Nortel Networks Nortel Network VPN Router and Client Workstation 7.05 User Manual
Page 29
Security Target, Version 3.9
March 18, 2008
Nortel VPN Router v7.05 and Client Workstation v7.11
Page 29 of 67
© 2008 Nortel Networks
FDP_IFF.1.3(a)
The TSF shall enforce the [none].
FDP_IFF.1.4(a)
The TSF shall provide the following [stateful Firewall, Network Address Translation (NAT), IPSec].
FDP_IFF.1.5(a)
The TSF shall explicitly authorise an information flow based on the following rules: [none].
FDP_IFF.1.6(a)
The TSF shall explicitly deny an information flow based on the following rules: [none].
Dependencies: FDP_IFC.1 Subset information flow control
FMT_MSA.3 Static attribute initialisation
FDP_IFF.1(b) Simple security attributes (Firewall)
Hierarchical to: No other components.
FDP_IFF.1.1(b)
The TSF shall enforce the [Firewall Information Flow Control SFP] based on the following types of
subject and information security attributes: [
o Source, destination interface;
o Source, destination IP addresses;
o Source, destination port;
o Direction
o Service].
FDP_IFF.1.2(b)
The TSF shall permit an information flow between a controlled subject and controlled information via a
controlled operation if the following rules hold: [attempted connection from external source has an entry in
the state-based connection table permitting its inflow].
FDP_IFF.1.3(b)
The TSF shall enforce the [none].
FDP_IFF.1.4(b)
The TSF shall provide the following [stateful Firewall, Network Address Translation (NAT)].
FDP_IFF.1.5(b)
The TSF shall explicitly authorise an information flow based on the following rules: [none].
FDP_IFF.1.6(b)
The TSF shall explicitly deny an information flow based on the following rules: [if packet sequence
number indicates repeated packet, signaling a replay attack].