Alcatel OmniSwitch AOS Release 7 Manuale Utente

Alcatel-Lucent OmniSwitch - Common Criteria Security Target – EAL2 Agile P/N: 011756-00 Agile Revision: C, 12/19/2011 Alcatel-Lucent OmniSwitch 90

Alcatel-Lucent OmniSwitch ST 6 OmniSwitch 6850E–24 Gigabit Ethernet chassis in a 1U form factor with 20 RJ-45 ports individually configurable to

Alcatel-Lucent OmniSwitch ST 7 The OS9000E series require at least one Chassis Management Module (CMM) and at least one Network Interface (NI) m

Alcatel-Lucent OmniSwitch ST 8 1.5 Logical Boundaries This section contains the product features and denotes which are in the TOE. 1.5.1 Audit T

Alcatel-Lucent OmniSwitch ST 9 1.5.2.3 Captive Portal Authentication The TOE provides web-based authentication which allows end-users to authen

Alcatel-Lucent OmniSwitch ST 10 The TOE provides the administrator the ability to manage all other aspects of the TOE; for example, configuring

Alcatel-Lucent OmniSwitch ST 11 Figure 4: Static VLAN port configuration 1.5.4.2 Forwarding (Routing) If a device needs to communicate with an

Alcatel-Lucent OmniSwitch ST 12 1.5.4.3 Traffic Filtering Traffic Filtering is implemented using Access Control Lists to moderate traffic flow

Alcatel-Lucent OmniSwitch ST 13 1.5.5.1 IPsec IPsec is a suite of protocols for securing Internet Protocol (IP) traffic. On IPv6, the TOE provid

Alcatel-Lucent OmniSwitch ST 14 1.5.7 Excluded TOE Features The following features interfere with the TOE security functionality claims and must

Alcatel-Lucent OmniSwitch ST 15 1.6 Document Terminology Term Definition ACL Access control List Administrative-user An administrative user of

Alcatel-Lucent OmniSwitch ST 1 Table of Contents 1 INTRODUCTION ...

Alcatel-Lucent OmniSwitch ST 16 Term Definition Port Mobility The ability for the Alcatel Switches to dynamically tag incoming traffic into a

Alcatel-Lucent OmniSwitch ST 17 2 Conformance Claims 2.1 CC Conformance Claim This ST was developed to Common Criteria (CC) for Information Tec

Alcatel-Lucent OmniSwitch ST 18 3.2 Threats The TOE or Operating Environment addresses the threats identified in the following sections. 3.2.1

Alcatel-Lucent OmniSwitch ST 19 4 Security Objectives This chapter describes the security objectives for the TOE and the TOE’s operating environ

Alcatel-Lucent OmniSwitch ST 20 OE.AUDREV The authorized administrator will periodically review the audit trail on the TOE. Note that use of re

Alcatel-Lucent OmniSwitch ST 21 OE.IDAUTH assists in countering this threat when the TOE is configured to use external authentication by requi

Alcatel-Lucent OmniSwitch ST 22 O.TRANSIT counters this threat by ensuring that the TOE protects TSF data when in transit between the TSF and

Alcatel-Lucent OmniSwitch ST 23 OE.PHYSEC covers this assumption by requiring that the TOE is located in a physically secure environment. A.MG

Alcatel-Lucent OmniSwitch ST 24 5 Extended Components Definition This section defines the newly defined components (also known as extended comp

Alcatel-Lucent OmniSwitch ST 25 The following actions could be considered for the management functions in FIA:  If identification is by the TO

Alcatel-Lucent OmniSwitch ST 2 6 IT SECURITY REQUIREMENTS ...

Alcatel-Lucent OmniSwitch ST 26 FIA_UAU_SRV.1.1 When invoked by the TSF, the [assignment: list of authentication servers] in the [selection: T

Alcatel-Lucent OmniSwitch ST 27  Minimal: Identification of the initiator and target of failed trusted channel functions.  Basic: All attemp

Alcatel-Lucent OmniSwitch ST 28 6 IT Security Requirements The security requirements that are levied on the TOE and the Operating Environment a

Alcatel-Lucent OmniSwitch ST 29 FCS_COP.1 (5) Cryptographic Operation – IPsec encryption services FCS_COP.1 (6) Cryptographic Operation – SNMP

Alcatel-Lucent OmniSwitch ST 30 SFR Action Details FDP_IFF.1 (1) All decisions on requests for information flow made by the Traffic Filter

Alcatel-Lucent OmniSwitch ST 31 FCS_CKM.1(2) The TSF shall generate cryptographic keys in accordance with a specified cryptographic key genera

Alcatel-Lucent OmniSwitch ST 32 that meets the following: ssh-dss4 key format as defined in Specification in Internet Draft: SSH Transport Layer

Alcatel-Lucent OmniSwitch ST 33 key sizes 168 bits for TDES and 128, 192, 256 for AES that meet the following FIPS 46-3 for TDES and FIPS PUB 19

Alcatel-Lucent OmniSwitch ST 34 6.2.3.4 FIA_SOS.1 Verification of Secrets FIA_SOS.1.1 The TSF shall provide a mechanism to verify that secrets

Alcatel-Lucent OmniSwitch ST 35  Reusable password mechanism can be configured for administrators accessing the TOE.  Keyed MAC can be used

Alcatel-Lucent OmniSwitch ST 3 6.6 RATIONALE FOR IT SECURITY REQUIREMENT DEPENDENCIES ...

Alcatel-Lucent OmniSwitch ST 36 translates to an internal network address;  and the presumed address of the destination subject, in the inform

Alcatel-Lucent OmniSwitch ST 37 and information security attributes: Subject security attributes:  Receiving/transmitting VLAN interface; 

Alcatel-Lucent OmniSwitch ST 38 e) Configure Learned Port Security (LPS)10 f) Configuring IPsec g) Terminating Another Administrator Session h

Alcatel-Lucent OmniSwitch ST 39 n) Configure password policy settings o) Configure session timeout intervals 6.2.5.5 FMT_SMR.1 Security roles

Alcatel-Lucent OmniSwitch ST 40 6.2.8.2 FTA_SSL.3 (2) TSF-initiated termination – user session FTA_SSL.3.1 (2) The TSF shall terminate an int

Alcatel-Lucent OmniSwitch ST 41 6.4 TOE Security Assurance Requirements The Security assurance requirements (SARs) provide grounds for confiden

Alcatel-Lucent OmniSwitch ST 42 6.5 Rationale For TOE Security Requirements This section contains the security requirements rationale which inc

Alcatel-Lucent OmniSwitch ST 43 password expiration and role (FMT_SMR.1) are stored and configured in the TOE if the administrator is setup to b

Alcatel-Lucent OmniSwitch ST 44 O.TOE_MGMT The TOE will provide interfaces to allow the administrator to configure the other security functions

Alcatel-Lucent OmniSwitch ST 45 Functional Component Dependency Included FCS_CKM.1 (4) FCS_CKM.2 or FCS_COP.1 FCS_CKM.4 Yes FCS_CKM.1 (5) FCS

Alcatel-Lucent OmniSwitch ST 1 List of Tables Table 1: TOE Physical Components ...

Alcatel-Lucent OmniSwitch ST 46 Functional Component Dependency Included FMT_MSA.1 FDP_IFC.1 FMT_SMR.1 FMT_SMF.1 Yes FMT_MSA.3 FMT_SMR.1 FMT

Alcatel-Lucent OmniSwitch ST 47 7 TOE Summary Specification This section presents a description of how the TOE SFRs are satisfied, organized by

Alcatel-Lucent OmniSwitch ST 48 7.1.1.2 QoS Logging QoS11 logging is implemented by configuring the switch to log information about flows coming

Alcatel-Lucent OmniSwitch ST 49 reliable time stamps are used to generate useful, interpretable audit records. 7.2 Cryptographic Operations The

Alcatel-Lucent OmniSwitch ST 50 resend data if modifications are detected. The SSLv2 and SSLv3 implementations are based on the RSA SSL C Librar

Alcatel-Lucent OmniSwitch ST 51 overwriting an old key with new key. 7.2.4 Cryptographic Operations: FCS_COP.1(1)-(6) The TOE implements encrypt

Alcatel-Lucent OmniSwitch ST 52 device. The TOE supports three types of end-user authentication: MAC authentication, web-based authentication (

Alcatel-Lucent OmniSwitch ST 53 counter is reset when a new TCP session starts. For user-based authentication failure handling, the TOE provides

Alcatel-Lucent OmniSwitch ST 54 Minimum Lowercase characters Specifies the minimum number of lowercase characters required for a user password.

Alcatel-Lucent OmniSwitch ST 55 function is based on internal routing tables. These routing tables are processed top-down, with processing conti

Alcatel-Lucent OmniSwitch ST 2 1 Introduction This section identifies the Security Target, Target of Evaluation (TOE), conformance claims, ST or

Alcatel-Lucent OmniSwitch ST 56 7.5.1 Security Management Functions: FMT_MOF.1, FMT_SMF.1 The CLI and SNMP external interfaces provide the fol

Alcatel-Lucent OmniSwitch ST 57 only or read-write access to the command families available on the switch. The command families correspond to th

Alcatel-Lucent OmniSwitch ST 3 and type of physical ports and the amount of physical RAM installed. Figure 1: TOE Architecture The OmniSwitch 6

Alcatel-Lucent OmniSwitch ST 4 1.4 Physical Boundaries Figure 2 shows a depiction of the TOE and its operating environment. The operating enviro

Alcatel-Lucent OmniSwitch ST 5 1.4.1 Hardware/OS Components Table 1 below specifies the TOE hardware and software components that can be combine