Nortel Networks 7.11 manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation Nortel Networks 7.11. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel Nortel Networks 7.11 ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation Nortel Networks 7.11 décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation Nortel Networks 7.11 devrait contenir:
- informations sur les caractéristiques techniques du dispositif Nortel Networks 7.11
- nom du fabricant et année de fabrication Nortel Networks 7.11
- instructions d'utilisation, de réglage et d’entretien de l'équipement Nortel Networks 7.11
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage Nortel Networks 7.11 ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles Nortel Networks 7.11 et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service Nortel Networks en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées Nortel Networks 7.11, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif Nortel Networks 7.11, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation Nortel Networks 7.11. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    © 2008 Nortel Networks Nortel Net works VPN Router v7.0 5 and Client Workstation v7.11 Security Target Evaluation Assurance Level : EAL 4 + Document Versio n: 3.9 Prepared for: Prepared b y : Nortel Networks Corsec Securit y, Inc. 600 Technolog y Park Drive Billerica, MA 01821 10340 Democr acy La ne, Suite 201 Fairfax, VA 22030 Phone: (800) 466- 7[...]

  • Page 2

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 2 of 67 © 2008 Nortel Networks Revision Histor y Version Modification Date Modified By Description of Changes 1.0 2005 - 05 - 31 Kiran Kadambari Initial draft. 2.0 2006 - 01 - 17 Nathan Lee Revised to use new document layout; addressed lab verdic[...]

  • Page 3

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 3 of 67 © 2008 Nortel Networks Table of Contents REVISION HISTORY ................................................................................................................................................ 2 TABLE OF CONTEN TS ..............[...]

  • Page 4

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 4 of 67 © 2008 Nortel Networks 7 PROTECTION PROFI LE CLAIMS ................................................................ ............................................... 51 7.1 P ROTECTI ON P ROFIL E R EFEREN CE ...............................[...]

  • Page 5

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 5 of 67 © 2008 Nortel Networks 1 Security T arget Introduction This section identifies the Security Target (ST), Target of Evaluatio n (T OE) identificatio n, ST conventions, ST conformance clai ms, and the ST organizatio n. The Tar gets of Evalu[...]

  • Page 6

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 6 of 67 © 2008 Nortel Networks Ke y w ords VPN, Router, Firewall, IPSec 1.3 Conven tions, A cronyms, and Terminology 1.3.1 Conventions There are several f ont variat ions used within this ST . Sel ected presentation choices are d iscussed here to[...]

  • Page 7

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 7 of 67 © 2008 Nortel Networks Term Explanation Manage Nortel VPN Router Grants administrative rights to view (monitor) and manage (configure) Nortel VPN Router configuration settings or user rights settings. This is the highest level of administ[...]

  • Page 8

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 8 of 67 © 2008 Nortel Networks 2 T OE Descripti on This section pro vides a general overview o f the TOE as an aid to understanding the general capabilities and security requirements provided b y the TOE . The TOE description provides a context f[...]

  • Page 9

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 9 of 67 © 2008 Nortel Networks mode, a No rtel VPN Rou ter on one Enterprise net work segment will establish a VPN tunnel with a nother Nortel VPN Ro uter on another Enterprise net w ork segment. All co mm unicatio ns between the two net work seg[...]

  • Page 10

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 10 of 67 © 2008 Nortel Networks Configuration of the T OE is performed via a Co mmand Line Interface ( CLI) by physicall y connecti ng a device (such as a laptop) to the serial interface of t he TOE and utilizing dumb-terminal software. After the[...]

  • Page 11

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 11 of 67 © 2008 Nortel Networks In Figure 3 above, the T OE is installed at the boun dar y of the private (“Enterprise”) network a nd the p ublic (“Internet”) network . I n Figure 4 above, the TOE is installed at the boundar y of the two [...]

  • Page 12

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 12 of 67 © 2008 Nortel Networks Legend: TOE Boundary The World Enterprise Corporate Network Internet Nortel VPN Client Workstation Nortel VPN Router VPN Tunnel Windows OS General Purpose Computing Hardware Nortel VPN Client Software Nortel VPN Sw[...]

  • Page 13

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 13 of 67 © 2008 Nortel Networks Nortel VPN Router: E ach of the logical components contained within t he physical Nortel VPN Router ar e included within the TOE boundary. T hese components are: o Nortel VPN S w itch Soft ware o VxWorks OS o Conti[...]

  • Page 14

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 14 of 67 © 2008 Nortel Networks Nortel VPN Rou ters, as well as p roviding protection agai nst external attac k. The ar chitecture of t he T OE ensures that VPN data is subj ect to enforcement of the VPN IFC SFP, and that all data passing through[...]

  • Page 15

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 15 of 67 © 2008 Nortel Networks 2.3.3 Excluded TOE Functionality The following prod uct features and functionali ty are excluded from the evaluated configuration of t he TOE: Remote VPN connection s using a tunneling proto col other than IPSec Re[...]

  • Page 16

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 16 of 67 © 2008 Nortel Networks 3 T OE Securi ty Environment This sectio n d escribes the security aspects of the environ ment in whic h t he TOE will be us ed and the manner i n which the TOE is expected to b e employed. Sectio n 3.1 provides as[...]

  • Page 17

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 17 of 67 © 2008 Nortel Networks Attackers w ho a re no t TOE users: T hese attackers have no knowled ge of how t he TOE operates and are assumed to po ssess a low skill level, a lo w level of motivation, li m ited resources to alter TOE configura[...]

  • Page 18

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 18 of 67 © 2008 Nortel Networks 4 Security Objectives This section identifie s the security objectives for the T OE and its supp orting environ m ent . T he securit y objectives identify the responsibilities o f the TOE and its environment in m e[...]

  • Page 19

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 19 of 67 © 2008 Nortel Networks 4.2 Security Objectives for the Env ironment 4.2.1 IT Security Objectives The following IT security objectives are to be satisfied b y the environment: OE.TIME The environment must provide reliable ti mestamps for [...]

  • Page 20

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 20 of 67 © 2008 Nortel Networks 5 IT Securit y Req uirement s This section d efines the Sec urity F unctional Requirements (SFRs) and Security Assurance Req uirements (SARs) met by the T OE as well as SFRs met by the T OE IT environment. These re[...]

  • Page 21

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 21 of 67 © 2008 Nortel Networks SFR ID Description ST Operation FMT_MSA.1(b) Management of Security Attributes    FMT_MSA.1(c) Management of Security Attributes    FMT_MSA.2 Secure Security Attributes FMT_MSA.3(a) Static Attribu[...]

  • Page 22

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 22 of 67 © 2008 Nortel Networks 5.1.1 Class FAU: Security A udit FAU_GEN.1 Audit Data Generation Hierarchical to : No other components. FAU_GEN.1.1 The TSF shall be able to generate an audit record of the following auditable events: a) Start-up a[...]

  • Page 23

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 23 of 67 © 2008 Nortel Networks The TSF shall provide the a udit records in a manner suitable for the user to interpret the information. Dependencies: FAU_GEN.1 Audit dat a generation[...]

  • Page 24

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 24 of 67 © 2008 Nortel Networks 5.1.2 Class FCS: Cryptographic Support FCS_CKM.1(a) Cryptographic key generation (Diffie-Hellman) Hierarchical to : No other components. FCS_CKM .1.1(a) The TSF shall generate cr yptographic keys in accordance with[...]

  • Page 25

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 25 of 67 © 2008 Nortel Networks FCS_COP.1.1 (a) The T SF shall perform [ encry ption and decryptio n ] in accordance with a specified cr y ptographic algorithm [ 3DES and AES ] and cryptographic key sizes [ 168 - bit key , 128 and 256-bit keys, r[...]

  • Page 26

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 26 of 67 © 2008 Nortel Networks Dependencies: [FDP_ITC.1 Import of user data without security a ttributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM .1 Cryptographic key generation] FCS_CKM .4 Cryptographic key destruc[...]

  • Page 27

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 27 of 67 © 2008 Nortel Networks 5.1.3 Class FDP: User Data Protection FDP_ACC.2 Complete access control Hierarchical to : FDP_ACC.1 FDP_ACC.2.1 The T SF shall e nforce the [ Access Control SFP ] on [ Subjects: administrators; Objects: VPN Ro uter[...]

  • Page 28

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 28 of 67 © 2008 Nortel Networks The TSF shall enforce the [ VPN Information Flow Con trol SFP ] on [ remote authenticated VPN Clients connecting to a Nortel VPN Router ] and all operations that cause that infor mation to flow to and fro m subject[...]

  • Page 29

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 29 of 67 © 2008 Nortel Networks FDP_IFF.1. 3(a) The TSF shall enforce t he [ none ]. FDP_IFF.1.4 (a) The TSF shall provide the following [ sta teful Firewall, Network Ad dress Translation (NAT), IPS ec ]. FDP_IFF.1.5 (a) The TSF shall explicitl y[...]

  • Page 30

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 30 of 67 © 2008 Nortel Networks Dependencies: FDP_IFC.1 Subset infor mation flow control FMT_M SA.3 Static attribute initialisation FDP_UCT.1 Basic data exchange confidentiality Hierarchical to : No other components. FDP_UCT.1.1 The T SF shall en[...]

  • Page 31

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 31 of 67 © 2008 Nortel Networks 5.1.4 Class FI A : Identification and Authentication FIA_UAU.1 Timing of authentication Hierarchical to : No other components. FIA_UAU.1.1 The TSF shall allow [ o connection co nfiguration, o username entry, o pass[...]

  • Page 32

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 32 of 67 © 2008 Nortel Networks The TSF shall require ea ch user to identif y itself be fore allowing any other 4 TSF-med iated actions on behalf of that user. Dependencies: No dependencies 4 “ Other ” in this SFR means any action not include[...]

  • Page 33

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 33 of 67 © 2008 Nortel Networks 5.1.5 Class FMT: Security Management FMT_MOF.1(a) Management of security functions behaviour Hierarchical to : No other components. FMT_MOF .1.1(a) The T SF shall restrict t he ability to [ modify th e behavio ur o[...]

  • Page 34

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 34 of 67 © 2008 Nortel Networks Dependencies: [FDP_ACC.1 Subset a ccess control or FDP_IFC.1 Subset infor mation flow control] FMT_SM F.1 Specification of m anage m ent functio ns FMT_SM R.1 Security roles FMT_MSA.1(c) Manageme nt of security att[...]

  • Page 35

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 35 of 67 © 2008 Nortel Networks FMT_MSA.3(b) Static attribute initialisation Hierarchical to : No other components. FMT_M SA.3.1(b) The TSF sh al l en force the [ Firewall Informatio n Control SFP ] to p rovide [ restrictive ] default values for [...]

  • Page 36

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 36 of 67 © 2008 Nortel Networks The TSF shall maintai n the roles [ Primary Admin, Restricted Ad min, VPN Us er ]. FMT_SM R.1.2 The TSF shall be able to associate users with roles. Dependencies: FIA_UID.1 Ti ming of identification[...]

  • Page 37

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 37 of 67 © 2008 Nortel Networks 5.1.6 Class FPT: Protection of the TSF FPT_AMT.1 Abstract machine testing Hierarchical to : No other components. FPT_AMT.1 .1 The TSF shall run a suite of tests [ during initial start- up, periodically during no r [...]

  • Page 38

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 38 of 67 © 2008 Nortel Networks 5.1.7 Class FTP: Trusted Path/Channels FTP_TRP.1 Trusted path Hierarchical to : No other components. FTP_TRP.1.1 The TSF shall provide a communication path between it self a nd [ remote ] users that is logically di[...]

  • Page 39

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 39 of 67 © 2008 Nortel Networks 5.2 Security Functional Requiremen ts on the IT Environmen t The T OE has the following se curity requirement for its IT environment. Table 5 identifies all SFRs implemented b y the IT Environment and indica tes th[...]

  • Page 40

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 40 of 67 © 2008 Nortel Networks The TSF TOE Env ironment shall be able to provide reliable time stamps for it’s the TO E’s own use. Dependencies: No dependencies[...]

  • Page 41

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 41 of 67 © 2008 Nortel Networks 5.3 A ssurance Requirements This section defines the assur ance requirements for the TOE. The assurance requ irements are taken fro m Part 3 of the CC and are EAL 4 augmented with ALC_F LR.2. Tab le 6 below summari[...]

  • Page 42

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 42 of 67 © 2008 Nortel Networks 6 T OE Summar y Specif icatio n This section presents infor mation to detail how the TOE meets the functional a nd ass urance requirements described in previous sections of thi s ST. 6.1 TOE Security Functions Each[...]

  • Page 43

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 43 of 67 © 2008 Nortel Networks TOE Security Function SFR ID Description FMT_MSA.3(b) Static Attribute Initialization FMT_MSA.3(c) Static Attribute Initialization FMT_SMF.1 Specification of Management Functions FMT_SMR.1 Security Roles Protection[...]

  • Page 44

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 44 of 67 © 2008 Nortel Networks System Log The System Log records data about System eve nts which are considered significant enoug h to b e written to disk, including t hose displa y ed in the Conf ig uration and Sec urity logs. Examples of event[...]

  • Page 45

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 45 of 67 © 2008 Nortel Networks 6.1.2 Cryptographic Support The T OE ’s cr y ptograph ic functionalit y is provided by a FIPS 140 -2-validated cryptographic m odule. All modules have received either a Level 1 or Level 2 FIPS 140 -2 vali dation.[...]

  • Page 46

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 46 of 67 © 2008 Nortel Networks for reuse. T his ensures that the keys a re co m pletely destroyed before an y other pro cess might have ac cess to that memory location. TOE Security Functio nal Require m ents Satisfied: FCS_CKM.1(a) , FCS_CKM.1([...]

  • Page 47

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 47 of 67 © 2008 Nortel Networks VPN Information Flow Control SFP and Firewall Information Flow Control SFP: B oth S FPs e nforce a stateful Fire wall. Eac h time a T CP connection is e stablished from a host on the internal network to a host on t[...]

  • Page 48

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 48 of 67 © 2008 Nortel Networks functions. The VPN User has no acce ss to administrative functions and may only aut henticate to the Nortel VP N Router through the Nor tel VPN Client in order to access the private network. The se roles deter mine[...]

  • Page 49

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 49 of 67 © 2008 Nortel Networks o Runs when a rando m number needs to be generated. Continuous RN G for Entropy Gathering : Verifi es that t he seed for the FIP S 182 -2 PRNG is not failing to a constant value. o Runs when a seed for the RNG need[...]

  • Page 50

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 50 of 67 © 2008 Nortel Networks Assurance Component Assurance Measure ALC_DVS.1 Nortel Networks Virtual Private Network Router v7.05 Life Cycle Support ALC_FLR.2 8 Nortel Networks Virtual Private Network Router v7.05 Life Cycle Support ALC_LCD.1 [...]

  • Page 51

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 51 of 67 © 2008 Nortel Networks 7 Protection Profile Claim s This section provides t he identification and justificatio n for any Protection Pr ofile conformance claims. 7.1 Protection Prof ile Reference There are no protection profile claims for[...]

  • Page 52

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 52 of 67 © 2008 Nortel Networks 8 Rationale This section provides th e rationale for the selection o f the sec urity require m e nts, o bjectives, assumptions, and threats. In particular, it shows that the security requireme nts ar e suitable to [...]

  • Page 53

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 53 of 67 © 2008 Nortel Networks T. AUTH- ERROR An authorized user may acc identally alter the co nfiguration of a policy tha t per m its or denies infor m ation flo w throug h the TOE, thereby affect ing t he integrity of the transmitted infor m [...]

  • Page 54

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 54 of 67 © 2008 Nortel Networks TE.PHYSICAL An attacker may physicall y attack the Ha rdware appliance in o rder to co m pro m ise its secure operation. The environ ment ensures that the T OE is ph ysically protected so that o nly TOE user s who [...]

  • Page 55

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 55 of 67 © 2008 Nortel Networks This may mean t he environ ment pro vides a co nnection to a trusted Certificate Autho rity, or that the required certificates are o therwise av ailable to the TO E. It is assumed that the appropriate infrastruct u[...]

  • Page 56

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 56 of 67 © 2008 Nortel Networks Table 12 - Rel ationship of Securit y Requirements to Objectiv es Objectives Requirements O.I&A O.AUDIT O.SELFPROTECT O.CONFIDENT O.FUNCTIONS O.ADMIN O.INTEGRITY O.REPLAY O.FILTER O.TEST OE.TIME OE.PROTECT OE.N[...]

  • Page 57

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 57 of 67 © 2008 Nortel Networks Objectives Requirements O.I&A O.AUDIT O.SELFPROTECT O.CONFIDENT O.FUNCTIONS O.ADMIN O.INTEGRITY O.REPLAY O.FILTER O.TEST OE.TIME OE.PROTECT OE.NONBYPASS FPT_AMT.1  FPT_RLT.1  FPT_TST.1  FTP_TRP.1  E[...]

  • Page 58

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 58 of 67 © 2008 Nortel Networks required to us e SH A-1 and i t must b e implemented acco rding to RFC 3 174 [ FCS_CKM.1(a) , FCS_CKM.4, and FCS_ COP.1(a, b,c,d,e,f) ]. O.CONFIDENT The TOE must use the IPSec tunnel ing proto col to ensure confide[...]

  • Page 59

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 59 of 67 © 2008 Nortel Networks The TSF is required to perfo rm security management functions such as create users and assign roles to users [FMT_SMF.1 ]. The TOE mu st be able to recognize the different administrative and user roles that exist f[...]

  • Page 60

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 60 of 67 © 2008 Nortel Networks authorized users with t he ability to verify the integrit y of TSF Data and T SF executable co de [FPT_AMT. 1 and FPT_TST.1]. OE.TIME The environment must provi de reliable timestamps for the time-stamping o f audi[...]

  • Page 61

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 61 of 67 © 2008 Nortel Networks SFR ID Dependencies Dependency Met FCS.CKM.4 FCS_CKM.1(a) FMT_MSA.2  FCS_COP.1 FCS_CKM.1(a) FCS_CKM.4 F MT _MSA.2  FDP_ACC.2 FDP_ACF.1  FDP_ACF.1 FDP_ACC.1 9 FMT_MSA.3  FDP_IFC.2 FDP_IFF.1  FDP_IFF.1[...]

  • Page 62

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 62 of 67 © 2008 Nortel Networks SFR ID Dependencies Dependency Met FPT_TST.1 FPT_AMT.1  FTP_TRP.1 [n one]  8.6 TOE Summary Specification Ration ale 8.6.1 TOE Summary Specification Rationale for the Security Functional Requirements Each s ub[...]

  • Page 63

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 63 of 67 © 2008 Nortel Networks 8.6.2 TOE Summary Spe cification Rationale for the Security Assurance Requirements 8.6.2.1 Configuration M anagement The Configuratio n Management d ocumentation pro vides a d escription of tools used to control th[...]

  • Page 64

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 64 of 67 © 2008 Nortel Networks Corresponding CC Ass urance Components: Functional Specification with Complete Su mmary Securi ty - E nforcing High-Le vel Design Descriptive Lo w-L e vel Design Implementation of the T SF Informal TOE Securit y Po[...]

  • Page 65

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 65 of 67 © 2008 Nortel Networks Corresponding CC Ass urance Components: Analysis of Coverage High-Level Design Functional Testing Independent Testing 8.6.2.7 Vulnerability and TOE Strength of Fu nction Analyses The Valid ation of An al ysis docu [...]

  • Page 66

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 66 of 67 © 2008 Nortel Networks 9 Acronyms Table 15 - Acronyms Ac ron y m Definition 3DES Triple DES AES Advanced Encryption Standard CC Common Criteria CLI Command Line Interface CPU Central Processing Unit DES Data Encryption Standard DoD Depar[...]

  • Page 67

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 67 of 67 © 2008 Nortel Networks Ac ron y m Definition SHA Secure Hash Algorithm SOF Strength of Function ST Security Target TCP Transmission Control Protocol TOE Target of Evaluation TSF TOE Security Function TSP TOE Security Policy UDP User Data[...]