FDP_IFC.1(1) Subset information flow control (unauthenticated policy) FDP_IFF.1(1) Simple security attributes (unauthenticated policy) FDP_IFC.1(2) Subset information flow control (export policy) FDP_IFF.1(2)
  • Page 25 1. Date and time of the event, type of event, subject identity (if applicable), and the outcome (success or failure) of the event; and 2. For each audit event type, based on the auditable event definitions of the functional components included in the ST [none]. SJ-20110815105844-030|2011/08/19(R1.6) ZTE CORPORATION...

  • Page 26: Fau_Gen.2

    ZXR10 M6000&T8000&8900E Security Target Application Note: There is no success / failure concept for Alarm log. Therefore there is no outcome (success or failure) for alarm log. 5.1.2.2 FAU_GEN.2 User identity association FAU_GEN.2.1 For audit events resulting from actions of identified users, the TSF shall be able to associate each auditable event with the identity of the user that caused the event.

  • Page 27: Fdp_Iff.1

    2. when the outgoing interface of the source routing packet is different from the ingoing interface, the packet will be dropped. (URPF) 3. when the semi-connection statistics information of the TCP SYN flood exceeds configured threshold, the TOE suppresses these attacks.] SJ-20110815105844-030|2011/08/19(R1.6) ZTE CORPORATION...

  • Page 28: Fdp_Ifc.1

    ZXR10 M6000&T8000&8900E Security Target FDP_IFF.1.4 The TSF shall explicitly authorize an information flow based on the following rules: [none]. FDP_IFF.1.5 The TSF shall explicitly deny an information flow based on the following rules: 1. [the TOE shall reject requests for access or services where the source identity of the information received by the TOE is not included in the set of source identifiers for the source subject;...

  • Page 29: Fdp_Uit.1

    4. Either the administrator must change his password at the first login, or the administrator is not forced to change his password at the first login, as configured by the administrator] Application Note: the TOE cannot enforce this SFR when performing remote authentication with RADIUS/TACACS+ server. SJ-20110815105844-030|2011/08/19(R1.6) ZTE CORPORATION...

  • Page 30: Fia_Uau.2

    ZXR10 M6000&T8000&8900E Security Target 5.1.2.13 FIA_UAU.2 User authentication before any action FIA_UAU.2.1 The TSF shall require each administrator to be successfully authenticated before allowing any other TSF-mediated actions on behalf of that administrator. 5.1.2.14 FIA_UAU.5 Multiple authentication mechanisms FIA_UAU.5.1 The TSF shall provide [client RADIUS, TACACS+, and local authentication mechanisms] to support user authentication.

  • Page 31: Fmt_Mtd.1

    The TSF shall be able to associate users with roles. Application Note: although there is only one administrator role. However each administrator account has his privilege level and corresponding management scope. The management scope of each privilege level is configurable. All commands are assigned a SJ-20110815105844-030|2011/08/19(R1.6) ZTE CORPORATION...

  • Page 32: Fpt_Stm.1

    ZXR10 M6000&T8000&8900E Security Target required privilege level. The administrator can execute commands with required privilege levels lower than or equal to his privilege level. 5.1.2.24 FPT_STM.1 Reliable time stamps FPT_STM.1.1 The TSF shall be able to provide reliable time stamps for its own use.

  • Page 33: Ftp_Itc.1

    Operational user guidance AGD: Guidance documents AGD_PRE.1 Preparative procedures ALC_CMC.3 Authorisation controls ALC_CMS.3 Implementation representation CM coverage ALC_DEL.1 Delivery procedures ALC: Life-cycle support ALC_DVS.1 Identification of security measures ALC_FLR.2 Flaw reporting procedures ALC_LCD.1 Developer defined life-cycle model 5-11 SJ-20110815105844-030|2011/08/19(R1.6) ZTE CORPORATION...
  • Page 34 ZXR10 M6000&T8000&8900E Security Target ATE_COV.2 Analysis of coverage ATE_DPT.1 Testing: basic design ATE: Tests ATE_FUN.1 Functional testing ATE_IND.2 Independent testing - sample AVA: Vulnerability AVA_VAN.2 Vulnerability analysis Assessment 5-12 SJ-20110815105844-030|2011/08/19(R1.6) ZTE CORPORATION...

  • Page 35: Chapter 6 Toe Summary Specification

    1. I&A authentication success 2. I&A authentication failure user management alarm 1. user account is locked 2. user account is unlocked 3. user account is enabled 4. user account is disabled RADIUS alarm log SJ-20110815105844-030|2011/08/19(R1.6) ZTE CORPORATION...
  • Page 36 ZXR10 M6000&T8000&8900E Security Target 1. RADIUS authentication group is unreachable 2. RADIUS accounting server group is unreachable 3. RADIUS buffer queue exceeds the threshold NTP alarm log 1. The clock of NTP server and client are not synchronized ACL alarm ACL alarm 1.

  • Page 37: Identification & Authentication

    TOE. So this SFR is only enforced when performing local authentication. FIA_UAU.2 User authentication before any action The TOE is configured to use RADIUS, TACACS+, and local/remote authentication to validate administrators requesting access to the network. The password authentication SJ-20110815105844-030|2011/08/19(R1.6) ZTE CORPORATION...

  • Page 38: Security Management

    ZXR10 M6000&T8000&8900E Security Target is processed between RADIUS and local or TACACS+ and local passwords are specifically configured. The order of TACACS+ and local can be configured. The allowed authentication models are listed below: 1. Local only 2. RADIUS only 3.
  • Page 39 3. transport layer protocol and their flags and attributes (UDP, TCP); 4. network layer protocol (IP, ICMP); 5. interface on which traffic arrives and departs; and 6. routing protocols and their configuration and state. Simple security attributes (export policy) SJ-20110815105844-030|2011/08/19(R1.6) ZTE CORPORATION...
  • Page 40 ZXR10 M6000&T8000&8900E Security Target The event log is configured to send events to one SYSLOG destination. SYSLOG destinations have the following properties: 1. SYSLOG server IP address. 2. The UDP port used to send the SYSLOG message. 3. The SYSLOG Facility Code (0 - 23): default 16 (local 0).

  • Page 41: Toe Access

    Also the TOE provide exporting log to SYSLOG and SNMP servers. FDP_IFC.1(1) Subset information flow control (unauthenticated policy) The TOE enforces an UNAUTHENTICATED SFP whereby the network packets sent and/or received through the TOE to IT entity. FDP_IFC.1(2) Subset information flow control (export policy) SJ-20110815105844-030|2011/08/19(R1.6) ZTE CORPORATION...
  • Page 42 ZXR10 M6000&T8000&8900E Security Target The TOE enforces an EXPORT SFP whereby information events are sent from the TOE to SNMP trap and SYSLOG destinations. The TOE will only send audit and management data to properly configured destinations FDP_IFF.1(1) Simple security attributes (unauthenticated policy) The TOE supports routing of the traffic that is permitted by the information flow policies.

  • Page 43: Trusted Channel

    TOE. FTP_ITC.1 The TSF shall provide a communication channel between itself and a remote administration client. Secure remote administration is provided by SSH. The communication between TOE and RADIUS/TACACS+/NTP server is protected by the trusted channel. SJ-20110815105844-030|2011/08/19(R1.6) ZTE CORPORATION...
  • Page 44 ZXR10 M6000&T8000&8900E Security Target This page intentionally left blank. 6-10 SJ-20110815105844-030|2011/08/19(R1.6) ZTE CORPORATION...

  • Page 45: Table 7-1 Mapping Of Security Objectives To Threats/Osp

    This section provides a mapping of environment security objectives to those assumptions that must be met. Since the Security Objectives for the Operational environment were derived directly from the Assumptions there is a one to one mapping between them. It SJ-20110815105844-030|2011/08/19(R1.6) ZTE CORPORATION...

  • Page 46: Table 7-2 Mapping Of Assumptions To Security Objectives For The Operational Environment

    ZXR10 M6000&T8000&8900E Security Target is also clear since the Security Objectives for the Operational environment are simply a restatement of the applicable assumption, that each objective is suitable to meet its corresponding assumption. Table 7-2 Mapping of Assumptions to Security Objectives for the Operational Environment OE.NO_EVIL&TR-...

  • Page 47: Table 7-4 Mapping Of The Rationale Of Toe Security Requirements To Objectives

    FAU_STG.4 requires that unauthorised deletion of audit records does not occur, and thus helps to maintain accountability for actions SJ-20110815105844-030|2011/08/19(R1.6) ZTE CORPORATION...
  • Page 48 ZXR10 M6000&T8000&8900E Security Target OBJECTIVES SFR Rationale FPT_STM.1 ensures that reliable time stamps are provided for audit records FTP_ITC.1(3) requires that the timestamp is protected by trusted channels. O.MANAGE This objective is met by: The TOE must provide services that allow FMT_MOF.1 allows the authorized users...
  • Page 49 This objective is met by: The TOE shall be able to accept routing FDP_UIT.1 transmits and receives routing data from trusted routers according to data to/from trusted routers in a manner BGPv4/OSPFv2/IS-IS/RIPv2. protected from modification, insertion and replay errors. SJ-20110815105844-030|2011/08/19(R1.6) ZTE CORPORATION...

  • Page 50: Rationale For Security Assurance Requirements

    ZXR10 M6000&T8000&8900E Security Target 7.2.2 Rationale for Security Assurance Requirements The ST requires EAL3 augmented with ALC_FLR.2 assurance. EAL3 augmented with ALC_FLR.2 was chosen because it is based upon good commercial development practices with thorough functional testing. EAL3 provides the developers and users a moderate level of independently assured security in conventional commercial TOE.
  • Page 51 FMT_MTD.1(2) FMT_SMR.1 FMT_SMF.1 FMT_MTD.1(3) FMT_SMR.1 FMT_SMF.1 FMT_MTD.1(4) FMT_SMR.1 FMT_SMF.1 FMT_SMF.1 No dependencies FMT_SMR.1 FIA_UID.1 FPT_STM.1 No dependencies FTA_SSL.3 No dependencies FTA_TSE.1 No dependencies FTP_ITC(1) No dependencies FTP_ITC(2) No dependencies FTP_ITC(3) No dependencies There are no unsatisfied dependencies. SJ-20110815105844-030|2011/08/19(R1.6) ZTE CORPORATION...
  • Page 52 ZXR10 M6000&T8000&8900E Security Target This page intentionally left blank. SJ-20110815105844-030|2011/08/19(R1.6) ZTE CORPORATION...

  • Page 53: Table A-1 Document Terminology

    Multi-Protocol Label MPLS technology implements the delivery of highly Switching scalable, differentiated, end-to-end IP and VPN services. The technology allows core network routers to operate at higher speeds without examining each packet in detail, and allows differentiated services. SJ-20110815105844-030|2011/08/19(R1.6) ZTE CORPORATION...
  • Page 54 ZXR10 M6000&T8000&8900E Security Target Management The MPU of ZXR10 M6000&T8000 has two processor Process Unit systems. One is Route Process Module (RPM), and the other is Management Process Module (MPM). ZXR10 M6000&T8000 can connect to the maintenance background through the 10/100/1000M Ethernet electrical port and the Console port on the MPU for the maintenance and management of the system.
  • Page 55 Appendix A Document Terminology Switch Fabric Unit The SFU of ZXR10 M6000-8 adopts 2+1 redundancy backup. The SFU of ZXR10 M6000-16&T8000 adopts 3+1 redundancy backup. Several SFUs can work at the same time. When a SFU is broken or plugged out, interface access and processing ability are not affected.
  • Page 56 ZXR10 M6000&T8000&8900E Security Target This page intentionally left blank. SJ-20110815105844-030|2011/08/19(R1.6) ZTE CORPORATION...
  • Page 57 Tables Table 1-1 M6000&T8000&8900E Series Models ............1-2 Table 1-2 Evaluated Configuration ................1-8 Table 3-1 Threat ....................... 3-1 Table 3-2 Personnel Assumption................3-2 Table 3-3 Physical Assumption ................. 3-2 Table 3-4 Operational Assumption ................3-3 Table 3-5 Organizational Security Policy ..............3-3 Table 4-1 Security Objective ..................

This manual is also suitable for:

Zxr10 8900e seriesZxr10 t8000 series

Table of Contents