Nortel Networks 7.11 Bedienungsanleitung

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

Zur Seite of

Richtige Gebrauchsanleitung

Die Vorschriften verpflichten den Verkäufer zur Übertragung der Gebrauchsanleitung Nortel Networks 7.11 an den Erwerber, zusammen mit der Ware. Eine fehlende Anleitung oder falsche Informationen, die dem Verbraucher übertragen werden, bilden eine Grundlage für eine Reklamation aufgrund Unstimmigkeit des Geräts mit dem Vertrag. Rechtsmäßig lässt man das Anfügen einer Gebrauchsanleitung in anderer Form als Papierform zu, was letztens sehr oft genutzt wird, indem man eine grafische oder elektronische Anleitung von Nortel Networks 7.11, sowie Anleitungsvideos für Nutzer beifügt. Die Bedingung ist, dass ihre Form leserlich und verständlich ist.

Was ist eine Gebrauchsanleitung?

Das Wort kommt vom lateinischen „instructio”, d.h. ordnen. Demnach kann man in der Anleitung Nortel Networks 7.11 die Beschreibung der Etappen der Vorgehensweisen finden. Das Ziel der Anleitung ist die Belehrung, Vereinfachung des Starts, der Nutzung des Geräts oder auch der Ausführung bestimmter Tätigkeiten. Die Anleitung ist eine Sammlung von Informationen über ein Gegenstand/eine Dienstleistung, ein Hinweis.

Leider widmen nicht viele Nutzer ihre Zeit der Gebrauchsanleitung Nortel Networks 7.11. Eine gute Gebrauchsanleitung erlaubt nicht nur eine Reihe zusätzlicher Funktionen des gekauften Geräts kennenzulernen, sondern hilft dabei viele Fehler zu vermeiden.

Was sollte also eine ideale Gebrauchsanleitung beinhalten?

Die Gebrauchsanleitung Nortel Networks 7.11 sollte vor allem folgendes enthalten:
- Informationen über technische Daten des Geräts Nortel Networks 7.11
- Den Namen des Produzenten und das Produktionsjahr des Geräts Nortel Networks 7.11
- Grundsätze der Bedienung, Regulierung und Wartung des Geräts Nortel Networks 7.11
- Sicherheitszeichen und Zertifikate, die die Übereinstimmung mit entsprechenden Normen bestätigen

Warum lesen wir keine Gebrauchsanleitungen?

Der Grund dafür ist die fehlende Zeit und die Sicherheit, was die bestimmten Funktionen der gekauften Geräte angeht. Leider ist das Anschließen und Starten von Nortel Networks 7.11 zu wenig. Eine Anleitung beinhaltet eine Reihe von Hinweisen bezüglich bestimmter Funktionen, Sicherheitsgrundsätze, Wartungsarten (sogar das, welche Mittel man benutzen sollte), eventueller Fehler von Nortel Networks 7.11 und Lösungsarten für Probleme, die während der Nutzung auftreten könnten. Immerhin kann man in der Gebrauchsanleitung die Kontaktnummer zum Service Nortel Networks finden, wenn die vorgeschlagenen Lösungen nicht wirksam sind. Aktuell erfreuen sich Anleitungen in Form von interessanten Animationen oder Videoanleitungen an Popularität, die den Nutzer besser ansprechen als eine Broschüre. Diese Art von Anleitung gibt garantiert, dass der Nutzer sich das ganze Video anschaut, ohne die spezifizierten und komplizierten technischen Beschreibungen von Nortel Networks 7.11 zu überspringen, wie es bei der Papierform passiert.

Warum sollte man Gebrauchsanleitungen lesen?

In der Gebrauchsanleitung finden wir vor allem die Antwort über den Bau sowie die Möglichkeiten des Geräts Nortel Networks 7.11, über die Nutzung bestimmter Accessoires und eine Reihe von Informationen, die erlauben, jegliche Funktionen und Bequemlichkeiten zu nutzen.

Nach dem gelungenen Kauf des Geräts, sollte man einige Zeit für das Kennenlernen jedes Teils der Anleitung von Nortel Networks 7.11 widmen. Aktuell sind sie genau vorbereitet oder übersetzt, damit sie nicht nur verständlich für die Nutzer sind, aber auch ihre grundliegende Hilfs-Informations-Funktion erfüllen.

Inhaltsverzeichnis der Gebrauchsanleitungen

  • Seite 1

    © 2008 Nortel Networks Nortel Net works VPN Router v7.0 5 and Client Workstation v7.11 Security Target Evaluation Assurance Level : EAL 4 + Document Versio n: 3.9 Prepared for: Prepared b y : Nortel Networks Corsec Securit y, Inc. 600 Technolog y Park Drive Billerica, MA 01821 10340 Democr acy La ne, Suite 201 Fairfax, VA 22030 Phone: (800) 466- 7[...]

  • Seite 2

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 2 of 67 © 2008 Nortel Networks Revision Histor y Version Modification Date Modified By Description of Changes 1.0 2005 - 05 - 31 Kiran Kadambari Initial draft. 2.0 2006 - 01 - 17 Nathan Lee Revised to use new document layout; addressed lab verdic[...]

  • Seite 3

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 3 of 67 © 2008 Nortel Networks Table of Contents REVISION HISTORY ................................................................................................................................................ 2 TABLE OF CONTEN TS ..............[...]

  • Seite 4

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 4 of 67 © 2008 Nortel Networks 7 PROTECTION PROFI LE CLAIMS ................................................................ ............................................... 51 7.1 P ROTECTI ON P ROFIL E R EFEREN CE ...............................[...]

  • Seite 5

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 5 of 67 © 2008 Nortel Networks 1 Security T arget Introduction This section identifies the Security Target (ST), Target of Evaluatio n (T OE) identificatio n, ST conventions, ST conformance clai ms, and the ST organizatio n. The Tar gets of Evalu[...]

  • Seite 6

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 6 of 67 © 2008 Nortel Networks Ke y w ords VPN, Router, Firewall, IPSec 1.3 Conven tions, A cronyms, and Terminology 1.3.1 Conventions There are several f ont variat ions used within this ST . Sel ected presentation choices are d iscussed here to[...]

  • Seite 7

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 7 of 67 © 2008 Nortel Networks Term Explanation Manage Nortel VPN Router Grants administrative rights to view (monitor) and manage (configure) Nortel VPN Router configuration settings or user rights settings. This is the highest level of administ[...]

  • Seite 8

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 8 of 67 © 2008 Nortel Networks 2 T OE Descripti on This section pro vides a general overview o f the TOE as an aid to understanding the general capabilities and security requirements provided b y the TOE . The TOE description provides a context f[...]

  • Seite 9

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 9 of 67 © 2008 Nortel Networks mode, a No rtel VPN Rou ter on one Enterprise net work segment will establish a VPN tunnel with a nother Nortel VPN Ro uter on another Enterprise net w ork segment. All co mm unicatio ns between the two net work seg[...]

  • Seite 10

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 10 of 67 © 2008 Nortel Networks Configuration of the T OE is performed via a Co mmand Line Interface ( CLI) by physicall y connecti ng a device (such as a laptop) to the serial interface of t he TOE and utilizing dumb-terminal software. After the[...]

  • Seite 11

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 11 of 67 © 2008 Nortel Networks In Figure 3 above, the T OE is installed at the boun dar y of the private (“Enterprise”) network a nd the p ublic (“Internet”) network . I n Figure 4 above, the TOE is installed at the boundar y of the two [...]

  • Seite 12

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 12 of 67 © 2008 Nortel Networks Legend: TOE Boundary The World Enterprise Corporate Network Internet Nortel VPN Client Workstation Nortel VPN Router VPN Tunnel Windows OS General Purpose Computing Hardware Nortel VPN Client Software Nortel VPN Sw[...]

  • Seite 13

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 13 of 67 © 2008 Nortel Networks Nortel VPN Router: E ach of the logical components contained within t he physical Nortel VPN Router ar e included within the TOE boundary. T hese components are: o Nortel VPN S w itch Soft ware o VxWorks OS o Conti[...]

  • Seite 14

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 14 of 67 © 2008 Nortel Networks Nortel VPN Rou ters, as well as p roviding protection agai nst external attac k. The ar chitecture of t he T OE ensures that VPN data is subj ect to enforcement of the VPN IFC SFP, and that all data passing through[...]

  • Seite 15

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 15 of 67 © 2008 Nortel Networks 2.3.3 Excluded TOE Functionality The following prod uct features and functionali ty are excluded from the evaluated configuration of t he TOE: Remote VPN connection s using a tunneling proto col other than IPSec Re[...]

  • Seite 16

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 16 of 67 © 2008 Nortel Networks 3 T OE Securi ty Environment This sectio n d escribes the security aspects of the environ ment in whic h t he TOE will be us ed and the manner i n which the TOE is expected to b e employed. Sectio n 3.1 provides as[...]

  • Seite 17

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 17 of 67 © 2008 Nortel Networks Attackers w ho a re no t TOE users: T hese attackers have no knowled ge of how t he TOE operates and are assumed to po ssess a low skill level, a lo w level of motivation, li m ited resources to alter TOE configura[...]

  • Seite 18

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 18 of 67 © 2008 Nortel Networks 4 Security Objectives This section identifie s the security objectives for the T OE and its supp orting environ m ent . T he securit y objectives identify the responsibilities o f the TOE and its environment in m e[...]

  • Seite 19

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 19 of 67 © 2008 Nortel Networks 4.2 Security Objectives for the Env ironment 4.2.1 IT Security Objectives The following IT security objectives are to be satisfied b y the environment: OE.TIME The environment must provide reliable ti mestamps for [...]

  • Seite 20

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 20 of 67 © 2008 Nortel Networks 5 IT Securit y Req uirement s This section d efines the Sec urity F unctional Requirements (SFRs) and Security Assurance Req uirements (SARs) met by the T OE as well as SFRs met by the T OE IT environment. These re[...]

  • Seite 21

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 21 of 67 © 2008 Nortel Networks SFR ID Description ST Operation FMT_MSA.1(b) Management of Security Attributes    FMT_MSA.1(c) Management of Security Attributes    FMT_MSA.2 Secure Security Attributes FMT_MSA.3(a) Static Attribu[...]

  • Seite 22

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 22 of 67 © 2008 Nortel Networks 5.1.1 Class FAU: Security A udit FAU_GEN.1 Audit Data Generation Hierarchical to : No other components. FAU_GEN.1.1 The TSF shall be able to generate an audit record of the following auditable events: a) Start-up a[...]

  • Seite 23

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 23 of 67 © 2008 Nortel Networks The TSF shall provide the a udit records in a manner suitable for the user to interpret the information. Dependencies: FAU_GEN.1 Audit dat a generation[...]

  • Seite 24

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 24 of 67 © 2008 Nortel Networks 5.1.2 Class FCS: Cryptographic Support FCS_CKM.1(a) Cryptographic key generation (Diffie-Hellman) Hierarchical to : No other components. FCS_CKM .1.1(a) The TSF shall generate cr yptographic keys in accordance with[...]

  • Seite 25

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 25 of 67 © 2008 Nortel Networks FCS_COP.1.1 (a) The T SF shall perform [ encry ption and decryptio n ] in accordance with a specified cr y ptographic algorithm [ 3DES and AES ] and cryptographic key sizes [ 168 - bit key , 128 and 256-bit keys, r[...]

  • Seite 26

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 26 of 67 © 2008 Nortel Networks Dependencies: [FDP_ITC.1 Import of user data without security a ttributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM .1 Cryptographic key generation] FCS_CKM .4 Cryptographic key destruc[...]

  • Seite 27

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 27 of 67 © 2008 Nortel Networks 5.1.3 Class FDP: User Data Protection FDP_ACC.2 Complete access control Hierarchical to : FDP_ACC.1 FDP_ACC.2.1 The T SF shall e nforce the [ Access Control SFP ] on [ Subjects: administrators; Objects: VPN Ro uter[...]

  • Seite 28

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 28 of 67 © 2008 Nortel Networks The TSF shall enforce the [ VPN Information Flow Con trol SFP ] on [ remote authenticated VPN Clients connecting to a Nortel VPN Router ] and all operations that cause that infor mation to flow to and fro m subject[...]

  • Seite 29

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 29 of 67 © 2008 Nortel Networks FDP_IFF.1. 3(a) The TSF shall enforce t he [ none ]. FDP_IFF.1.4 (a) The TSF shall provide the following [ sta teful Firewall, Network Ad dress Translation (NAT), IPS ec ]. FDP_IFF.1.5 (a) The TSF shall explicitl y[...]

  • Seite 30

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 30 of 67 © 2008 Nortel Networks Dependencies: FDP_IFC.1 Subset infor mation flow control FMT_M SA.3 Static attribute initialisation FDP_UCT.1 Basic data exchange confidentiality Hierarchical to : No other components. FDP_UCT.1.1 The T SF shall en[...]

  • Seite 31

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 31 of 67 © 2008 Nortel Networks 5.1.4 Class FI A : Identification and Authentication FIA_UAU.1 Timing of authentication Hierarchical to : No other components. FIA_UAU.1.1 The TSF shall allow [ o connection co nfiguration, o username entry, o pass[...]

  • Seite 32

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 32 of 67 © 2008 Nortel Networks The TSF shall require ea ch user to identif y itself be fore allowing any other 4 TSF-med iated actions on behalf of that user. Dependencies: No dependencies 4 “ Other ” in this SFR means any action not include[...]

  • Seite 33

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 33 of 67 © 2008 Nortel Networks 5.1.5 Class FMT: Security Management FMT_MOF.1(a) Management of security functions behaviour Hierarchical to : No other components. FMT_MOF .1.1(a) The T SF shall restrict t he ability to [ modify th e behavio ur o[...]

  • Seite 34

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 34 of 67 © 2008 Nortel Networks Dependencies: [FDP_ACC.1 Subset a ccess control or FDP_IFC.1 Subset infor mation flow control] FMT_SM F.1 Specification of m anage m ent functio ns FMT_SM R.1 Security roles FMT_MSA.1(c) Manageme nt of security att[...]

  • Seite 35

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 35 of 67 © 2008 Nortel Networks FMT_MSA.3(b) Static attribute initialisation Hierarchical to : No other components. FMT_M SA.3.1(b) The TSF sh al l en force the [ Firewall Informatio n Control SFP ] to p rovide [ restrictive ] default values for [...]

  • Seite 36

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 36 of 67 © 2008 Nortel Networks The TSF shall maintai n the roles [ Primary Admin, Restricted Ad min, VPN Us er ]. FMT_SM R.1.2 The TSF shall be able to associate users with roles. Dependencies: FIA_UID.1 Ti ming of identification[...]

  • Seite 37

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 37 of 67 © 2008 Nortel Networks 5.1.6 Class FPT: Protection of the TSF FPT_AMT.1 Abstract machine testing Hierarchical to : No other components. FPT_AMT.1 .1 The TSF shall run a suite of tests [ during initial start- up, periodically during no r [...]

  • Seite 38

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 38 of 67 © 2008 Nortel Networks 5.1.7 Class FTP: Trusted Path/Channels FTP_TRP.1 Trusted path Hierarchical to : No other components. FTP_TRP.1.1 The TSF shall provide a communication path between it self a nd [ remote ] users that is logically di[...]

  • Seite 39

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 39 of 67 © 2008 Nortel Networks 5.2 Security Functional Requiremen ts on the IT Environmen t The T OE has the following se curity requirement for its IT environment. Table 5 identifies all SFRs implemented b y the IT Environment and indica tes th[...]

  • Seite 40

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 40 of 67 © 2008 Nortel Networks The TSF TOE Env ironment shall be able to provide reliable time stamps for it’s the TO E’s own use. Dependencies: No dependencies[...]

  • Seite 41

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 41 of 67 © 2008 Nortel Networks 5.3 A ssurance Requirements This section defines the assur ance requirements for the TOE. The assurance requ irements are taken fro m Part 3 of the CC and are EAL 4 augmented with ALC_F LR.2. Tab le 6 below summari[...]

  • Seite 42

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 42 of 67 © 2008 Nortel Networks 6 T OE Summar y Specif icatio n This section presents infor mation to detail how the TOE meets the functional a nd ass urance requirements described in previous sections of thi s ST. 6.1 TOE Security Functions Each[...]

  • Seite 43

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 43 of 67 © 2008 Nortel Networks TOE Security Function SFR ID Description FMT_MSA.3(b) Static Attribute Initialization FMT_MSA.3(c) Static Attribute Initialization FMT_SMF.1 Specification of Management Functions FMT_SMR.1 Security Roles Protection[...]

  • Seite 44

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 44 of 67 © 2008 Nortel Networks System Log The System Log records data about System eve nts which are considered significant enoug h to b e written to disk, including t hose displa y ed in the Conf ig uration and Sec urity logs. Examples of event[...]

  • Seite 45

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 45 of 67 © 2008 Nortel Networks 6.1.2 Cryptographic Support The T OE ’s cr y ptograph ic functionalit y is provided by a FIPS 140 -2-validated cryptographic m odule. All modules have received either a Level 1 or Level 2 FIPS 140 -2 vali dation.[...]

  • Seite 46

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 46 of 67 © 2008 Nortel Networks for reuse. T his ensures that the keys a re co m pletely destroyed before an y other pro cess might have ac cess to that memory location. TOE Security Functio nal Require m ents Satisfied: FCS_CKM.1(a) , FCS_CKM.1([...]

  • Seite 47

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 47 of 67 © 2008 Nortel Networks VPN Information Flow Control SFP and Firewall Information Flow Control SFP: B oth S FPs e nforce a stateful Fire wall. Eac h time a T CP connection is e stablished from a host on the internal network to a host on t[...]

  • Seite 48

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 48 of 67 © 2008 Nortel Networks functions. The VPN User has no acce ss to administrative functions and may only aut henticate to the Nortel VP N Router through the Nor tel VPN Client in order to access the private network. The se roles deter mine[...]

  • Seite 49

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 49 of 67 © 2008 Nortel Networks o Runs when a rando m number needs to be generated. Continuous RN G for Entropy Gathering : Verifi es that t he seed for the FIP S 182 -2 PRNG is not failing to a constant value. o Runs when a seed for the RNG need[...]

  • Seite 50

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 50 of 67 © 2008 Nortel Networks Assurance Component Assurance Measure ALC_DVS.1 Nortel Networks Virtual Private Network Router v7.05 Life Cycle Support ALC_FLR.2 8 Nortel Networks Virtual Private Network Router v7.05 Life Cycle Support ALC_LCD.1 [...]

  • Seite 51

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 51 of 67 © 2008 Nortel Networks 7 Protection Profile Claim s This section provides t he identification and justificatio n for any Protection Pr ofile conformance claims. 7.1 Protection Prof ile Reference There are no protection profile claims for[...]

  • Seite 52

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 52 of 67 © 2008 Nortel Networks 8 Rationale This section provides th e rationale for the selection o f the sec urity require m e nts, o bjectives, assumptions, and threats. In particular, it shows that the security requireme nts ar e suitable to [...]

  • Seite 53

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 53 of 67 © 2008 Nortel Networks T. AUTH- ERROR An authorized user may acc identally alter the co nfiguration of a policy tha t per m its or denies infor m ation flo w throug h the TOE, thereby affect ing t he integrity of the transmitted infor m [...]

  • Seite 54

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 54 of 67 © 2008 Nortel Networks TE.PHYSICAL An attacker may physicall y attack the Ha rdware appliance in o rder to co m pro m ise its secure operation. The environ ment ensures that the T OE is ph ysically protected so that o nly TOE user s who [...]

  • Seite 55

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 55 of 67 © 2008 Nortel Networks This may mean t he environ ment pro vides a co nnection to a trusted Certificate Autho rity, or that the required certificates are o therwise av ailable to the TO E. It is assumed that the appropriate infrastruct u[...]

  • Seite 56

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 56 of 67 © 2008 Nortel Networks Table 12 - Rel ationship of Securit y Requirements to Objectiv es Objectives Requirements O.I&A O.AUDIT O.SELFPROTECT O.CONFIDENT O.FUNCTIONS O.ADMIN O.INTEGRITY O.REPLAY O.FILTER O.TEST OE.TIME OE.PROTECT OE.N[...]

  • Seite 57

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 57 of 67 © 2008 Nortel Networks Objectives Requirements O.I&A O.AUDIT O.SELFPROTECT O.CONFIDENT O.FUNCTIONS O.ADMIN O.INTEGRITY O.REPLAY O.FILTER O.TEST OE.TIME OE.PROTECT OE.NONBYPASS FPT_AMT.1  FPT_RLT.1  FPT_TST.1  FTP_TRP.1  E[...]

  • Seite 58

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 58 of 67 © 2008 Nortel Networks required to us e SH A-1 and i t must b e implemented acco rding to RFC 3 174 [ FCS_CKM.1(a) , FCS_CKM.4, and FCS_ COP.1(a, b,c,d,e,f) ]. O.CONFIDENT The TOE must use the IPSec tunnel ing proto col to ensure confide[...]

  • Seite 59

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 59 of 67 © 2008 Nortel Networks The TSF is required to perfo rm security management functions such as create users and assign roles to users [FMT_SMF.1 ]. The TOE mu st be able to recognize the different administrative and user roles that exist f[...]

  • Seite 60

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 60 of 67 © 2008 Nortel Networks authorized users with t he ability to verify the integrit y of TSF Data and T SF executable co de [FPT_AMT. 1 and FPT_TST.1]. OE.TIME The environment must provi de reliable timestamps for the time-stamping o f audi[...]

  • Seite 61

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 61 of 67 © 2008 Nortel Networks SFR ID Dependencies Dependency Met FCS.CKM.4 FCS_CKM.1(a) FMT_MSA.2  FCS_COP.1 FCS_CKM.1(a) FCS_CKM.4 F MT _MSA.2  FDP_ACC.2 FDP_ACF.1  FDP_ACF.1 FDP_ACC.1 9 FMT_MSA.3  FDP_IFC.2 FDP_IFF.1  FDP_IFF.1[...]

  • Seite 62

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 62 of 67 © 2008 Nortel Networks SFR ID Dependencies Dependency Met FPT_TST.1 FPT_AMT.1  FTP_TRP.1 [n one]  8.6 TOE Summary Specification Ration ale 8.6.1 TOE Summary Specification Rationale for the Security Functional Requirements Each s ub[...]

  • Seite 63

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 63 of 67 © 2008 Nortel Networks 8.6.2 TOE Summary Spe cification Rationale for the Security Assurance Requirements 8.6.2.1 Configuration M anagement The Configuratio n Management d ocumentation pro vides a d escription of tools used to control th[...]

  • Seite 64

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 64 of 67 © 2008 Nortel Networks Corresponding CC Ass urance Components: Functional Specification with Complete Su mmary Securi ty - E nforcing High-Le vel Design Descriptive Lo w-L e vel Design Implementation of the T SF Informal TOE Securit y Po[...]

  • Seite 65

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 65 of 67 © 2008 Nortel Networks Corresponding CC Ass urance Components: Analysis of Coverage High-Level Design Functional Testing Independent Testing 8.6.2.7 Vulnerability and TOE Strength of Fu nction Analyses The Valid ation of An al ysis docu [...]

  • Seite 66

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 66 of 67 © 2008 Nortel Networks 9 Acronyms Table 15 - Acronyms Ac ron y m Definition 3DES Triple DES AES Advanced Encryption Standard CC Common Criteria CLI Command Line Interface CPU Central Processing Unit DES Data Encryption Standard DoD Depar[...]

  • Seite 67

    Security Target, Version 3.9 March 18, 2008 Nortel VPN Router v7.05 and Client W orkstation v7.11 Page 67 of 67 © 2008 Nortel Networks Ac ron y m Definition SHA Secure Hash Algorithm SOF Strength of Function ST Security Target TCP Transmission Control Protocol TOE Target of Evaluation TSF TOE Security Function TSP TOE Security Policy UDP User Data[...]