Alcatel-Lucent OmniSwitch - Common Criteria Security Target – EAL2 Agile P/N: 011756-00 Agile Revision: C, 12/19/2011 Alcatel-Lucent OmniSwitch 90
Alcatel-Lucent OmniSwitch ST 6 OmniSwitch 6850E–24 Gigabit Ethernet chassis in a 1U form factor with 20 RJ-45 ports individually configurable to
Alcatel-Lucent OmniSwitch ST 7 The OS9000E series require at least one Chassis Management Module (CMM) and at least one Network Interface (NI) m
Alcatel-Lucent OmniSwitch ST 8 1.5 Logical Boundaries This section contains the product features and denotes which are in the TOE. 1.5.1 Audit T
Alcatel-Lucent OmniSwitch ST 9 1.5.2.3 Captive Portal Authentication The TOE provides web-based authentication which allows end-users to authen
Alcatel-Lucent OmniSwitch ST 10 The TOE provides the administrator the ability to manage all other aspects of the TOE; for example, configuring
Alcatel-Lucent OmniSwitch ST 11 Figure 4: Static VLAN port configuration 1.5.4.2 Forwarding (Routing) If a device needs to communicate with an
Alcatel-Lucent OmniSwitch ST 12 1.5.4.3 Traffic Filtering Traffic Filtering is implemented using Access Control Lists to moderate traffic flow
Alcatel-Lucent OmniSwitch ST 13 1.5.5.1 IPsec IPsec is a suite of protocols for securing Internet Protocol (IP) traffic. On IPv6, the TOE provid
Alcatel-Lucent OmniSwitch ST 14 1.5.7 Excluded TOE Features The following features interfere with the TOE security functionality claims and must
Alcatel-Lucent OmniSwitch ST 15 1.6 Document Terminology Term Definition ACL Access control List Administrative-user An administrative user of
Alcatel-Lucent OmniSwitch ST 1 Table of Contents 1 INTRODUCTION ...
Alcatel-Lucent OmniSwitch ST 16 Term Definition Port Mobility The ability for the Alcatel Switches to dynamically tag incoming traffic into a
Alcatel-Lucent OmniSwitch ST 17 2 Conformance Claims 2.1 CC Conformance Claim This ST was developed to Common Criteria (CC) for Information Tec
Alcatel-Lucent OmniSwitch ST 18 3.2 Threats The TOE or Operating Environment addresses the threats identified in the following sections. 3.2.1
Alcatel-Lucent OmniSwitch ST 19 4 Security Objectives This chapter describes the security objectives for the TOE and the TOE’s operating environ
Alcatel-Lucent OmniSwitch ST 20 OE.AUDREV The authorized administrator will periodically review the audit trail on the TOE. Note that use of re
Alcatel-Lucent OmniSwitch ST 21 OE.IDAUTH assists in countering this threat when the TOE is configured to use external authentication by requi
Alcatel-Lucent OmniSwitch ST 22 O.TRANSIT counters this threat by ensuring that the TOE protects TSF data when in transit between the TSF and
Alcatel-Lucent OmniSwitch ST 23 OE.PHYSEC covers this assumption by requiring that the TOE is located in a physically secure environment. A.MG
Alcatel-Lucent OmniSwitch ST 24 5 Extended Components Definition This section defines the newly defined components (also known as extended comp
Alcatel-Lucent OmniSwitch ST 25 The following actions could be considered for the management functions in FIA: If identification is by the TO
Alcatel-Lucent OmniSwitch ST 2 6 IT SECURITY REQUIREMENTS ...
Alcatel-Lucent OmniSwitch ST 26 FIA_UAU_SRV.1.1 When invoked by the TSF, the [assignment: list of authentication servers] in the [selection: T
Alcatel-Lucent OmniSwitch ST 27 Minimal: Identification of the initiator and target of failed trusted channel functions. Basic: All attemp
Alcatel-Lucent OmniSwitch ST 28 6 IT Security Requirements The security requirements that are levied on the TOE and the Operating Environment a
Alcatel-Lucent OmniSwitch ST 29 FCS_COP.1 (5) Cryptographic Operation – IPsec encryption services FCS_COP.1 (6) Cryptographic Operation – SNMP
Alcatel-Lucent OmniSwitch ST 30 SFR Action Details FDP_IFF.1 (1) All decisions on requests for information flow made by the Traffic Filter
Alcatel-Lucent OmniSwitch ST 31 FCS_CKM.1(2) The TSF shall generate cryptographic keys in accordance with a specified cryptographic key genera
Alcatel-Lucent OmniSwitch ST 32 that meets the following: ssh-dss4 key format as defined in Specification in Internet Draft: SSH Transport Layer
Alcatel-Lucent OmniSwitch ST 33 key sizes 168 bits for TDES and 128, 192, 256 for AES that meet the following FIPS 46-3 for TDES and FIPS PUB 19
Alcatel-Lucent OmniSwitch ST 34 6.2.3.4 FIA_SOS.1 Verification of Secrets FIA_SOS.1.1 The TSF shall provide a mechanism to verify that secrets
Alcatel-Lucent OmniSwitch ST 35 Reusable password mechanism can be configured for administrators accessing the TOE. Keyed MAC can be used
Alcatel-Lucent OmniSwitch ST 3 6.6 RATIONALE FOR IT SECURITY REQUIREMENT DEPENDENCIES ...
Alcatel-Lucent OmniSwitch ST 36 translates to an internal network address; and the presumed address of the destination subject, in the inform
Alcatel-Lucent OmniSwitch ST 37 and information security attributes: Subject security attributes: Receiving/transmitting VLAN interface;
Alcatel-Lucent OmniSwitch ST 38 e) Configure Learned Port Security (LPS)10 f) Configuring IPsec g) Terminating Another Administrator Session h
Alcatel-Lucent OmniSwitch ST 39 n) Configure password policy settings o) Configure session timeout intervals 6.2.5.5 FMT_SMR.1 Security roles
Alcatel-Lucent OmniSwitch ST 40 6.2.8.2 FTA_SSL.3 (2) TSF-initiated termination – user session FTA_SSL.3.1 (2) The TSF shall terminate an int
Alcatel-Lucent OmniSwitch ST 41 6.4 TOE Security Assurance Requirements The Security assurance requirements (SARs) provide grounds for confiden
Alcatel-Lucent OmniSwitch ST 42 6.5 Rationale For TOE Security Requirements This section contains the security requirements rationale which inc
Alcatel-Lucent OmniSwitch ST 43 password expiration and role (FMT_SMR.1) are stored and configured in the TOE if the administrator is setup to b
Alcatel-Lucent OmniSwitch ST 44 O.TOE_MGMT The TOE will provide interfaces to allow the administrator to configure the other security functions
Alcatel-Lucent OmniSwitch ST 45 Functional Component Dependency Included FCS_CKM.1 (4) FCS_CKM.2 or FCS_COP.1 FCS_CKM.4 Yes FCS_CKM.1 (5) FCS
Alcatel-Lucent OmniSwitch ST 1 List of Tables Table 1: TOE Physical Components ...
Alcatel-Lucent OmniSwitch ST 46 Functional Component Dependency Included FMT_MSA.1 FDP_IFC.1 FMT_SMR.1 FMT_SMF.1 Yes FMT_MSA.3 FMT_SMR.1 FMT
Alcatel-Lucent OmniSwitch ST 47 7 TOE Summary Specification This section presents a description of how the TOE SFRs are satisfied, organized by
Alcatel-Lucent OmniSwitch ST 48 7.1.1.2 QoS Logging QoS11 logging is implemented by configuring the switch to log information about flows coming
Alcatel-Lucent OmniSwitch ST 49 reliable time stamps are used to generate useful, interpretable audit records. 7.2 Cryptographic Operations The
Alcatel-Lucent OmniSwitch ST 50 resend data if modifications are detected. The SSLv2 and SSLv3 implementations are based on the RSA SSL C Librar
Alcatel-Lucent OmniSwitch ST 51 overwriting an old key with new key. 7.2.4 Cryptographic Operations: FCS_COP.1(1)-(6) The TOE implements encrypt
Alcatel-Lucent OmniSwitch ST 52 device. The TOE supports three types of end-user authentication: MAC authentication, web-based authentication (
Alcatel-Lucent OmniSwitch ST 53 counter is reset when a new TCP session starts. For user-based authentication failure handling, the TOE provides
Alcatel-Lucent OmniSwitch ST 54 Minimum Lowercase characters Specifies the minimum number of lowercase characters required for a user password.
Alcatel-Lucent OmniSwitch ST 55 function is based on internal routing tables. These routing tables are processed top-down, with processing conti
Alcatel-Lucent OmniSwitch ST 2 1 Introduction This section identifies the Security Target, Target of Evaluation (TOE), conformance claims, ST or
Alcatel-Lucent OmniSwitch ST 56 7.5.1 Security Management Functions: FMT_MOF.1, FMT_SMF.1 The CLI and SNMP external interfaces provide the fol
Alcatel-Lucent OmniSwitch ST 57 only or read-write access to the command families available on the switch. The command families correspond to th
Alcatel-Lucent OmniSwitch ST 3 and type of physical ports and the amount of physical RAM installed. Figure 1: TOE Architecture The OmniSwitch 6
Alcatel-Lucent OmniSwitch ST 4 1.4 Physical Boundaries Figure 2 shows a depiction of the TOE and its operating environment. The operating enviro
Alcatel-Lucent OmniSwitch ST 5 1.4.1 Hardware/OS Components Table 1 below specifies the TOE hardware and software components that can be combine
Commenti su questo manuale