Summary of the content on the page No. 1
Nortel Networks
VPN Router v7.05 and Client
Workstation v7.11
Security Target
Evaluation Assurance Level: EAL 4+
Document Version: 3.9
Prepared for: Prepared by:
Nortel Networks Corsec Security, Inc.
600 Technology Park Drive 10340 Democracy Lane, Suite 201
Billerica, MA 01821 Fairfax, VA 22030
Phone: (800) 466-7835 Phone: (703) 267-6050
http://www.nortel.com http://www.corsec.com
© 2008 Nortel Networks
�����������������������������������������
Summary of the content on the page No. 2
Security Target, Version 3.9 March 18, 2008 Revision History Version Modification Date Modified By Description of Changes 1.0 2005-05-31 Kiran Kadambari Initial draft. 2.0 2006-01-17 Nathan Lee Revised to use new document layout; addressed lab verdicts; other miscellaneous edits to all sections for accuracy, consistency, flow, and readability. 2.1 2006-09-04 Christie Kummers Revised dependencies for SFRs. Minor updates throughout. 3.0 2006-09-29 Christie Kummers Minor updates through
Summary of the content on the page No. 3
Security Target, Version 3.9 March 18, 2008 Table of Contents REVISION HISTORY ................................................................................................................................................ 2 TABLE OF CONTENTS ............................................................................................................................................ 3 TABLE OF FIGURES ..........................................................................................
Summary of the content on the page No. 4
Security Target, Version 3.9 March 18, 2008 7 PROTECTION PROFILE CLAIMS ............................................................................................................... 51 7.1 PROTECTION PROFILE REFERENCE ............................................................................................................... 51 8 RATIONALE ....................................................................................................................................................
Summary of the content on the page No. 5
Security Target, Version 3.9 March 18, 2008 1 Security Target Introduction This section identifies the Security Target (ST), Target of Evaluation (TOE) identification, ST conventions, ST conformance claims, and the ST organization. The Targets of Evaluation are models 600, 1010, 1050, 1100, 1750, 2750, and 5000 of the Nortel VPN Router v7.05 and Client Workstation v7.11. These devices are functionally identical and will hereafter be referred to, collectively, as “the TOE” throughout thi
Summary of the content on the page No. 6
Security Target, Version 3.9 March 18, 2008 Keywords VPN, Router, Firewall, IPSec 1.3 Conventions, Acronyms, and Terminology 1.3.1 Conventions There are several font variations used within this ST. Selected presentation choices are discussed here to aid the Security Target reader. The CC allows for several operations to be performed on security requirements: assignment, refinement, selection and iteration. All of these operations are used within this ST. These operations are presente
Summary of the content on the page No. 7
Security Target, Version 3.9 March 18, 2008 Term Explanation Manage Nortel VPN Router Grants administrative rights to view (monitor) and manage (configure) Nortel VPN Router configuration settings or user rights settings. This is the highest level of administrative privilege. The only permission not granted to this level is access to the Primary Admin password. View Nortel VPN Router Grants administrative rights to view (monitor) most Nortel VPN Router configuration settings or user ri
Summary of the content on the page No. 8
Security Target, Version 3.9 March 18, 2008 2 TOE Description This section provides a general overview of the TOE as an aid to understanding the general capabilities and security requirements provided by the TOE. The TOE description provides a context for the TOE evaluation by identifying the product type and describing the evaluated configuration. 2.1 Product Type The Nortel VPN Router v7.05 and Client Workstation v7.11 is a hardware and software TOE which combines network data routin
Summary of the content on the page No. 9
Security Target, Version 3.9 March 18, 2008 mode, a Nortel VPN Router on one Enterprise network segment will establish a VPN tunnel with another Nortel VPN Router on another Enterprise network segment. All communications between the two network segments are protected by the VPN tunnel. Figure 2 below shows a typical deployment configuration for Branch Office mode: Figure 2 – Branch Office Deployment Configuration of the TOE VPN sessions between the TOE components (the Nortel VPN Clien
Summary of the content on the page No. 10
Security Target, Version 3.9 March 18, 2008 Configuration of the TOE is performed via a Command Line Interface (CLI) by physically connecting a device (such as a laptop) to the serial interface of the TOE and utilizing dumb-terminal software. After the TOE is configured, it can be managed remotely via a Graphical User Interface (GUI) which is accessed by a management workstation connected to the protected and trusted internal network. 2.3 TOE Boundaries and Scope This section identifies
Summary of the content on the page No. 11
Security Target, Version 3.9 March 18, 2008 In Figure 3 above, the TOE is installed at the boundary of the private (“Enterprise”) network and the public (“Internet”) network. In Figure 4 above, the TOE is installed at the boundary of the two private (“Enterprise”) networks. The essential physical components of the TOE are: Nortel VPN Router v7.05 build 100: The Nortel VPN Router is a dedicated hardware/software appliance running a Nortel-hardened version of the VxWorks OS. All non-ess
Summary of the content on the page No. 12
Security Target, Version 3.9 March 18, 2008 Legend: TOE Boundary The World Enterprise Nortel VPN Client Nortel VPN Switch Software Software Windows OS VPN Tunnel VxWorks OS General Purpose Internet Contivity Hardware Computing Hardware Appliance Corporate Network Nortel Nortel VPN Router VPN Client Workstation Figure 5 - TOE Logical Boundary Figure 6 - TOE Logical Boundary in Branch Office Tunnel Mode The essential logical components of the TOE are: Nortel VPN Router v7.05 and Client
Summary of the content on the page No. 13
Security Target, Version 3.9 March 18, 2008 Nortel VPN Router: Each of the logical components contained within the physical Nortel VPN Router are included within the TOE boundary. These components are: o Nortel VPN Switch Software o VxWorks OS o Contivity Hardware Appliance. Nortel VPN Client Workstation: The Nortel VPN Client software is part of the TOE but the underlying OS and hardware are excluded from the TOE boundary. The TOE’s logical boundary includes all of the TOE Secu
Summary of the content on the page No. 14
Security Target, Version 3.9 March 18, 2008 Nortel VPN Routers, as well as providing protection against external attack. The architecture of the TOE ensures that VPN data is subject to enforcement of the VPN IFC SFP, and that all data passing through the firewall is subject to enforcement of the Firewall IFC SFP. These SFPs are enforced by the TOE based upon the privilege criteria defined in the SFPs. 2.3.2.4 Identification and Authentication All identification and authentication for t
Summary of the content on the page No. 15
Security Target, Version 3.9 March 18, 2008 2.3.3 Excluded TOE Functionality The following product features and functionality are excluded from the evaluated configuration of the TOE: Remote VPN connections using a tunneling protocol other than IPSec Remote authentication using a Smart Card or a hardware or software token Card Nortel VPN Router v7.05 and Client Workstation v7.11 Page 15 of 67 © 2008 Nortel Networks ��������������������������������������������������������������������
Summary of the content on the page No. 16
Security Target, Version 3.9 March 18, 2008 3 TOE Security Environment This section describes the security aspects of the environment in which the TOE will be used and the manner in which the TOE is expected to be employed. Section 3.1 provides assumptions about the secure usage of the TOE, including physical, personnel, and connectivity aspects. Section 3.2 lists the known and presumed threats countered by either the TOE or by the security environment. 3.1 Assumptions This section co
Summary of the content on the page No. 17
Security Target, Version 3.9 March 18, 2008 Attackers who are not TOE users: These attackers have no knowledge of how the TOE operates and are assumed to possess a low skill level, a low level of motivation, limited resources to alter TOE configuration settings/parameters, and no physical access to the TOE. TOE users: These attackers have extensive knowledge of how the TOE operates and are assumed to possess a high skill level, moderate resources to alter TOE configuration settings/para
Summary of the content on the page No. 18
Security Target, Version 3.9 March 18, 2008 4 Security Objectives This section identifies the security objectives for the TOE and its supporting environment. The security objectives identify the responsibilities of the TOE and its environment in meeting the security needs. 4.1 Security Objectives for the TOE The specific security objectives are as follows: O.I&A The TOE must be able to identify and authenticate users prior to allowing access to TOE functions and data. O.AUDIT The TOE
Summary of the content on the page No. 19
Security Target, Version 3.9 March 18, 2008 4.2 Security Objectives for the Environment 4.2.1 IT Security Objectives The following IT security objectives are to be satisfied by the environment: OE.TIME The environment must provide reliable timestamps for the time-stamping of audit events. The environment must provide the required certificate infrastructure so that the validity of OE.CERTIFICATE certificates can be verified. The certificate infrastructure must be properly and securely m
Summary of the content on the page No. 20
Security Target, Version 3.9 March 18, 2008 5 IT Security Requirements This section defines the Security Functional Requirements (SFRs) and Security Assurance Requirements (SARs) met by the TOE as well as SFRs met by the TOE IT environment. These requirements are presented following the conventions identified in Section 1.3.1. 5.1 TOE Security Functional Requirements This section specifies the SFRs for the TOE. This section organizes the SFRs by CC class. Table 3 identifies all SFRs
