Nortel Networks 7.11 Bedienungsanleitung

© 2008 Nortel Networks Nortel Net works VPN Router v7.0 5 and Client Workstation v7.11 Security Target Evaluation Assurance Level : EAL 4 + Document Versio n: 3.9 Prepared for: Prepared b y : Nortel Networks Corsec Securit y, Inc. 600 Technolog y Park Drive Billerica, MA 01821 10340 Democr acy La ne, Suite 201 Fairfax, VA 22030 Phone: (800) 466- 7[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 2 of 67 © 2008 Nortel Networks Revision Histor y Version Modification Date Modified By Description of Changes 1.0 2005 - 05 - 31 Kiran Kadambari Initial draft. 2.0 2006 - 01 - 17 Nathan Lee Revised to use new document layout; addressed lab verdic[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 3 of 67 © 2008 Nortel Networks Table of Contents REVISION HISTORY ................................................................................................................................................ 2 TABLE OF CONTEN TS ..............[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 4 of 67 © 2008 Nortel Networks 7 PROTECTION PROFI LE CLAIMS ................................................................ ............................................... 51 7.1 P ROTECTI ON P ROFIL E R EFEREN CE ...............................[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 5 of 67 © 2008 Nortel Networks 1 Security T arget Introduction This section identifies the Security Target (ST), Target of Evaluatio n (T OE) identificatio n, ST conventions, ST conformance clai ms, and the ST organizatio n. The Tar gets of Evalu[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 6 of 67 © 2008 Nortel Networks Ke y w ords VPN, Router, Firewall, IPSec 1.3 Conven tions, A cronyms, and Terminology 1.3.1 Conventions There are several f ont variat ions used within this ST . Sel ected presentation choices are d iscussed here to[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 7 of 67 © 2008 Nortel Networks Term Explanation Manage Nortel VPN Router Grants administrative rights to view (monitor) and manage (configure) Nortel VPN Router configuration settings or user rights settings. This is the highest level of administ[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 8 of 67 © 2008 Nortel Networks 2 T OE Descripti on This section pro vides a general overview o f the TOE as an aid to understanding the general capabilities and security requirements provided b y the TOE . The TOE description provides a context f[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 9 of 67 © 2008 Nortel Networks mode, a No rtel VPN Rou ter on one Enterprise net work segment will establish a VPN tunnel with a nother Nortel VPN Ro uter on another Enterprise net w ork segment. All co mm unicatio ns between the two net work seg[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 10 of 67 © 2008 Nortel Networks Configuration of the T OE is performed via a Co mmand Line Interface ( CLI) by physicall y connecti ng a device (such as a laptop) to the serial interface of t he TOE and utilizing dumb-terminal software. After the[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 11 of 67 © 2008 Nortel Networks In Figure 3 above, the T OE is installed at the boun dar y of the private (“Enterprise”) network a nd the p ublic (“Internet”) network . I n Figure 4 above, the TOE is installed at the boundar y of the two [...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 12 of 67 © 2008 Nortel Networks Legend: TOE Boundary The World Enterprise Corporate Network Internet Nortel VPN Client Workstation Nortel VPN Router VPN Tunnel Windows OS General Purpose Computing Hardware Nortel VPN Client Software Nortel VPN Sw[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 13 of 67 © 2008 Nortel Networks Nortel VPN Router: E ach of the logical components contained within t he physical Nortel VPN Router ar e included within the TOE boundary. T hese components are: o Nortel VPN S w itch Soft ware o VxWorks OS o Conti[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 14 of 67 © 2008 Nortel Networks Nortel VPN Rou ters, as well as p roviding protection agai nst external attac k. The ar chitecture of t he T OE ensures that VPN data is subj ect to enforcement of the VPN IFC SFP, and that all data passing through[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 15 of 67 © 2008 Nortel Networks 2.3.3 Excluded TOE Functionality The following prod uct features and functionali ty are excluded from the evaluated configuration of t he TOE: Remote VPN connection s using a tunneling proto col other than IPSec Re[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 16 of 67 © 2008 Nortel Networks 3 T OE Securi ty Environment This sectio n d escribes the security aspects of the environ ment in whic h t he TOE will be us ed and the manner i n which the TOE is expected to b e employed. Sectio n 3.1 provides as[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 17 of 67 © 2008 Nortel Networks Attackers w ho a re no t TOE users: T hese attackers have no knowled ge of how t he TOE operates and are assumed to po ssess a low skill level, a lo w level of motivation, li m ited resources to alter TOE configura[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 18 of 67 © 2008 Nortel Networks 4 Security Objectives This section identifie s the security objectives for the T OE and its supp orting environ m ent . T he securit y objectives identify the responsibilities o f the TOE and its environment in m e[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 19 of 67 © 2008 Nortel Networks 4.2 Security Objectives for the Env ironment 4.2.1 IT Security Objectives The following IT security objectives are to be satisfied b y the environment: OE.TIME The environment must provide reliable ti mestamps for [...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 20 of 67 © 2008 Nortel Networks 5 IT Securit y Req uirement s This section d efines the Sec urity F unctional Requirements (SFRs) and Security Assurance Req uirements (SARs) met by the T OE as well as SFRs met by the T OE IT environment. These re[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 21 of 67 © 2008 Nortel Networks SFR ID Description ST Operation FMT_MSA.1(b) Management of Security Attributes    FMT_MSA.1(c) Management of Security Attributes    FMT_MSA.2 Secure Security Attributes FMT_MSA.3(a) Static Attribu[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 22 of 67 © 2008 Nortel Networks 5.1.1 Class FAU: Security A udit FAU_GEN.1 Audit Data Generation Hierarchical to : No other components. FAU_GEN.1.1 The TSF shall be able to generate an audit record of the following auditable events: a) Start-up a[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 23 of 67 © 2008 Nortel Networks The TSF shall provide the a udit records in a manner suitable for the user to interpret the information. Dependencies: FAU_GEN.1 Audit dat a generation[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 24 of 67 © 2008 Nortel Networks 5.1.2 Class FCS: Cryptographic Support FCS_CKM.1(a) Cryptographic key generation (Diffie-Hellman) Hierarchical to : No other components. FCS_CKM .1.1(a) The TSF shall generate cr yptographic keys in accordance with[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 25 of 67 © 2008 Nortel Networks FCS_COP.1.1 (a) The T SF shall perform [ encry ption and decryptio n ] in accordance with a specified cr y ptographic algorithm [ 3DES and AES ] and cryptographic key sizes [ 168 - bit key , 128 and 256-bit keys, r[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 26 of 67 © 2008 Nortel Networks Dependencies: [FDP_ITC.1 Import of user data without security a ttributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM .1 Cryptographic key generation] FCS_CKM .4 Cryptographic key destruc[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 27 of 67 © 2008 Nortel Networks 5.1.3 Class FDP: User Data Protection FDP_ACC.2 Complete access control Hierarchical to : FDP_ACC.1 FDP_ACC.2.1 The T SF shall e nforce the [ Access Control SFP ] on [ Subjects: administrators; Objects: VPN Ro uter[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 28 of 67 © 2008 Nortel Networks The TSF shall enforce the [ VPN Information Flow Con trol SFP ] on [ remote authenticated VPN Clients connecting to a Nortel VPN Router ] and all operations that cause that infor mation to flow to and fro m subject[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 29 of 67 © 2008 Nortel Networks FDP_IFF.1. 3(a) The TSF shall enforce t he [ none ]. FDP_IFF.1.4 (a) The TSF shall provide the following [ sta teful Firewall, Network Ad dress Translation (NAT), IPS ec ]. FDP_IFF.1.5 (a) The TSF shall explicitl y[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 30 of 67 © 2008 Nortel Networks Dependencies: FDP_IFC.1 Subset infor mation flow control FMT_M SA.3 Static attribute initialisation FDP_UCT.1 Basic data exchange confidentiality Hierarchical to : No other components. FDP_UCT.1.1 The T SF shall en[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 31 of 67 © 2008 Nortel Networks 5.1.4 Class FI A : Identification and Authentication FIA_UAU.1 Timing of authentication Hierarchical to : No other components. FIA_UAU.1.1 The TSF shall allow [ o connection co nfiguration, o username entry, o pass[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 32 of 67 © 2008 Nortel Networks The TSF shall require ea ch user to identif y itself be fore allowing any other 4 TSF-med iated actions on behalf of that user. Dependencies: No dependencies 4 “ Other ” in this SFR means any action not include[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 33 of 67 © 2008 Nortel Networks 5.1.5 Class FMT: Security Management FMT_MOF.1(a) Management of security functions behaviour Hierarchical to : No other components. FMT_MOF .1.1(a) The T SF shall restrict t he ability to [ modify th e behavio ur o[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 34 of 67 © 2008 Nortel Networks Dependencies: [FDP_ACC.1 Subset a ccess control or FDP_IFC.1 Subset infor mation flow control] FMT_SM F.1 Specification of m anage m ent functio ns FMT_SM R.1 Security roles FMT_MSA.1(c) Manageme nt of security att[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 35 of 67 © 2008 Nortel Networks FMT_MSA.3(b) Static attribute initialisation Hierarchical to : No other components. FMT_M SA.3.1(b) The TSF sh al l en force the [ Firewall Informatio n Control SFP ] to p rovide [ restrictive ] default values for [...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 36 of 67 © 2008 Nortel Networks The TSF shall maintai n the roles [ Primary Admin, Restricted Ad min, VPN Us er ]. FMT_SM R.1.2 The TSF shall be able to associate users with roles. Dependencies: FIA_UID.1 Ti ming of identification[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 37 of 67 © 2008 Nortel Networks 5.1.6 Class FPT: Protection of the TSF FPT_AMT.1 Abstract machine testing Hierarchical to : No other components. FPT_AMT.1 .1 The TSF shall run a suite of tests [ during initial start- up, periodically during no r [...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 38 of 67 © 2008 Nortel Networks 5.1.7 Class FTP: Trusted Path/Channels FTP_TRP.1 Trusted path Hierarchical to : No other components. FTP_TRP.1.1 The TSF shall provide a communication path between it self a nd [ remote ] users that is logically di[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 39 of 67 © 2008 Nortel Networks 5.2 Security Functional Requiremen ts on the IT Environmen t The T OE has the following se curity requirement for its IT environment. Table 5 identifies all SFRs implemented b y the IT Environment and indica tes th[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 40 of 67 © 2008 Nortel Networks The TSF TOE Env ironment shall be able to provide reliable time stamps for it’s the TO E’s own use. Dependencies: No dependencies[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 41 of 67 © 2008 Nortel Networks 5.3 A ssurance Requirements This section defines the assur ance requirements for the TOE. The assurance requ irements are taken fro m Part 3 of the CC and are EAL 4 augmented with ALC_F LR.2. Tab le 6 below summari[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 42 of 67 © 2008 Nortel Networks 6 T OE Summar y Specif icatio n This section presents infor mation to detail how the TOE meets the functional a nd ass urance requirements described in previous sections of thi s ST. 6.1 TOE Security Functions Each[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 43 of 67 © 2008 Nortel Networks TOE Security Function SFR ID Description FMT_MSA.3(b) Static Attribute Initialization FMT_MSA.3(c) Static Attribute Initialization FMT_SMF.1 Specification of Management Functions FMT_SMR.1 Security Roles Protection[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 44 of 67 © 2008 Nortel Networks System Log The System Log records data about System eve nts which are considered significant enoug h to b e written to disk, including t hose displa y ed in the Conf ig uration and Sec urity logs. Examples of event[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 45 of 67 © 2008 Nortel Networks 6.1.2 Cryptographic Support The T OE ’s cr y ptograph ic functionalit y is provided by a FIPS 140 -2-validated cryptographic m odule. All modules have received either a Level 1 or Level 2 FIPS 140 -2 vali dation.[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 46 of 67 © 2008 Nortel Networks for reuse. T his ensures that the keys a re co m pletely destroyed before an y other pro cess might have ac cess to that memory location. TOE Security Functio nal Require m ents Satisfied: FCS_CKM.1(a) , FCS_CKM.1([...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 47 of 67 © 2008 Nortel Networks VPN Information Flow Control SFP and Firewall Information Flow Control SFP: B oth S FPs e nforce a stateful Fire wall. Eac h time a T CP connection is e stablished from a host on the internal network to a host on t[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 48 of 67 © 2008 Nortel Networks functions. The VPN User has no acce ss to administrative functions and may only aut henticate to the Nortel VP N Router through the Nor tel VPN Client in order to access the private network. The se roles deter mine[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 49 of 67 © 2008 Nortel Networks o Runs when a rando m number needs to be generated. Continuous RN G for Entropy Gathering : Verifi es that t he seed for the FIP S 182 -2 PRNG is not failing to a constant value. o Runs when a seed for the RNG need[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 50 of 67 © 2008 Nortel Networks Assurance Component Assurance Measure ALC_DVS.1 Nortel Networks Virtual Private Network Router v7.05 Life Cycle Support ALC_FLR.2 8 Nortel Networks Virtual Private Network Router v7.05 Life Cycle Support ALC_LCD.1 [...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 51 of 67 © 2008 Nortel Networks 7 Protection Profile Claim s This section provides t he identification and justificatio n for any Protection Pr ofile conformance claims. 7.1 Protection Prof ile Reference There are no protection profile claims for[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 52 of 67 © 2008 Nortel Networks 8 Rationale This section provides th e rationale for the selection o f the sec urity require m e nts, o bjectives, assumptions, and threats. In particular, it shows that the security requireme nts ar e suitable to [...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 53 of 67 © 2008 Nortel Networks T. AUTH- ERROR An authorized user may acc identally alter the co nfiguration of a policy tha t per m its or denies infor m ation flo w throug h the TOE, thereby affect ing t he integrity of the transmitted infor m [...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 54 of 67 © 2008 Nortel Networks TE.PHYSICAL An attacker may physicall y attack the Ha rdware appliance in o rder to co m pro m ise its secure operation. The environ ment ensures that the T OE is ph ysically protected so that o nly TOE user s who [...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 55 of 67 © 2008 Nortel Networks This may mean t he environ ment pro vides a co nnection to a trusted Certificate Autho rity, or that the required certificates are o therwise av ailable to the TO E. It is assumed that the appropriate infrastruct u[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 56 of 67 © 2008 Nortel Networks Table 12 - Rel ationship of Securit y Requirements to Objectiv es Objectives Requirements O.I&A O.AUDIT O.SELFPROTECT O.CONFIDENT O.FUNCTIONS O.ADMIN O.INTEGRITY O.REPLAY O.FILTER O.TEST OE.TIME OE.PROTECT OE.N[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 57 of 67 © 2008 Nortel Networks Objectives Requirements O.I&A O.AUDIT O.SELFPROTECT O.CONFIDENT O.FUNCTIONS O.ADMIN O.INTEGRITY O.REPLAY O.FILTER O.TEST OE.TIME OE.PROTECT OE.NONBYPASS FPT_AMT.1  FPT_RLT.1  FPT_TST.1  FTP_TRP.1  E[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 58 of 67 © 2008 Nortel Networks required to us e SH A-1 and i t must b e implemented acco rding to RFC 3 174 [ FCS_CKM.1(a) , FCS_CKM.4, and FCS_ COP.1(a, b,c,d,e,f) ]. O.CONFIDENT The TOE must use the IPSec tunnel ing proto col to ensure confide[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 59 of 67 © 2008 Nortel Networks The TSF is required to perfo rm security management functions such as create users and assign roles to users [FMT_SMF.1 ]. The TOE mu st be able to recognize the different administrative and user roles that exist f[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 60 of 67 © 2008 Nortel Networks authorized users with t he ability to verify the integrit y of TSF Data and T SF executable co de [FPT_AMT. 1 and FPT_TST.1]. OE.TIME The environment must provi de reliable timestamps for the time-stamping o f audi[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 61 of 67 © 2008 Nortel Networks SFR ID Dependencies Dependency Met FCS.CKM.4 FCS_CKM.1(a) FMT_MSA.2  FCS_COP.1 FCS_CKM.1(a) FCS_CKM.4 F MT _MSA.2  FDP_ACC.2 FDP_ACF.1  FDP_ACF.1 FDP_ACC.1 9 FMT_MSA.3  FDP_IFC.2 FDP_IFF.1  FDP_IFF.1[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 62 of 67 © 2008 Nortel Networks SFR ID Dependencies Dependency Met FPT_TST.1 FPT_AMT.1  FTP_TRP.1 [n one]  8.6 TOE Summary Specification Ration ale 8.6.1 TOE Summary Specification Rationale for the Security Functional Requirements Each s ub[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 63 of 67 © 2008 Nortel Networks 8.6.2 TOE Summary Spe cification Rationale for the Security Assurance Requirements 8.6.2.1 Configuration M anagement The Configuratio n Management d ocumentation pro vides a d escription of tools used to control th[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 64 of 67 © 2008 Nortel Networks Corresponding CC Ass urance Components: Functional Specification with Complete Su mmary Securi ty - E nforcing High-Le vel Design Descriptive Lo w-L e vel Design Implementation of the T SF Informal TOE Securit y Po[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 65 of 67 © 2008 Nortel Networks Corresponding CC Ass urance Components: Analysis of Coverage High-Level Design Functional Testing Independent Testing 8.6.2.7 Vulnerability and TOE Strength of Fu nction Analyses The Valid ation of An al ysis docu [...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 66 of 67 © 2008 Nortel Networks 9 Acronyms Table 15 - Acronyms Ac ron y m Definition 3DES Triple DES AES Advanced Encryption Standard CC Common Criteria CLI Command Line Interface CPU Central Processing Unit DES Data Encryption Standard DoD Depar[...]

Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 67 of 67 © 2008 Nortel Networks Ac ron y m Definition SHA Secure Hash Algorithm SOF Strength of Function ST Security Target TCP Transmission Control Protocol TOE Target of Evaluation TSF TOE Security Function TSP TOE Security Policy UDP User Data[...]