Nortel VPN Router v7.05 User Manual
  1. Manuals
  2. Brands
  3. Nortel Manuals
  4. Network Router
  5. VPN Router v7.05
  6. User manual

Nortel VPN Router v7.05 User Manual

Vpn router v7.05; client workstation v7.11 security target, version 3.9
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Nortel Networks
VPN Router v7.05 and Client
Workstation v7.11
Security Target
Evaluation Assurance Level: EAL 4+
Document Version: 3.9
Prepared for:
Prepared by:
Nortel Networks
Corsec Security, Inc.
600 Technology Park Drive
10340 Democracy Lane, Suite 201
Billerica, MA 01821
Fairfax, VA 22030
Phone: (800) 466-7835
Phone: (703) 267-6050
http://www.nortel.com
http://www.corsec.com
© 2008 Nortel Networks

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the VPN Router v7.05 and is the answer not in the manual?

Questions and answers

Related Manuals for Nortel VPN Router v7.05

Summary of Contents for Nortel VPN Router v7.05

  • Page 1 Nortel Networks VPN Router v7.05 and Client Workstation v7.11 Security Target Evaluation Assurance Level: EAL 4+ Document Version: 3.9 Prepared for: Prepared by: Nortel Networks Corsec Security, Inc. 600 Technology Park Drive 10340 Democracy Lane, Suite 201 Billerica, MA 01821...

  • Page 2: Revision History

    Updates based on lab verdict clarifications and FIPS Keller validation details. 2008-03-18 Nathan Lee Updated FIPS certificate numbers on 2009-01-21. Marked document publication/revision date as “2008- 03-18” by request of CSEC. Page 2 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...

  • Page 3: Table Of Contents

    Security Management .......................... 47 6.1.6 Protection of the TOE Security Functions ................... 48 6.1.7 Trusted Path/Channels ........................49 TOE S ...................... 49 ECURITY SSURANCE EASURES Page 3 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...

  • Page 4: Table Of Figures

    EPENDENCIES 13 - M TOE S ......62 ABLE APPING OF ECURITY UNCTIONAL EQUIREMENTS TO ECURITY UNCTIONS 14 - A ..............................66 ABLE CRONYMS Page 4 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...

  • Page 5: Security Target Introduction

    ST organization. The Targets of Evaluation are models 600, 1010, 1050, 1100, 1750, 2750, and 5000 of the Nortel VPN Router v7.05 and Client Workstation v7.11. These devices are functionally identical and will hereafter be referred to, collectively, as “the TOE” throughout this document. The TOE is a Virtual Private Network (VPN) Router that ensures end-to-end network security by establishing a fully encrypted and authenticated VPN connection across the Internet between a Nortel VPN Router and either a user’s remote...

  • Page 6: Conventions, Acronyms, And Terminology

    Term Explanation Technology Contivity Refers to the marketing name of the Nortel VPN Router. User Types The Primary Admin account has the ability to conduct all administrative privileges and Primary Admin rights of the TOE. The Primary Admin also has the ability to create and assign various rights to additional administrators.
  • Page 7 Explanation Manage Nortel VPN Router Grants administrative rights to view (monitor) and manage (configure) Nortel VPN Router configuration settings or user rights settings. This is the highest level of administrative privilege. The only permission not granted to this level is access to the Primary Admin password.

  • Page 8: Toe Description

    IP networks (including the Internet). The Nortel VPN Router and the Nortel VPN Client are the two components that compose the TOE. Figure 1 below shows a typical deployment configuration of the TOE:...

  • Page 9: Figure 2 - Branch Office Deployment Configuration Of The Toe

    Security Target, Version 3.9 March 18, 2008 mode, a Nortel VPN Router on one Enterprise network segment will establish a VPN tunnel with another Nortel VPN Router on another Enterprise network segment. All communications between the two network segments are protected by the VPN tunnel.

  • Page 10: Toe Boundaries And Scope

    Workstation Corporate Servers CLI Workstation Management Workstation Figure 3 - Physical TOE Boundary Figure 4 - Physical TOE Boundary in Branch Office Tunnel Mode Page 10 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...

  • Page 11: Logical Boundary

    Nortel-hardened version of the VxWorks OS. All non-essential OS processes have been removed and direct access to the OS is impossible. The Nortel VPN Router is produced at seven performance levels (models 600, 1010, 1050, 1100, 1750, 2750, and 5000) which provide identical functionality; they differ only in network throughput and performance.

  • Page 12: Toe Logical Boundary

    Figure 5 - TOE Logical Boundary Figure 6 - TOE Logical Boundary in Branch Office Tunnel Mode The essential logical components of the TOE are: Page 12 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...
  • Page 13 VxWorks OS Contivity Hardware Appliance. Nortel VPN Client Workstation: The Nortel VPN Client software is part of the TOE but the underlying OS and hardware are excluded from the TOE boundary. The TOE’s logical boundary includes all of the TOE Security Functions (TSFs).
  • Page 14 The architecture of the TOE and of the IPSec protocol ensures that the trusted paths between the Nortel VPN Router and the Nortel VPN Clients are logically distinct and secure.

  • Page 15: Excluded Toe Functionality

    The following product features and functionality are excluded from the evaluated configuration of the TOE: Remote VPN connections using a tunneling protocol other than IPSec Remote authentication using a Smart Card or a hardware or software token Card Page 15 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...

  • Page 16: Toe Security Environment

    It is assumed that the TOE has access to all of the Information Technology (IT) System data it needs to perform its functions. A.DOMSEP It is assumed that the IT environment will maintain a security domain for the Nortel VPN software that protects it from interference and tampering by untrusted subjects. 3.2 Threats to Security This section identifies the threats to the IT assets (private networks) against which protection is required by the TOE or by the security environment.

  • Page 17: Threats Addressed By The Toe

    An attacker may successfully intercept and decrypt, then recover and modify the encrypted T. HACK-CRYPTO data that is in transit between the Nortel VPN Router and VPN Client, and/or between two Nortel VPN Routers. An attacker may use malformed IP packets or similar attack methods against the TSF or T.HACK...

  • Page 18: Security Objectives

    The TOE must use the IPSec tunneling protocol to ensure integrity of data transmitted O.INTEGRITY between the Nortel VPN Client and the Nortel VPN Router, and/or between two Nortel VPN Routers. The TOE must filter all incoming and outgoing packets that pass through it, and accept or O.FILTER...

  • Page 19: Security Objectives For The Environment

    The certificate infrastructure must be properly and securely maintained so that the status of certificates is accurately provided to the TOE. The environment must maintain a security domain for the Nortel VPN Client software that OE.DOMSEP protects it from interference and tampering by untrusted subjects.

  • Page 20: It Security Requirements

     FMT_MOF.1(a) Management of Security Functions Behavior    FMT_MOF.1(b) Management of Security Functions Behavior    FMT_MSA.1(a) Management of Security Attributes Page 20 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...
  • Page 21 Section 5.1 contains the functional components from the Common Criteria (CC) Part 2 with the operations completed. For the conventions used in performing CC operations please refer to Section 1.3.1. Page 21 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...

  • Page 22: Class Fau: Security Audit

    The TSF shall provide [Primary Admin, the Restricted Admin, and the VPN User] with the capability to read [all audit records that they have permission to view] from the audit records. FAU_SAR.1.2 Page 22 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...
  • Page 23 March 18, 2008 The TSF shall provide the audit records in a manner suitable for the user to interpret the information. Dependencies: FAU_GEN.1 Audit data generation Page 23 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...

  • Page 24: Class Fcs: Cryptographic Support

    FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] FMT_MSA.2 Secure security attributes FCS_COP.1(a) Cryptographic operation (encryption and decryption) Hierarchical to: No other components. Page 24 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...
  • Page 25 The TSF shall perform [hashing] in accordance with a specified cryptographic algorithm [SHA-1] and cryptographic key sizes [none] that meet the following: [RFC 3174]. Page 25 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...
  • Page 26 [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] FCS_CKM.4 Cryptographic key destruction FMT_MSA.2 Secure security attributes Page 26 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...

  • Page 27: Class Fdp: User Data Protection

    The TSF shall explicitly deny access of subjects to objects based on [no additional explicit denial rules]. Dependencies: FDP_ACC.1 Subset access control FMT_MSA.3 Static attribute initialization FDP_IFC.2(a) Complete information flow control (VPN) Hierarchical to: FDP_IFC.1 FDP_IFC.2.1(a) Page 27 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...
  • Page 28 March 18, 2008 The TSF shall enforce the [VPN Information Flow Control SFP] on [remote authenticated VPN Clients connecting to a Nortel VPN Router] and all operations that cause that information to flow to and from subjects covered by the SFP.
  • Page 29 The TSF shall explicitly deny an information flow based on the following rules: [if packet sequence number indicates repeated packet, signaling a replay attack]. Page 29 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...
  • Page 30 The TSF shall be able to determine on receipt of user data, whether [modification, deletion, insertion, replay] has occurred. Dependencies: [FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] [FTP_ITC.1 Inter-TSF trusted channel, or FTP_TRP.1 Trusted path] Page 30 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...

  • Page 31: Class Fia: Identification And Authentication

    Username and Password (for administrators) RSA Digital Certificates]. Dependencies: No dependencies FIA_UID.2 User identification before any action Hierarchical to: FIA_UID.1 FIA_UID.2.1 Page 31 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...
  • Page 32 TSF-mediated actions on behalf of that user. Dependencies: No dependencies “Other” in this SFR means any action not included in the assignment in FIA_UAU.1.1. Page 32 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...

  • Page 33: Class Fmt: Security Management

    The TSF shall enforce the [Firewall Information Control SFP] to restrict the ability to [modify] the security attributes [which includes all internal attributes available to the administrators] to [Primary Admin, Restricted Admins]. Page 33 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...
  • Page 34 The TSF shall allow the [Primary Admin] to specify alternative initial values to override the default values when an object or information is created. Dependencies: FMT_MSA.1 Management of security attributes FMT_SMR.1 Security roles Page 34 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...
  • Page 35 Control policies, management of Firewall and VPN information flow policies, management of audit records, management of cryptographic functions, performing self tests]. Dependencies: No Dependencies FMT_SMR.1 Security roles Hierarchical to: No other components. FMT_SMR.1.1 Page 35 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...
  • Page 36 The TSF shall maintain the roles [Primary Admin, Restricted Admin, VPN User]. FMT_SMR.1.2 The TSF shall be able to associate users with roles. Dependencies: FIA_UID.1 Timing of identification Page 36 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...

  • Page 37: Class Fpt: Protection Of The Tsf

    FPT_TST.1.3 The TSF shall provide authorised users with the capability to verify the integrity of stored TSF executable code. Dependencies: FPT_AMT.1 Abstract machine testing Page 37 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...

  • Page 38: Class Ftp: Trusted Path/Channels

    The TSF shall permit [remote users] to initiate communication via the trusted path. FTP_TRP.1.3 The TSF shall require the use of the trusted path for [[secure VPN communication]]. Dependencies: No dependencies Page 38 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...

  • Page 39: Security Functional Requirements On The It Environment

    The TSF shall enforce separation between the security domains of subjects in the TSC. Dependencies: No dependencies FPT_STM.1 Reliable time stamps Hierarchical to: No other components. FPT_STM.1.1 Page 39 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...
  • Page 40 March 18, 2008 The TSF TOE Environment shall be able to provide reliable time stamps for it’s the TOE’s own use. Dependencies: No dependencies Page 40 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...

  • Page 41: Assurance Requirements

    ATE_IND.2 Independent testing – sample Class AVA: AVA_MSU.2 Validation of analysis Vulnerability assessment AVA_SOF.1 Strength of TOE security function evaluation AVA_VLA.2 Independent vulnerability analysis Page 41 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...

  • Page 42: Toe Summary Specification

    Management of Security Functions Behavior FMT_MSA.1(a) Management of Security Attributes FMT_MSA.1(b) Management of Security Attributes FMT_MSA.1(c) Management of Security Attributes FMT_MSA.2 Secure Security Attributes FMT_MSA.3(a) Static Attribute Initialization Page 42 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...

  • Page 43: Security Audit

    Group or user profiles Local Area Network (LAN or Wide Area Network (WAN) interfaces Filters System access hours Shutdown or startup policies File maintenance or backup policies Page 43 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...
  • Page 44 TOE administrators interact with the TOE through the management GUI [or CLI], but unprivileged TOE users are restricted to establishing VPN sessions with the TOE via the Nortel VPN Client. All of the user actions (detailed above) performed through either of these interfaces are recorded in the appropriate audit log. The TOE creates an audit record when a TOE user causes any of the events in “Table 4 - Auditable Events”...

  • Page 45: Cryptographic Support

    FIPS 140-2 validated VPN Router 1750, 2700, 2750 and 5000 with VPN Router Security 1073 at level 2 Accelerator Nortel VPN Router 600, 1750, 2700, 2750 and 5000 1066 Hardware modules FIPS 140-2 validated Nortel VPN Router 1010, 1050 and 1100...

  • Page 46: User Data Protection

    The connection attributes configured in the Nortel VPN Router enable the remote user to create a tunnel into the Nortel VPN Router. The actual connection to the Nortel VPN Router is a tunnel that is started from the remote user’s PC, through the public network, and ends at the Nortel VPN Router on the private network. The Nortel VPN Router associates all remote users with a group which dictates the attributes (and privileges) that are assigned to a remote user session.

  • Page 47: Identification And Authentication

    6.1.4 Identification and Authentication Users of the TOE can access it in three ways: via the Nortel VPN Client, the CLI, or the GUI. Users are processed and authorized by the TOE’s identification and authentication mechanism whenever they access any of these interfaces.

  • Page 48: Protection Of The Toe Security Functions

    Security Target, Version 3.9 March 18, 2008 functions. The VPN User has no access to administrative functions and may only authenticate to the Nortel VPN Router through the Nortel VPN Client in order to access the private network. These roles determine a user’s level of access to security management functions provided by the TOE. These security management functions include management of all audit and event records, management of access control, and management of VPN and firewall functions.

  • Page 49: Trusted Path/Channels

    6.1.7 Trusted Path/Channels Connections from the Nortel VPN Client to the Nortel VPN Router are initiated by the VPN users. IPSec is required to ensure that the communication is via trusted path. Because of this, trusted path connections between components of the TOE are logically distinct, and secure.
  • Page 50 March 18, 2008 Assurance Assurance Measure Component ALC_DVS.1 Nortel Networks Virtual Private Network Router v7.05 Life Cycle Support ALC_FLR.2 Nortel Networks Virtual Private Network Router v7.05 Life Cycle Support ALC_LCD.1 Nortel Networks Virtual Private Network Router v7.05 Life Cycle Support ALC_TAT.1...

  • Page 51: Protection Profile Claims

    This section provides the identification and justification for any Protection Profile conformance claims. 7.1 Protection Profile Reference There are no protection profile claims for this security target. Page 51 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...

  • Page 52: Rationale

    TOE using IPSec protocol (O.FUNCTIONS). The TOE provides functionality that enables testing of its correct functioning and integrity (O.TEST). O.I&A, O.AUDIT, O.FUNCTIONS, and O.TEST combined ensure that this threat is removed. Page 52 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...
  • Page 53 O.ADMIN, O.TEST, and OE.TRAINED combined ensure that this threat is removed. T.DATA-MOD An attacker may intercept and alter the data transmitted between the Nortel VPN Client and the Nortel VPN Router, and/or between two Nortel VPN Routers, in order to deceive the intended recipient.
  • Page 54 It is assumed that the environment will provide the necessary infrastructure to ensure that certificates can be validated when digital certificates are used for authentication. Page 54 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...

  • Page 55: Security Functional Requirements Rationale

    OE.DELIVERY satisfies this assumption. A.DOMSEP It is assumed that the IT environment will maintain a security domain for the Nortel VPN software that protects it from interference and tampering by untrusted subjects. The environment ensures that a security domain for the Nortel VPN Client software that protects it from interference and tampering by untrusted subjects is maintained (OE.DOMSEP).

  • Page 56: Table 11 - Relationship Of Security Requirements To Objectives

     FMT_MSA.1(a)  FMT_MSA.1(b)  FMT_MSA.1(c)   FMT_MSA.2   FMT_MSA.3(a)   FMT_MSA.3(b)   FMT_MSA.3(c)   FMT_SMF.1   FMT_SMR.1 Page 56 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...
  • Page 57 FIPS 46-3 for 3DES and FIPS 197 for AES. For authentication, the TOE is required to use HMAC-SHA-1 and it must be implemented according to RFC 2104. For hashing, the TOE is Page 57 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...
  • Page 58 FCS_CKM.4, and FCS_COP.1(a,b,c,d,e,f)]. O.CONFIDENT The TOE must use the IPSec tunneling protocol to ensure confidentiality of data transmitted between the Nortel VPN Client and the Nortel VPN Router, and/or between two Nortel VPN Routers. The TOE is required to use the specified tunneling protocol to better protect the confidentiality of the data transmitted between its different parts.
  • Page 59 TOE [FMT_SMR.1]. O.INTEGRITY The TOE must use the IPSec tunneling protocol to ensure integrity of data transmitted between the Nortel VPN Client and the Nortel VPN Router, and/or between two Nortel VPN Routers. The TSF is required to enforce the information flow control SFP on connections and all operations that cause information to flow to and from subjects covered by the SFP [FDP_IFC.2(a,b)].

  • Page 60: Security Assurance Requirements Rationale

    Table 13 - Functional Requirements Dependencies SFR ID Dependencies Dependency Met  FAU_GEN.1 FPT_STM.1  FAU_SAR.1 FAU_GEN.1 FCS_COP.1 FCS_CKM.4  FCS_CKM.1(a) FMT_MSA.2 Page 60 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...
  • Page 61  FMT_SMR.1 FIA_UID.1  FPT_AMT.1 [none]  FPT_RPL.1 [none] Met by hierarchical SFR: FDP_ACC.2 Met by hierarchical SFR: FDP_IFC.2 Met by hierarchical SFR: FIA_UID.2 Page 61 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...

  • Page 62: Toe Summary Specification Rationale

    Identification and FIA_UAU.1 Authentication FIA_UAU.5 FIA_UID.2 Security Management FMT_MOF.1 FMT_MSA.1 FMT_MSA.2 FMT_MSA.3 FMT_SMF.1 FMT_SMR.1 Protection of the TSF FPT_AMT.1 FPT_RPL.1 FPT_TST.1 Trusted Path/Channels FTP_TRP.1 Page 62 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...

  • Page 63: Toe Summary Specification Rationale For The Security Assurance Requirements

    The Configuration Management documentation provides a description of tools used to control the configuration items and how they are used by Nortel. The documentation provides a complete configuration item list and a unique reference for each item. Additionally, the configuration management system is described including procedures that are used by developers to control and track changes that are made to the TOE.
  • Page 64 The flaw remediation guidance addressed to TOE users is provided. The description also contains the procedures used by Nortel to track all reported security flaws in each release of the TOE. The established life-cycle model to be used in the development and maintenance of the TOE is documented and explanation on why the model is used is also documented.

  • Page 65: Strength Of Function

    Section 8.2 demonstrates that the security objectives for the TOE and the TOE environment are satisfied by the security requirements. The relevant security functions and security functional requirements which have probabilistic or permutational functions are FIA_UAU.1, and FIA_UAU.5. Page 65 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...

  • Page 66: Acronyms

    Point-Point Tunneling Protocol RADIUS Remote Authentication Dial-In User Server/Service Random Number Generator Rivest, Shamir, & Adleman Security Assurance Requirement Security Functional Policy Security Functional Requirement Page 66 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...
  • Page 67 Strength of Function Security Target Transmission Control Protocol Target of Evaluation TOE Security Function TOE Security Policy User Datagram Protocol Virtual Private Network Wide Area Network Page 67 of 67 Nortel VPN Router v7.05 and Client Workstation v7.11 © 2008 Nortel Networks...

This manual is also suitable for:

Client workstation v7.116001010105011001750 ... Show all

Table of Contents