Nortel Networks Nortel Network VPN Router and Client Workstation 7.05 User Manual
Page 53
Security Target, Version 3.9
March 18, 2008
Nortel VPN Router v7.05 and Client Workstation v7.11
Page 53 of 67
© 2008 Nortel Networks
T.AUTH-ERROR
An authorized user may accidentally alter the configuration of a policy that permits
or denies information flow through the TOE, thereby affecting the integrity of the
transmitted information.
The TOE provide facilities to enable an authorized administrator to effectively manage the TOE
and its security function, and ensures that only authorized administrators are able to access such
functionality (O.ADMIN). The TOE provides functionality that enables testing of its correct
functioning and integrity (O.TEST). Those responsible for the TOE train TOE users to establish
and maintain sound security policies and practices (OE.TRAINED).
O.ADMIN, O.TEST, and OE.TRAINED combined ensure that this threat is removed.
T.DATA-MOD An attacker may intercept and alter the data transmitted between the Nortel VPN Client
and the Nortel VPN Router, and/or between two Nortel VPN Routers, in order to deceive the
intended recipient.
The TOE protects itself from unauthorized modifications and access to its functions and data
(O.SELFPROTECT). The TOE uses IPSec tunneling protocol to ensure confidentiality and
integrity of data transmitted between the Nortel VPN Client and the Nortel VPN Router, and/or
between two Nortel VPN Routers (O.CONFIDENT & O.INTEGRITY). The TOE provides
functionality that enables testing of its correct functioning and integrity (O.TEST). The TOE
provides functionality that enables detection of replay attack and thus take action is a replay attack
is detected (O.REPLAY).
O.SELFPROTECT, O.CONFIDENT, O.INTEGRITY, O.TEST, and O.REPLAY combined
ensure that this threat is removed.
T. HACK-CRYPTO
An attacker may successfully intercept and decrypt, then recover and modify the
encrypted data that is in transit between the Nortel VPN Router and VPN Client, and/or
between two Nortel VPN Routers.
The TOE protects itself from unauthorized modifications and access to its functions and data
(O.SELFPROTECT). The TOE uses IPSec tunneling protocol to ensure confidentiality and
integrity of data transmitted between the Nortel VPN Client and the Nortel VPN Router, and/or
between two Nortel VPN Routers (O.CONFIDENT & O.INTEGRITY). The TOE provides
functionality that enables testing of its correct functioning and integrity (O.TEST). The TOE
provides functionality that enables detection of replay attack and thus take action is a replay attack
is detected (O.REPLAY).
O.SELFPROTECT, O.CONFIDENT, O.INTEGRITY, O.TEST, O.REPLAY combined ensure
that this threat is removed.
T.HACK
An attacker may use malformed IP packets or similar attack methods against the TSF or
user data protected by the TOE in order to corrupt normal operation.
The TOE protects itself from unauthorized modifications and access to its functions and data
(O.SELFPROTECT). The TOE filters all incoming and outgoing packets that pass through it, and
accepts or rejects transmissions based on their attributes (O.FILTER). The environment ensures
that the required certificate infrastructure is provided so that the validity of certificates can be
verified. The TOE provides functionality that enables testing of its correct functioning and
integrity (O.TEST). The TOE provides functionality that enables detection of replay attack and
thus take action is a replay attack is detected (O.REPLAY). The Environment also ensures that
the chosen infrastructure is maintained so that certificates have their state accurately provided to
the TOE (OE.CERTIFICATE).
O.SELFPROTECT, O.FILTER, O.TEST, O.REPLAY, and OE.CERTIFICATE combined ensure
that this threat is removed.