Identification And Authentication; Security Management - Nortel VPN Router v7.05 User Manual

Security Target, Version 3.9 March 18, 2008
VPN Information Flow Control SFP and Firewall Information Flow Control SFP: Both SFPs enforce a
stateful Firewall. Each time a TCP connection is established from a host on the internal network to a host on the
external network through the Nortel VPN Router, information about the connection is recorded in a stateful session
flow table. The state table contains the source and destination addresses and port number(s) for each TCP
connection associated with that particular host. This information creates a connection object in the Nortel VPN
Router. Inbound packets are compared against session flows in the connection table and are permitted through the
Nortel VPN Router only if an appropriate connection already exists to validate their passage. This connection object
is terminated when the session is finished.
Both SFPs enforce Network Address Translation (NAT) functionality which helps to provide transparent routing
between private IP address spaces. NAT allows the dynamic connection of multiple private networks via secure
tunnels without requiring any address space reconfiguration. The NAT policy is configured by administrators either
via the GUI or the CLI. The NAT policy in the TOE is associated with a security property and a security policy.
The security property defines the type of service offered (including the service name, the protocol (TCP, UDP,
ICMP), and the port number (or range) on which the service occurs). The security policy is a set of rules that
specifies which service is allowed or denied.
Within the Nortel VPN Router, the source address of a packet is translated after the packet has gone through the
Nortel VPN Router if a matching source NAT rule is found. A NAT policy consists of one or more NAT rules. A
NAT rule describes the translation action to take for a particular source, destination, or service. NAT is applied to
routed traffic passing through the TOE's physical interfaces using separate NAT policies. The NAT policy is
retrieved from the LDAP database after system initialization and packets are processed according to the NAT policy
rules.
TOE Security Functional Requirements Satisfied: FDP_ACC.2, FDP_ACF.1, FDP_IFC.2(a), FDP_IFC.2(b),
FDP_IFF.1(a), FDP_IFF.1(b), FDP_UCT.1, FDP_UIT.1.

6.1.4 Identification and Authentication

Users of the TOE can access it in three ways: via the Nortel VPN Client, the CLI, or the GUI. Users are processed
and authorized by the TOE's identification and authentication mechanism whenever they access any of these
interfaces. TOE users can authenticate to the CLI and the management GUI by providing a valid username and its
corresponding password. TOE users can authenticate to the Nortel VPN Client by providing either a valid username
7
and its corresponding password or a valid digital certificate. Cryptographic functions relevant to the use of digital
certificates are discussed in Section 6.1.2. Prior to identification and authentication of a user via the Nortel VPN
Client, TOE users are given the opportunity to choose one of these authentication methods. This action (choosing
an authentication method) can not be used by an attacker to disrupt the proper functioning of the TOE.
The TOE stores a username, a hashed password, and the roles associated with the user, for each TOE user in order to
enable authentication via username/password. A user is authenticated when the hash of the password that has been
entered matches the stored hashed password. The username/password authentication mechanism is the only
implemented probabilistic security mechanism. In the CC mode of operation, the minimum required password
length for users is eight characters (with a possible character set of at least 94 characters), which meets the Strength
of Function (SOF) claim of SOF-basic.
TOE Security Functional Requirements Satisfied: FIA_UAU.1, FIA_UAU.5, FIA_UID.2.

6.1.5 Security Management

The TOE maintains three roles, the Primary Admin, the Restricted Admin, and the VPN User. The Primary Admin
has full access to the TOE. The Restricted Admins have only the permissions granted to them by the Primary
Admin. Permissions granted to the Restricted Admin by the Primary Admin may include access to administrative
7
See Footnote 3 for more information.
Page 47 of 67
Nortel VPN Router v7.05 and Client Workstation v7.11
© 2008 Nortel Networks