Nortel Networks Nortel Network VPN Router and Client Workstation 7.05 User Manual

Security Target, Version 3.9

March 18, 2008

Nortel VPN Router v7.05 and Client Workstation v7.11

Page 59 of 67

© 2008 Nortel Networks

The TSF is required to perform security management functions such as create users and assign
roles to users [FMT_SMF.1]. The TOE must be able to recognize the different administrative and
user roles that exist for the TOE [FMT_SMR.1].

O.INTEGRITY The TOE must use the IPSec tunneling protocol to ensure integrity of data transmitted

between the Nortel VPN Client and the Nortel VPN Router, and/or between two Nortel VPN
Routers.

The TSF is required to enforce the information flow control SFP on connections and all
operations that cause information to flow to and from subjects covered by the SFP
[FDP_IFC.2(a,b)].

The TSF is required to enforce the information flow control SFP based the types of subject and
information security attributes. The TSF is required to permit information flow between a
controlled subject and controlled information via a controlled operation if the connection is
allowed. The TSF is required to deny an information flow based on the packet sequence number
[FDP_IFF.1(a,b)].

The TSF is required to enforce the information flow control SFP in order to send or receive objects
in a manner protected from unauthorised disclosure [FDP_UCT.1].

The TSF is required to enforce the information flow control SFP in order to send or receive user
data in a manner protected from errors, and to determine whether an error has occurred
[FDP_UIT.1].

The TOE is required to use the specified tunneling protocol to better protect the integrity of the
data transmitted in between its different parts. The RSA suite of algorithms and the Diffie-
Hellman algorithm used by the TOE for cryptographic operations must be implemented according
to RFC 3447 for RSA and RFC 2631 for Diffie-Hellman. The TOE is required to destroy unused
keys by zeroizing them. For encryption and decryption operations, the TOE is required to use the
3DES and AES algorithms and they must be implemented according to FIPS 46-3 for 3DES and
FIPS 197 for AES. For authentication, the TOE is required to use HMAC-SHA-1 and it must be
implemented according to RFC 2104. For hashing, the TOE is required to use SHA-1 and it must
be

implemented

according

to

RFC

3174

[FCS_CKM.1(a),

FCS_CKM.4,

and

FCS_COP.1(a,b,c,d,e,f)].

O.REPLAY

The TOE must provide functionality that enables detection of replay attack and take
appropriate action if an attack is detected.

The TOE is required to detect replay attacks on established IPSec sessions; if a replay attack is
detected, the TOE is TOE is required to drop packets from the attacker [FPT_RLT.1].

O.FILTER

The TOE must filter all incoming and outgoing packets that pass through it, and accept or
reject packets based on their attributes.

All operations between the different parts of the TOE must be scrutinized by the TOE against the
VPN information flow control SFP and the Firewall information flow control SFP using specific
security attributes. During this task, the TOE is required to make use of its Firewall, NAT, and
IPSec tunneling protocol implementations [FDP_IFC.2(a,b), FDP_IFF.1(a,b), FDP_UCT.1, and
FDP_UIT.1].

O.TEST

The TOE must provide functionality that enables testing of its correct functioning and
integrity.

During start-up and periodically during normal operation, the TOE is required to run a suite of self
tests to demonstrate the correct operation of the TSF. The TOE is also required to provide