Upload
vuongquynh
View
247
Download
0
Embed Size (px)
Citation preview
Gigamon GigaVUE
Supplemental Administrative Guidance
Version: 1.0
January 28, 2016
Gigamon Inc.
3300 Olcott Street
Santa Clara, CA 95054
Prepared By:
Cyber Assurance Testing Laboratory
900 Elkridge Landing Road, Suite 100
Linthicum, MD 21090
1 | P a g e
Contents
1 Introduction ........................................................................................................................................... 3
2 Intended Audience ................................................................................................................................ 3
3 Terminology .......................................................................................................................................... 3
4 References ............................................................................................................................................. 4
5 Evaluated Configuration of the TOE .................................................................................................... 4
5.1 TOE Components .......................................................................................................................... 4
5.2 Supporting Environment Components .......................................................................................... 8
5.3 Assumptions .................................................................................................................................. 8
6 Secure Installation and Configuration ................................................................................................... 9
6.1 Initial out-of-the-box Setup: .......................................................................................................... 9
6.2 Verify Software Version ............................................................................................................. 10
6.3 Configure the TOE to use Enhanced Security Mode: ................................................................. 10
6.4 Configure the TOE to record log and audit data (locally): ......................................................... 10
6.5 Disable Telnet and Enable SSH2 ................................................................................................ 10
6.6 Configure and Access the WebGUI (aka H-VUE) ..................................................................... 11
7 Secure Management of Gigamon GigaVUE ....................................................................................... 11
7.1 Authenticating to Gigamon GigaVUE ........................................................................................ 11
7.1.1 Public-Key Based Authentication Configuration ................................................................ 12
7.1.2 LDAP Authentication Configuration (CLI) ........................................................................ 12
7.1.3 LDAP Authentication Configuration (WebGUI) ................................................................ 13
7.2 Managing Users .......................................................................................................................... 13
7.2.1 Create a New Admin User Account (CLI): ......................................................................... 13
7.2.2 Create a New Admin User Account (GUI): ........................................................................ 14
7.3 Password Management ............................................................................................................... 14
7.4 Session Termination .................................................................................................................... 14
7.4.1 Admin Logout ..................................................................................................................... 14
7.4.2 Termination from Inactivity ................................................................................................ 15
7.5 Login Banner .............................................................................................................................. 15
7.6 System Time Configuration ........................................................................................................ 16
7.6.1 Manually Configure the Time (CLI) ................................................................................... 16
2 | P a g e
7.6.2 Manually Configure the Time Configuration (WebGUI) ................................................... 16
7.6.3 Configure Connection to an NTP Server (CLI) .................................................................. 16
7.6.4 Configure Connection to an NTP Server (GUI) ................................................................. 16
7.7 Secure Updates ............................................................................................................................ 17
7.7.1 Display the Current Version (CLI) ..................................................................................... 17
7.7.2 Display the Current Version (WebGUI) ............................................................................. 17
7.7.3 Downloading and Installing the New Image (CLI) ............................................................. 17
7.7.4 Downloading and Installing the New Image (WebGUI) .................................................... 18
7.7.5 Rebooting TOE (CLI) ......................................................................................................... 18
7.7.6 Rebooting the TOE (WebGUI) ........................................................................................... 18
7.7.7 Actions to be taken upon Failure ........................................................................................ 18
8 Auditing .............................................................................................................................................. 18
8.1 Audit Storage .............................................................................................................................. 32
8.1.1 Assigning a Public-Key to the Syslog Server and enable SSH (CLI) ................................. 32
8.1.2 Configuring the Syslog Server (CLI) .................................................................................. 33
9 Communications Protocols and Services ............................................................................................ 33
10 Modes of Operation ........................................................................................................................ 34
11 Obtaining Technical Assistance ...................................................................................................... 34
Table of Tables
Table 5-1: HD8 and HD4 Series ................................................................................................................... 5
Table 5-2: HC2 Series ................................................................................................................................... 6
Table 5-3: HB1 Series ................................................................................................................................... 7
Table 5-4: TA10 Series ................................................................................................................................. 7
Table 5-5: TA40 Series ................................................................................................................................. 8
Table 5-6: Supporting Environmental Components ..................................................................................... 8
Table 8-1: NDPP Auditable Events ............................................................................................................ 32
3 | P a g e
1 Introduction
The Target of Evaluation (TOE) includes the models HD8, HD4, HC2, HB1, TA10 and TA40 with
software version 4.4.03. These models allow an Authorized Administrator to access the TOE through a
serial port, remote CLI via SSH, and a WebGUI via TLS/HTTPS. The TOE was evaluated against the
requirements defined in the Gigamon GigaVUE Security Target.
The GigaVUE's primary functionality is to use the Gigamon Forwarding Policy to receive out-of-band
copied network data from external sources (TAP or SPAN port) and forward that copied network data to
one or many tool ports for packet capture or analyzing tools based on user selected criteria. GigaVUE can
also copy the network traffic itself when sitting in-line with the network flow using passive, inline and
bypass taps or any combination. GigaVUE features extensive filtering abilities enabling authorized users
to forward precise customized data flows of copied data from many sources to a single tool, from a single
source to many tools, or from many sources to many tools. The TOE was evaluated as a network device
only and the GigaVUE’s network traffic capture, filter, and forwarding capabilities described above were
not assessed during this evaluation. The TOE is the general network device functionality (I&A, auditing,
security management, trusted communications, etc.) of the GigaVUE, consistent with the claimed
Protection Profile.
2 Intended Audience
This document is intended for administrators responsible for installing, configuring, and/or operating
Gigamon GigaVUE version 4.4.03. Guidance provided in this document allows the reader to deploy the
product in an environment that is consistent with the configuration that was evaluated as part of the
product’s Common Criteria (CC) testing process. It also provides the reader with instructions on how to
exercise the security functions that were claimed as part of the CC evaluation.
The reader is expected to be familiar with the Security Target for Gigamon GigaVUE version 4.4.03 and
the general CC terminology that is referenced in it. This document references the Security Functional
Requirements (SFRs) that are defined in the Security Target document and provides instructions on how
to perform the security functions that are defined by these SFRs. The GigaVUE product as a whole
provides a great deal of security functionality but only those functions that were in the scope of the
claimed PP are discussed here. Any functionality that is not described here or in the Gigamon GigaVUE
Security Target was not evaluated and should be exercised at the user’s risk.
3 Terminology
In reviewing this document, the reader should be aware of the terms listed below. These terms are also
described in the Gigamon GigaVUE Security Target.
CC: stand for Common Criteria. Common Criteria provides assurance that the process of specification,
implementation and evaluation of a computer security product has been conducted in a rigorous and
standard and repeatable manner at a level that is commensurate with the target environment for use.
4 | P a g e
SFR: stands for Security Functional Requirement. An SFR is a security capability that was tested as part
of the CC process.
TOE: stands for Target of Evaluation. This refers to the aspects of Gigamon GigaVUE that contain the
security functions that were tested as part of the CC evaluation process.
4 References
The following documents are part of the Gigamon GigaVUE version 4.4.03. This is the standard
documentation set that is provided with the product.
[1] GigaVUE-OS-CLIUsersGuide-v4400
[2] GigaVUE-OS-HVUE-UsersGuide-v4400
[3] GV-TA-Series-UpgradeGuide-v4400
[4] GV-H-Series-UpgradeGuide-v4400
[5] GV-HB-Series-HardwareInstallationGuide-v4400
[6] GV-HC-Series-HardwareInstallationGuide-v4400
[7] GV-HD-Series-HardwareInstallationGuide-v4400
[8] GV-TA-Series-HardwareInstallationGuide-v4400
[9] GV-OS-ReleaseNote-v4400
[10] Gigamon GigaVUE Security Target v1.0 (ST)
[11] Gigamon Linux-Based Cryptographic Module CMVP certificate #2128
Note: [11] refers to the FIPS validated cryptographic module used by the GigaVUE products.
5 Evaluated Configuration of the TOE
This section lists the components that have been included in the TOE’s evaluated configuration, whether
they are part of the TOE itself, environmental components that support the security behavior of the TOE,
or non-interfering environmental components that were present during testing but are not associated with
any security claims:
5.1 TOE Components
Property HD8 HD8 HD4 HD4
Model Number GVS-HD8A1
GigaVUE-HD8 base
unit w/ chassis, CLI
GVS-HD8A2
GigaVUE-HD8 base
unit w/ chassis, CLI
GVS-HD4A1
GigaVUE-HD4 base
unit w/ chassis, CLI
GVS-HD4A2
GigaVUE-HD4 base
unit w/ chassis, CLI
Size 14RU 14RU 5RU 5RU
Total Slots 8 8 5 5
Power AC DC AC DC
Control Cards 1 or 2 1 or 2 1 1
Port Blades PRT-H00-X12G04 Port Blade, HD Series, 12x10G 4x1G
5 | P a g e
PRT-H00-X12TS Port Blade, HD Series, 12x10G Time Stamp
PRT-H00-X04G44 Port Blade, HD Series, 4x10G 44x1G
PRT-H00-Q02X32 Port Blade, HD Series, 2x40G 32x10G (24 10G + 2 40G or 32 10G active)
PRT-HD0-Q08 Port Blade, HD Series, 8x40G
PRT-HD0-C01 Port Blade, HD Series, 1x100G
PRT-HD0-C02X08 Port Blade, HD Series, 2x100G CFP cages + 8x10G cages
PRT-HD0-C02X08A Port Blade, HD Series, 2x100G CFP2 cages + 8x10G cages
GigaSMART Module:
SMT-HD0-GigaSMART, HD Series blade (includes Slicing, Masking, Source Port,& GigaVUE
Tunneling De-Encapsulation SW
Power Supplies 4 4 2 2
Processor PowerPC 600 PowerPC 600 PowerPC 600 PowerPC 600
Memory
(RAM)
CCv1: 2GB
CCv2: 4GB
CCv1: 2GB
CCv2: 4GB
CCv1: 2GB
CCv2: 4GB
CCv1: 2GB
CCv2: 4GB
Logical Drive
Capacity
CCv1: 2GB
CCv2: 8GB
CCv1: 2GB
CCv2: 8GB
CCv1: 2GB
CCv2: 8GB
CCv1: 2GB
CCv2: 8GB
Fixed Ports None None None None
Configurable
Ports
Provided by Port
Blades
Provided by Port
Blades
Provided by Port
Blades
Provided by Port
Blades
Table 5-1: HD8 and HD4 Series
Property HC2 HC2
Model Number GVS-HC201
GigaVUE-HC2 base unit w/ chassis, CLI,
GVS-HC202
GigaVUE-HC2 base unit w/ chassis, CLI
Size 2RU 2RU
Front Bays 4 4
Rear Bays 1 1
Power AC DC
Main Board 1 1
TAP Modules TAP-HC0-D25AC0 TAP module, HC Series, SX/SR Internal TAP Module 50/125, 12 TAPs
TAP-HC0-D25BC0 TAP module, HC Series, SX/SR Internal TAP Module 62.5/125, 12
TAPs
TAP-HC0-D35CC0 TAP module, HC Series, LX/LR Internal TAP Module, 12 TAPs
TAP-HC0-G100C0 TAP and Bypass module, HC Series, Copper, 12 TAPs or BPS pairs
Bypass Combo
Modules
BPS-HC0-D25A4G Bypass Combo Module, HC Series, 4 SX/SR 50/125 BPS pairs, 16 10G
cages
BPS-HC0-D25B4G Bypass Combo Module, HC Series, 4 SX/SR 62.5/125 BPS pairs, 16
10G cages
6 | P a g e
BPS-HC0-D35C4G Bypass Combo Module, HC Series, 4 LX/LR BPS pairs, 16 10G cages
Port Modules PRT-HC0-X24 Port Module, HC Series, 24x10G
PRT-HC0-Q06 Port Module, HC Series, 6x40G
GigaSMART Modules:
SMT-HC0-R GigaSMART, HC Series rear module (includes Slicing, Masking, Source Port
& GigaVUE Tunneling De-Encapsulation SW)
SMT-HC0-X16 GigaSMART, HC Series, Front Module, 16 10G cages (includes Slicing,
Masking, Source Port & GigaVUE Tunneling De-Encapsulation SW
Power Supplies 2 2
Processor PowerPC 600 PowerPC 600
Memory (RAM) 4GB 4GB
Logical Drive
Capacity
8GB 8GB
Fixed Ports PTP IEEE 1588
Stack Mgmt. Port
Mgmt.
Console
PTP IEEE 1588
Stack Mgmt. Port
Mgmt.
Console
Configurable
Ports
Provided by TAP Modules,
Bypass combo modules,
Port Modules
Provided by TAP Modules,
Bypass combo modules,
Port Modules
Table 5-2: HC2 Series
Property HB1 HB1
Model Number GVS-HB101-0416
branch node
GVS-HB102-0416
branch node
Size 1RU 1RU
Cages 4 10G cages
8 1G cages
4 10G cages
8 1G cages
Copper 8 1G 8 1G
Power AC DC
Power Supplies 1 1
Processor PowerPC 600 PowerPC 600
Memory (RAM) 2GB 2GB
Logical Drive
Capacity
2GB 2GB
Fixed Ports PTP 1588
Mgmt.
PTP 1588
Mgmt.
7 | P a g e
Console
8 10/100/1000 Ports,
8 1G Ports (SFP),
4 1G/10G (SFP+)
Console
8 10/100/1000 Ports,
8 1G Ports (SFP),
4 1G/10G (SFP+)
Configurable Ports None None
Table 5-3: HB1 Series
Property TA10 TA10
Model Number GigaVUE-TA10
Edge Traffic Aggregation Node
(SKU GVS-TAX01)
GigaVUE-TA10
Edge Traffic Aggregation Node
(SKU GVS-TAX01)
Size 1RU 1RU
Power AC DC
Power Supplies 2 2
Processor PowerPC e500 PowerPC e500
Memory (RAM) 4GB 4GB
Logical Drive
Capacity
8GB 8GB
Fixed Ports
Mgmt.
Console
48 1G/10G Ports (SFP+)
4 10G/40G QSFP Ports
Mgmt.
Console
48 1G/10G Ports (SFP+)
4 10G/40G QSFP Ports
Configurable Ports None None
Table 5-4: TA10 Series
Property TA40 TA40
Model Number GigaVUE-TA40
Edge Traffic Aggregation Node
(SKU GVS-TAQ01)
GigaVUE-TA40
Edge Traffic Aggregation Node
(SKU GVS-TAQ01)
Size 1RU 1RU
Power AC DC
Power Supplies 2 2
Processor PowerPC e500 PowerPC e500
Memory (RAM) 4GB 4GB
Logical Drive
Capacity
8GB 8GB
Fixed Ports Mgmt. Mgmt.
8 | P a g e
Console
32 10G/40G QSFP Ports
Console
32 10G/40G QSFP Ports
Configurable Ports None None
Table 5-5: TA40 Series
5.2 Supporting Environment Components
Component Definition
LDAP Server
A system that is capable of receiving authentication requests using LDAP over
TLS and validating these requests against identity and credential data that is
defined in an LDAP directory.
Management
Workstation
Any general-purpose computer that is used by an administrator to manage the
TOE. The TOE can be managed remotely, in which case the management
workstation requires an SSH client to access the CLI or a web browser (Microsoft
Internet Explorer 11 or higher and Google Chrome 36 or higher) to access the
WebGUI, or locally, in which case the management workstation must be
physically connected to the TOE using the serial port and must use a terminal
emulator that is compatible with serial communications.
NTP Server
A server that provides reliable time data to the TOE’s system clock so that the
timestamps on its audit records can be synchronized with other devices in the
Operational Environment that connect to the same server.
SPAN This component provides the TOE with copied network data, but only if the TOE
is configured to receive data from an external TAP or SPAN device.
Syslog Server
The Syslog Server connects to the TOE and allows the TOE to send Syslog
messages to it for remote storage. This is used to send copies of audit data to be
stored in a remote location for data redundancy purposes.
TAP
This component provides the TOE with copied network data, either from an
internal GigaVUE TAP or an external TAP. The TOE can also be configured to
receive data from an external source, meaning a TAP device or SPAN port.
Tool
This component is any analysis, capture or troubleshooting tool connected to a
tool port. This component is required for the TOE to forward data. The connection
to the tool is a physical connection.
Update Server
A general-purpose computer that includes a web server and is used to store
software update packages that can be retrieved by the TOE using TLS/HTTPS.
The update server can be a server maintained by Gigamon or it can be set up
locally in the Operational Environment by an administrator if the TOE’s
deployment prevents it from being able to access Gigamon’s web domain.
Table 5-6: Supporting Environmental Components
5.3 Assumptions
In order to ensure the product is capable of meeting its security requirements when deployed in its
evaluated configuration, the following conditions must be satisfied by the organization, as defined in the
claimed Protection Profile:
No general purpose computing capabilities: The GigaVUE product must only be used for its
intended purpose. General purpose computing applications, especially those with network-visible
interfaces, may compromise the security of the product if introduced.
9 | P a g e
Physical security: The GigaVUE product does not claim any sort of physical tamper-evident or
tamper-resistant security mechanisms. Therefore, it is necessary to deploy the product in a locked
or otherwise physically secured environment so that it is not subject to untrusted physical
modification.
Trusted administration: The GigaVUE product does not provide a mechanism to protect against
the threat of a rogue or otherwise malicious administrator. Therefore, it is the responsibility of the
organization to perform appropriate vetting and training for security administrators prior to
granting them the ability to manage the product.
6 Secure Installation and Configuration
Documentation for how to order and acquire the TOE is described in the ‘Contacting Sales’ section of
documents [5] through [8]. When receiving delivery of a TOE model, this documentation should be
checked as part of the acceptance procedures so that the correctness of the hardware can be verified.
Additionally, documents [5] through [8] can be referenced for physical requirements such as unpacking
the TOE, installing modules, racking the TOE, cabling (i.e. network and power), as well as verifying
power and environmental operating conditions. The TOE comes with the software image installed on it by
default, but if additional validation is necessary, an administrator may acquire the software image
separately from Gigamon and perform a software upgrade to the known version.
Regardless of the specific model being installed, the software is functionally identical with respect to the
Common Criteria security requirements, so secure management for each device is described in the
remainder of this document. Note that these steps can be performed using the initial default user account.
Note: Use the write memory command in the CLI to save configuration changes to flash. Otherwise,
changes will be added to the active configuration immediately but will not be saved across a reboot
unless the write memory command is used.
6.1 Initial out-of-the-box Setup
1. Connect to the TOE via the local console using the following settings on a terminal application:
115,200 Baud
8 data bits
No parity
1 stop bit
No flow control
2. Authenticate using the default credentials:
Username: admin
Password: admin123A!
3. Start the jump-start script by entering the following commands on the TOE:
enable
config terminal
config jump-start
10 | P a g e
Refer to the ‘Run the Jump-Start Script’ Section in documents [5] through [8] for more information on
completing the jump-start setup.
Note: Ensure to modify the default password for the default ‘admin’ account.
6.2 Verify Software Version
Now verify the version of software operating on the TOE by issuing a “show version” command and
compare the displayed version to the expected version. If the version is not what is expected then follow
the instructions in Section 7.7 to obtain and install the correct software image from Gigamon.
6.3 Configure the TOE to use Enhanced Security Mode
Enhanced Security Mode must be configured to limit the cryptographic options to be consistent with the
claims made for the Common Criteria evaluation.
1. Enter the following commands to enable secure cryptography mode:
enable
config terminal
system security crypto enhanced
reload
2. Respond “yes” to “Configuration has been modified; save first?” and then confirm the reload.
3. Authenticate to the TOE.
4. Verify that after authenticating, the TOE reports “System in secure cryptography mode.”
6.4 Configure the TOE to record log and audit data (locally)
In the evaluated configuration, all auditable events relevant to the Common Criteria evaluation are logged
locally by entering the following commands.
enable
config terminal
logging level audit mgmt info
logging level cli commands info
logging local info
6.5 Disable Telnet and Enable SSH2
Both Telnet and SSH2 can be configured for remote connections to the GigaVUE’s Ethernet Management
Port. By default, SSH2 is enabled and Telnet is disabled. In the Common Criteria evaluated configuration,
Telnet must remain disabled.
If Telnet is enabled, enter the following commands:
enable
config terminal
no telnet-server enable
If SSH2 is disabled, enter the following commands:
enable
11 | P a g e
config terminal
ssh server enable
After verifying that Telnet is disabled and SSH2 is enabled, attempt to authenticate to the TOE with a
SSH2 client by pointing the client at the TOE’s IP address and using the default ‘admin’ account’s
credentials. To be able to connect to the TOE, the SSH2 client must support diffie-hellman-group14-sha1
as the key exchange method, and one or more of the following encryption and data integrity algorithms.
Encryption Algorithms: AES-CBC-128 or AES-CBC-256
Data Integrity Algorithms: hmac-sha1, hmac-sha2-256, or hmac-sha2-512
6.6 Configure and Access the WebGUI (aka H-VUE)
Follow the instructions for enabling the WebGUI by following the directions under ‘Enabling the
<MODEL NAME> Web Server’ Section in documents [5] through [8]. Then continue with that Section’s
directions for connecting and authenticating to the WebGUI. The WebGUI can be accessed by navigating
to https://<TOE_IP_ADDRESS> in a web browser. Web browsers that should be used in the Common
Criteria evaluated configuration are Microsoft Internet Explorer 11 or higher and Google Chrome 36 or
higher. These web browsers must be configured to support TLS 1.0, and one or more of the following
ciphersuites:
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
The TOE supports HTTPS and HTTP for the WebGUI. By default, HTTPS is enabled and HTTP is
disabled. In the Common Criteria evaluated configuration, HTTP must remain disabled.
If HTTP is enabled, enter the following commands:
enable
config terminal
no web http enable
Note: Ensure to modify the default password for the default ‘admin’ account.
7 Secure Management of Gigamon GigaVUE
7.1 Authenticating to Gigamon GigaVUE
Users must authenticate to Gigamon GigaVUE in order to perform any management functions. Section
8.4 of the ST discusses the process in which Gigamon GigaVUE authenticates users via the CLI,
WebGUI or remotely via LDAP. Section 8.8.2 also discusses the trusted channels that are invoked in
order to send the data securely.
Local users login to the Command line interface (CLI) using username and password, while remote users
can login to GigaVUE via the CLI using username and password or public key based authentication. User
authentication information that is sent remotely via the CLI is protected using SSHv2. Users may also
12 | P a g e
authenticate remotely via a WebGUI that is protected using TLS/HTTPS. Remote authentication is
possible using an LDAP server for its user store.
Note: Connections to the LDAP server are protected with TLS. The TLS session for an LDAP request
establishes and terminates almost immediately, making it nearly impossible to interrupt the TLS session.
If the LDAP server is unreachable, the TOE will only perform a single attempt to connect to the LDAP
server and will then default to verifying the authentication credential’s to the TOE’s local store.
7.1.1 Public-Key Based Authentication Configuration
SSH public/private key pairs must be generated or loaded on the TOE so that SSH authentication using a
public- key is possible. Perform the following steps to add an authorized public-key to a user on the TOE:
1. Authenticate to the TOE via the CLI as an Admin user.
2. Enter the following commands on the TOE:
enable
config terminal
ssh client user <USERNAME> authorized-key sshv2 “<PUBLIC KEY>”
3. Provide the user the corresponding private key for their use to authenticate via SSH.
4. The user would then load the private key on their SSH client when attempting to authenticate.
7.1.2 LDAP Authentication Configuration (CLI)
Perform the following steps to configure the LDAP server on the TOE via the CLI. Refer to ‘Adding an
LDAP Server’ Section in document [1] for more information.
1. Authenticate to the TOE via the CLI as an Admin user
2. Enter the following commands on the TOE to install the public-key for the LDAP server:
enable
config terminal
crypto certificate name <NAME> public-cert pem “-----BEGIN CERTIFICATE-----
<CERT_DATA_HERE>-----END CERTIFICATE-----”
crypto certificate ca-list default-ca-list name <INSTALLED CERTIFICATE>
3. Refer to the ‘ldap’ section in document [1] between pages 773 and 776 to configure the LDAP
parameters. The commands below are provided as an example of the LDAP parameters that need
to be defined for a working configuration. The commands in bold must be configured as such in
the evaluated configuration.
ldap base-dn <STRING>
ldap bind-dn <STRING>
ldap bind-password <PASSWORD HERE>
ldap group-attribute <STRING>
ldap host <LDAP_SERVER_IP_ADDRESS_HERE>
ldap login-attribute <STRING>
ldap ssl mode tls
ldap ssl ca-list default-ca-list
ldap ssl cert-verify
ldap version 3
13 | P a g e
4. Refer to the ‘aaa authentication’ section in document [1] between pages 661 and 664 to configure
the AAA Authentication parameters. The command below is provided as an example of the AAA
Authentication parameters that need to be defined for a working configuration. The command is
in bold because it must be configured as such in the evaluated configuration.
aaa authentication login default ldap local
5. Refer to the ‘aaa authorization’ section in document [1] between pages 664 and 665 to configure
the AAA Authorization parameters. The commands below are provided as an example of the
AAA Authorization parameters that need to be defined for a working configuration.
aaa authorization map order <POLICY>
aaa authorization map default-user <USER>
7.1.3 LDAP Authentication Configuration (WebGUI)
Perform the following steps to configure the LDAP server on the TOE via the WebGUI.
1. Authenticate to the TOE via the WebGUI as an Admin user.
2. Refer to the ‘Configuring Authentication and Authorization (AAA)’ section in document [2]
between pages 182 and 183 to configure AAA. The following options must be chosen:
a. First Priority: LDAP
b. Second Priority: Local
3. Refer to the ‘Adding an LDAP Server’ section in document [2] on page 190 to add an LDAP
server.
4. Refer to the ‘Configuring LDAP Authentication’ section in document [2] between pages 195 and
196 to configure LDAP authentication. The following options must be chosen:
a. LDAP Version: v3
b. SSL Mode tls
c. SSL Cert Check: on
d. SSL ca-list: default CA list
Note: Installing the public-key for the LDAP server must be performed via the CLI. Refer to Section 7.1.2
steps 1 and 2 for directions for installing the public-key.
7.2 Managing Users
GigaVUE has role based authentication. There are three roles which can be Admin, Operator, or Monitor,
depending on the role assigned by an Authorized Administrator and each has different levels of
authorization in terms of the functions that can be performed by them. All SFR relevant management
activity is performed by the Admin role. The Admin user corresponds to the PP’s definition of Authorized
Administrator. Only Admin users have the ability to assign roles to users and more than one role may be
assigned to a user.
7.2.1 Create a New Admin User Account (CLI):
1. Authenticate to the TOE via the CLI as an Admin user.
2. Select a password that meets the password strength requirements in section 6.4.
3. Enter the following commands to create a new user account:
enable
config terminal
username <USERNAME> password <PASSWORD>
14 | P a g e
username < USERNAME> roles add admin
Note: An Admin user can delete user accounts with the ‘no username’ command.
7.2.2 Create a New Admin User Account (GUI):
1. Authenticate to the TOE via the WebGUI as an Admin user.
2. Click on “Roles and Users” > “Users”
3. Click on “Add.”
4. Fill in the fields as appropriate.
5. Assign the user the “admin” capability and click “Save.”
Note: An Admin user can delete user accounts under the “Roles and Users” > “Users” by selecting the
user and clicking “Delete”.
7.3 Password Management
Passwords can be composed using any combination of upper case and lower case letters, numbers and
special characters. The special characters that are supported include the following: “!”, “@”, “#”, “$”,
“%”, “^”, “&”, “*”, “(“, and “)”.
The password policy includes a configurable minimum length, which can be configured by an Admin user
to any value between 15 and 30 in the evaluated configuration. Perform the following steps to configure
minimum length for passwords:
1. Authenticate to the TOE via the CLI as an Admin user.
2. Enter the following commands to enable secure passwords mode:
enable
config terminal
system security passwords enhanced
system security passwords min-length 15
show system
3. Verify the TOE reports “Configured secure passwords mode : enabled” and “Minimum password
length : 15.”
In order to minimize the risk of account compromise, it is recommended to use a password that includes a
mixture of uppercase, lowercase, numeric, and special characters and is not a common word or phrase,
but is not so complex that it must be written down in order to be remembered.
7.4 Session Termination
7.4.1 Admin Logout
The Admin is able to terminate their own session by entering the "Exit" command when logged into the
local console or remote CLI via SSH. The Admin can terminate their own session by clicking on the
"logout" tab when logged into the WebGUI.
15 | P a g e
7.4.2 Termination from Inactivity
The TOE is designed to terminate a local session after a specified period of time with a default setting of
15 minutes.
The TOE has a single configuration for the CLI accessed via the serial port and the CLI accessed via
SSH. In the event that the inactivity setting is met while users are logged into the CLI via the serial port,
the session will end. In the event that the inactivity setting is met while users are logged into the CLI via
SSH, the TOE tears down the SSH connection. This setting can be configured between 0-35791 minutes.
The value of 0 means that this setting is disabled and there is no timeout configured. The CLI timeout is
configured via the CLI by an Admin user with the following commands:
enable
config terminal
cli default auto-logout <MINUTES>
In the event that the inactivity setting is reached while a user is logged into the WebGUI, the session will
end. This setting can be configured between 0-999999999 minutes. The value of 0 means that this setting
is disabled and there is no timeout configured. The WebGUI timeout can be configured via the CLI by an
Admin user with the following commands:
enable
config terminal
web auto-logout <MINUTES>
Additionally, an Admin user authenticated to the WebGUI can only configure the timeout setting for the
WebGUI and they would use the following steps:
1. Authenticate to the TOE via the WebGUI as an Admin user
2. Click on “Settings” > “Global Settings” > “Web.”
3. Click “Edit.”
4. In the field for “Auto logout Timeout” enter <MINUTES>
5. Click “Save”
7.5 Login Banner
The CLI login banner is created by an Admin user authenticated to the CLI with the following
commands:
enable
config terminal
banner login <STRING>
The WebGUI login banner is created by an Admin user authenticated to the WebGUI with the following
steps:
1. Authenticate to the TOE via the WebGUI as an Admin user.
2. Click on “Settings” > “Global Settings” > “Hostname”
3. Click on “Edit”
4. Enter <BANNER TEXT> in the “Login Message” box.
5. Click “Save”
16 | P a g e
7.6 System Time Configuration
In the evaluated configuration of the TOE, the system time can either be set manually or by synchronizing
with an NTP server in the TOE’s Operational Environment. Only an Admin user is able to perform these
operations.
7.6.1 Manually Configure the Time (CLI)
1. Authenticate to the TOE via the CLI as an Admin user.
2. Enter the following command to view the current time:
show clock
3. Enter the following commands to set the date and time:
enable
config terminal
clock set <hh:mm:ss> [<yyyy/mm/dd>]
7.6.2 Manually Configure the Time Configuration (WebGUI)
1. Authenticate to the TOE via the WebGUI as an Admin user.
2. Click on “Settings” > “Date And Time”. This step will also allow the Admin user to view the
current time.
3. Click on “Edit”
4. Specify a new date and time in the fields and then click “Save.”
7.6.3 Configure Connection to an NTP Server (CLI)
The TOE can be configured to connect to an NTP server by an Admin user authenticated to the CLI with
the following commands:
enable
config terminal
ntp enable
ntp server [NTP_SERVER_IP_ADDRESS]
Refer to the ‘ntp’ section of document [1] on pages 808 and 809 for more information regarding
configuring a connection to an NTP server.
7.6.4 Configure Connection to an NTP Server (GUI)
The TOE can be configured to connect to an NTP server by an Admin user authenticated to the Web with
the following steps:
1. Authenticate to the WebGUI
2. Click on “Settings”>”Date and Time”>”NTP”
3. Click “Add”
4. Populate the Server IP field with the NTP server IP address and version field
5. Check the server enabled box, and uncheck the key enabled box
6. Click on “Settings”> and check “Enabled” for NTP time synchronization and click “Save”
17 | P a g e
7.7 Secure Updates
To maintain security throughout the lifecycle of the GigaVUE product, the TOE provides a mechanism to
apply software upgrades. To upgrade the software, the new software image must be either available on the
Gigamon update server or on a local update server. The Gigamon update server is a Gigamon hosted site
and the Admin user must enter a username and password to download the image. The local update server
is under the control of the Admin user and is used by the Admin user to store a downloaded image.
The following sections describe the steps which must be taken in order to install a new software image
either by using the CLI or by using the WebGUI. Both communications channels are protected by
TLS/HTTPS.
If the connection is interrupted during a download of the software update but the TLS/HTTPS session has
not timed out, the TOE will automatically continue the software update download over TLS/HTTPS once
the connection has been re-established. If the TLS/HTTPS session has timed out, the Admin user will
have to re-initiate the download of the software update.
7.7.1 Display the Current Version (CLI)
Before downloading a new image, the current version of the software image should be identified. The
current version of the software image is displayed via the CLI by using the command “show version”.
7.7.2 Display the Current Version (WebGUI)
The current version of the software image is displayed via the WebGUI by following these steps:
1. Authenticate to the TOE via the WebGUI as an Admin user
2. Click on “Settings” > “Reboot and Upgrade” > “Images.”
3. Note the current version of the “currently booted” partition.
7.7.3 Downloading and Installing the New Image (CLI)
The “image” command is used via the CLI to download and install the new image. For more information
on the “image” command, refer to the ‘image’ Section in document [1] between pages 741 and 743.
1. Authenticate to the TOE via the CLI as an Admin user.
2. Enter the following commands to fetch an update to the TOE:
enable
config terminal
image fetch https://<HOSTNAME><PATH><FILENAME>
3. After the update has been fetched, enter the following commands on the TOE to initiate the
update:
image install <FILENAME> install-boot
image boot next
4. If prompted to save modified configuration, answer “yes”.
5. Once the TOE reboots, enter the “write memory” command.
18 | P a g e
7.7.4 Downloading and Installing the New Image (WebGUI)
On the WebGUI the following steps must be performed in order to download and install the new image.
1. Authenticate to the TOE via the WebGUI as an Admin user
2. Click on “Settings”>”Reboot and Upgrade”>”Images”
3. Click on “New”
4. Choose the “install from local file” option if installing from the local file server and select
“choose file”
5. Alternatively if installing from the Gigamon or local update server, choose the “Install from url”
option and provide the url.
7.7.5 Rebooting TOE (CLI)
Once the image has been installed, the TOE must be rebooted for the new image to take effect and
become the executing image. On the CLI this is achieved by using the following command:
Reload
Once the TOE fully reboots, the new version of the software can be checked by performing the steps of
section 7.7.1 or 7.7.2 above.
7.7.6 Rebooting the TOE (WebGUI)
On the WebGUI the Admin user must navigate to the “Settings”>”Reboot and Upgrade”>”Reboot”
screen.
Once the TOE fully reboots, the new version of the software can be checked by performing the steps of
section 7.7.1 or 7.7.2 above.
7.7.7 Actions to be Taken Upon Failure
The software image for the TOE contains a digital signature. If an attempt is made to download and
install an illegitimate update, the Admin user must obey the verification warning from the TOE that the
digital signature has failed and reject the software image by not installing. The Admin user can attempt to
repeat the process to determine if the error condition disappears. However if the error continues then the
attempts to perform a software update should be halted.
8 Auditing
In order to be compliant with Common Criteria, GigaVUE must audit the events in the table below. The
audit records that GigaVUE creates include the date and time, outcome of the event, event type, subject
identity and the source of the event.
Auditing is turned on and off by using the ‘logging’ command, refer to Section 6.4 for more information.
The ‘show log’ or ‘show logs’ command displays audit information. It is possible to use regular
expressions in the show log command to restrict the search.
19 | P a g e
Component Event Additional Information Audit Examples
FAU_GEN.1 Startup and
shutdown of
audit
functions
Startup of audit functions:
Nov 5 17:15:59 GigaVUE-HD mgmtd[1957]:
[mgmtd.INFO]: Config change ID 8: requested by:
user admin (System Administrator) via CLI, 1 item(s)
changed
Nov 5 17:15:59 GigaVUE-HD mgmtd[1957]:
[mgmtd.INFO]: Config change ID 8: item 1: CLI
command log level changed from "none" to "info"
Shutdown of audit functions:
Nov 5 17:07:44 GigaVUE-HD cli[2441]: [cli.INFO]:
user admin: Executing command: logging level cli
commands none
FCS_TLS_EX
T.1
Failure to
establish an
TLS session
Establishme
nt/Terminati
on of a TLS
session.
Reason for failure.
Non-TOE endpoint of
connection (IP address)
for both successes and
failures.
Failure to establish session (TLS):
Jan 27 17:05:12 GigamonHD4 httpd[20125]: [Wed
Jan 27 17:05:12 2016] [notice] [client 192.168.1.99]
Connection to child 7 established (server
GigamonHD4:443)
Jan 27 17:05:12 GigamonHD4 httpd[20125]: [Wed
Jan 27 17:05:12 2016] [error] [client 192.168.1.99]
(70014)End of file found: SSL handshake interrupted
by system [Hint: No shared ciphers or stop button
pressed in browser?!]
Jan 27 17:05:12 GigamonHD4 httpd[20125]: [Wed
Jan 27 17:05:12 2016] [notice] [client 192.168.1.99]
Connection closed to child 7 with abortive shutdown
(server GigamonHD4:443)
Session establishment (TLS):
Jan 27 16:59:37 GigamonHD4 httpd[20123]: [Wed
Jan 27 16:59:37 2016] [notice] [client 192.168.1.99]
Connection to child 3 established (server
GigamonHD4:443)
Jan 27 16:59:37 GigamonHD4 httpd[20123]: [Wed
Jan 27 16:59:37 2016] [notice] [client 192.168.1.99]
Connection to child 3 completed successfully (server
GigamonHD4:443)
Session termination (TLS):
Jan 27 16:59:37 GigamonHD4 httpd[20123]: [Wed
Jan 27 16:59:37 2016] [notice] [client 192.168.1.99]
Connection closed to child 3 with standard shutdown
(server GigamonHD4:443)
FCS_SSH_EX Failure to Reason for failure. Failure to establish SSH session:
20 | P a g e
T.1 establish an
SSH session
Establishme
nt/Terminati
on of an
SSH
session.
Non-TOE endpoint of
connection (IP address)
for both successes and
failures.
Nov 4 14:07:44 GigaVUE-HD sshd[4691]:
Connection from 192.168.1.99 port 55592
Nov 4 14:07:44 GigaVUE-HD sshd[4691]: fatal:
Unable to negotiate a key exchange method [preauth]
Nov 4 14:08:28 GigaVUE-HD sshd[4714]:
Connection from 192.168.1.99 port 55619
Nov 4 14:08:28 GigaVUE-HD sshd[4714]: fatal: no
matching mac found: client hmac-md5 server hmac-
sha1,hmac-sha2-256,hmac-sha2-512 [preauth]
Nov 4 14:09:06 GigaVUE-HD sshd[4737]:
Connection from 192.168.1.99 port 55648
Nov 4 14:09:06 GigaVUE-HD sshd[4737]: fatal: no
matching cipher found: client 3des-cbc server aes128-
cbc,aes256-cbc [preauth]
Session establishment (SSH):
Nov 4 13:24:20 GigaVUE-HD sshd[3753]:
Connection from 192.168.1.99 port 53782
Session termination (SSH):
Nov 4 13:24:51 GigaVUE-HD sshd[3753]:
Connection closed by 192.168.1.99 [preauth]
FCS_HTTPS_
EXT.1
Failure to
establish an
HTTPS
session.
Establishme
nt/Terminati
on of an
HTTPS
session.
Reason for failure.
Non-TOE endpoint of
connection (IP address)
for both successes and
failures.
Failure to establish session (HTTPS):
Refer to 'Audit log(s) for FCS_TLS_EXT.1'
Session establishment (HTTPS):
Jan 27 16:59:37 GigamonHD4 httpd[20123]: [Wed
Jan 27 16:59:37 2016] [notice] [client 192.168.1.99]
Connection to child 3 established (server
GigamonHD4:443)
Jan 27 16:59:37 GigamonHD4 httpd[20123]: [Wed
Jan 27 16:59:37 2016] [notice] [client 192.168.1.99]
Connection to child 3 completed successfully (server
GigamonHD4:443)
Session termination (HTTPS):
Nov 4 13:20:04 GigaVUE-HD ugwd[2088]:
[ugwd.INFO]: ugwd_release_session_ptr: sessions
IIj5UbD9HXxluUE5IqvnBxxRCheg67fQWLpBeD35
BEBmAAg= count 0 logout 1
Nov 4 13:20:04 GigaVUE-HD ugwd[2088]:
[ugwd.INFO]: session 1: closing for peer mgmtd user
21 | P a g e
i:1954-0-0 (0/0) 0
Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]:
[mgmtd.INFO]: session 37: closing for peer ugwc.8-
2088 user admin (0/0) 1
Nov 4 13:20:04 GigaVUE-HD wsmd[2078]:
[wsmd.NOTICE]: User admin (System Administrator)
from 192.168.1.99 logged out of Web UI
Nov 4 13:20:04 GigaVUE-HD wsmd[2078]:
[wsmd.INFO]: session 1: closing for peer mgmtd user
i:1954-0-0 (0/0) 0
Nov 4 13:20:04 GigaVUE-HD wsmd[2078]:
[wsmd.INFO]: Web session 8 closed
Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]:
[mgmtd.INFO]: EVENT:
/mgmtd/session/events/logout
Nov 4 13:20:04 GigaVUE-HD wsmd[2078]:
[wsmd.INFO]: Recording web logout of user admin
on device /dev/web/8
Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]:
[mgmtd.INFO]: Calling internal interest callback for
event /mgmtd/session/events/logout
Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]:
[mgmtd.INFO]: Calling internal interest callback for
event /mgmtd/session/events/logout
Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]:
[mgmtd.NOTICE]: User admin: logout from 127.0.0.1
through trusted ugwc.8 channel.
Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]:
[mgmtd.INFO]: session 36: closing for peer wsmd.8-
2078 user admin (0/0) 1
Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]:
[mgmtd.INFO]: EVENT:
/mgmtd/session/events/logout
Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]:
[mgmtd.INFO]: Calling internal interest callback for
event /mgmtd/session/events/logout
Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]:
[mgmtd.INFO]: Calling internal interest callback for
event /mgmtd/session/events/logout
Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]:
[mgmtd.NOTICE]: User admin: logout from
22 | P a g e
192.168.1.99 through trusted web channel.
Nov 4 13:20:08 GigaVUE-HD gsd[2079]:
[gsd.INFO]: gsd_mon_handle_get(), gsd_mgmt.c:422:
bname: /gv/internal/state/liveness/gsd
FIA_UIA_EX
T.1
All use of
the
identificatio
n and
authenticati
on
mechanism.
Provided user identity,
origin of the attempt
(e.g., IP address).
Local console login:
Oct 29 02:50:25 GigaVUE-HD mgmtd[2115]:
[mgmtd.NOTICE]: User admin (local user admin)
authentication method: local
Oct 29 02:50:25 GigaVUE-HD mgmtd[2115]:
[mgmtd.NOTICE]: User admin: login from local
through trusted cli channel.
GUI login:
Oct 29 04:59:16 GigaVUE-HD
<EF><BB><BF><14>tornado.login: [INFO]: user
admin attempting login from 192.168.1.241
Oct 29 04:59:16 GigaVUE-HD wsmd[2237]:
[wsmd.INFO]: Web session 13 created
Oct 29 04:59:16 GigaVUE-HD wsmd[2237]:
[wsmd.INFO]: Recording web login of user admin on
device /dev/web/13
Oct 29 04:59:17 GigaVUE-HD mgmtd[2115]:
[mgmtd.INFO]: Opened session: 73
Oct 29 04:59:17 GigaVUE-HD mgmtd[2115]:
[mgmtd.INFO]: session 73: opened for client
wsmd.13-2237 user admin (0/0) 1
Oct 29 04:59:17 GigaVUE-HD wsmd[2237]:
[wsmd.INFO]: session 1: client open for peer mgmtd
(local name wsmd.13-2237)
Oct 29 04:59:17 GigaVUE-HD mgmtd[2115]:
[mgmtd.INFO]: TRUSTED_AUTH_INFO (user
admin/admin): validated OK
LDAP GUI login:
Oct 29 05:06:04 GigaVUE-HD
<EF><BB><BF><14>tornado.login: [INFO]: user
testUser1 attempting login from 192.168.1.241
Oct 29 05:06:09 GigaVUE-HD wsmd[2237]:
[wsmd.INFO]: Web session 14 created
Oct 29 05:06:09 GigaVUE-HD wsmd[2237]:
[wsmd.INFO]: Recording web login of user admin on
device /dev/web/14
Oct 29 05:06:09 GigaVUE-HD mgmtd[2115]:
[mgmtd.INFO]: Opened session: 75
23 | P a g e
Oct 29 05:06:09 GigaVUE-HD mgmtd[2115]:
[mgmtd.INFO]: session 75: opened for client
wsmd.14-2237 user testUser1 (0/0) 1
Oct 29 05:06:09 GigaVUE-HD wsmd[2237]:
[wsmd.NOTICE]: User testUser1 local user admin
(System Administrator) logged into Web UI from
192.168.1.241
Oct 29 05:06:09 GigaVUE-HD mgmtd[2115]:
[mgmtd.INFO]: TRUSTED_AUTH_INFO (user
testUser1/admin): validated OK
Oct 29 05:06:09 GigaVUE-HD ugwd[2247]:
[ugwd.INFO]: remote user id: testUser1, local user id:
admin
Oct 29 05:06:09 GigaVUE-HD mgmtd[2115]:
[mgmtd.NOTICE]: User testUser1 (local user admin)
authentication method: ldap
SSH login using public key:
Jan 27 12:57:39 GigamonHD4 sshd[18546]:
Connection from 192.168.1.99 port 46556
Jan 27 12:57:41 GigamonHD4 sshd[18546]: Found
matching RSA key:
de:2c:f2:4b:e6:f7:37:5e:41:18:96:c3:51:27:59:5a:09:3
c:47:c9 [SHA-1]
Jan 27 12:57:41 GigamonHD4 sshd[18546]:
Postponed publickey for cctl from 192.168.1.99 port
46556 ssh2 [preauth]
Jan 27 12:57:41 GigamonHD4 sshd[18546]: Found
matching RSA key:
de:2c:f2:4b:e6:f7:37:5e:41:18:96:c3:51:27:59:5a:09:3
c:47:c9 [SHA-1]
Jan 27 12:57:41 GigamonHD4 sshd[18546]: Accepted
publickey for cctl from 192.168.1.99 port 46556 ssh2
Jan 27 12:57:41 GigamonHD4 sshd[18546]: User cctl
logged in via ssh2 from 192.168.1.99
SSH login using password:
Oct 29 02:58:04 GigaVUE-HD sshd[3477]:
Connection from 192.168.1.241 port 59394
Oct 29 02:58:11 GigaVUE-HD sshd[3477]: Accepted
keyboard-interactive/pam for admin from
192.168.1.241 port 59394 ssh2
Oct 29 02:58:11 GigaVUE-HD sshd[3477]: User
24 | P a g e
admin (System Administrator) logged in via ssh2 from
192.168.1.241
FIA_UAU_E
XT.2
All use of
the
authenticati
on
mechanism.
Origin of the attempt
(e.g., IP address). See FIA_UIA_EXT.1
FPT_STM.1 Changes to
the time.
The old and new values
for the time.
Origin of the attempt
(e.g., IP address).
CLI Changes to time:
Nov 4 13:43:10 GigaVUE-HD cli[4166]: [cli.INFO]:
user admin: Executing command: show clock
Nov 4 13:43:14 GigaVUE-HD cli[3985]: [cli.INFO]:
user admin: Executing command: show log
Nov 4 13:43:36 GigaVUE-HD cli[4166]: [cli.INFO]:
user admin: Getting command line help: "clock set
13:44:00 ?"
Nov 4 13:43:41 GigaVUE-HD cli[4166]: [cli.INFO]:
user admin: Executing command: clock set 13:44:00
2015/11/04
Nov 4 13:43:41 GigaVUE-HD mgmtd[1954]:
[mgmtd.INFO]: Action ID 27: requested by: user
admin (System Administrator) via CLI
Nov 4 13:43:41 GigaVUE-HD mgmtd[1954]:
[mgmtd.INFO]: Action ID 27: descr: system clock: set
date and time
Nov 4 13:43:41 GigaVUE-HD mgmtd[1954]:
[mgmtd.INFO]: Action ID 27: param: date and time:
2015/11/04 13:44:00
Nov 4 13:44:00 GigaVUE-HD pm[1953]: [pm.INFO]:
Restarting process crond (Cron Daemon) from
RUNNING state
GUI changes to time:
Jan 27 15:15:03 GigamonHD4 mgmtd[1944]:
[mgmtd.INFO]: Action ID 51: descr: system clock: set
date and time
Jan 27 15:15:03 GigamonHD4 mgmtd[1944]:
[mgmtd.INFO]: Action ID 51: param: date and time:
2015/01/27 19:14:48
Jan 27 19:14:48 GigamonHD4 pm[1943]: [pm.INFO]:
Restarting process crond (Cron Daemon) from
RUNNING state
Jan 27 19:14:48 GigamonHD4 pm[1943]:
[pm.NOTICE]: Terminating process crond (Cron
25 | P a g e
Daemon)
NTP changes to time:
Nov 16 16:07:49 gigamon-20016a ntpd[3114]:
synchronized to 10.224.0.13, stratum 1
Nov 18 18:18:04 gigamon-20016a ntpd[3114]: time
reset +180615.125342 s
FPT_TUD_E
XT.1
Initiation of
update.
No additional
information
Initiation of update (CLI):
Nov 2 12:27:53 GigaVUE-HD cli[2377]: [cli.INFO]:
user admin: Executing command: image install
hdccv2_2015-10-26.img install-boot
Nov 2 12:27:53 GigaVUE-HD cli[2377]: [cli.INFO]:
user admin: Tracking progress on operation ID cli-
2377-167
Nov 2 12:27:53 GigaVUE-HD mgmtd[1943]:
[mgmtd.INFO]: Action ID 8: requested by: user
admin (System Administrator) via CLI
Nov 2 12:27:53 GigaVUE-HD mgmtd[1943]:
[mgmtd.INFO]: Action ID 8: descr: install system
software image
Nov 2 12:27:53 GigaVUE-HD mgmtd[1943]:
[mgmtd.INFO]: Action ID 8: param: image filename:
hdccv2_2015-10-26.img, version: GigaVUE-OS
4.5.00hd_4402_bah #11264 2015-10-26 12:41:06 ppc
gvcc2 build_master@jenkins-slave021:svn57106
Initiation of update (GUI):
Oct 30 10:48:02 GigaVUE-HD ugwd[2085]:
[ugwd.INFO]: :wsmd_user_id: admin, and
wsmd_local_user_id :admin
Oct 30 10:48:02 GigaVUE-HD mgmtd[1949]:
[mgmtd.INFO]: Action ID 7: requested by: user
admin (System Administrator) via ugwc-2085
Oct 30 10:48:02 GigaVUE-HD mgmtd[1949]:
[mgmtd.INFO]: Action ID 7: descr: install system
software image
Oct 30 10:48:02 GigaVUE-HD mgmtd[1949]:
[mgmtd.INFO]: Action ID 7: param: image filename:
hdccv2_2015-10-26.img, version: GigaVUE-OS
4.5.00hd_4402_bah #11264 2015-10-26 12:41:06 ppc
gvcc2 build_master@jenkins-slave021:svn57106
FTA_SSL_EX
T.1
Any
attempts at
unlocking
No additional
information.
Session termination due to inactivity (local
console):
26 | P a g e
of an
interactive
session.
Oct 28 20:00:42 GigaVUE-HD cli[10349]:
[cli.NOTICE]: user admin: Inactive for 3 minutes --
automatically logging out
FTA_SSL.3 The
termination
of a remote
session by
the session
locking
mechanism.
No additional
information.
Session termination due to inactivity (remote CLI):
Oct 28 18:32:51 GigaVUE-HD cli[8386]:
[cli.NOTICE]: user admin: Inactive for 3 minutes --
automatically logging out
Session termination due to inactivity (remote
WebGUI):
Oct 28 19:20:33 GigaVUE-HD wsmd[2237]:
[wsmd.INFO]: Web session 21 timed out due to
inactivity
FTA_SSL.4 The
termination
of an
interactive
session.
No additional
information.
Manual session termination by admin (local
console):
Oct 29 11:10:22 GigaVUE-HD cli[29757]:
[cli.INFO]: user admin: Executing command: exit
Oct 29 11:10:22 GigaVUE-HD mgmtd[2115]:
[mgmtd.NOTICE]: User admin: logout from local
through trusted cli channel.
Oct 29 11:10:22 GigaVUE-HD cli[29757]:
[cli.INFO]: user admin: session 1: closing, but already
closed
Oct 29 11:10:22 GigaVUE-HD cli[29757]:
[cli.NOTICE]: user admin: CLI exiting
Oct 29 11:10:22 GigaVUE-HD login:
pam_unix(login:session): session closed for user
admin
Manual session termination by admin (remote
CLI):
Oct 29 11:13:20 GigaVUE-HD cli[29837]:
[cli.INFO]: user admin: Executing command: exi
Oct 29 11:13:20 GigaVUE-HD mgmtd[2115]:
[mgmtd.NOTICE]: User admin: logout from
192.168.1.241 through trusted cli channel.
Oct 29 11:13:20 GigaVUE-HD cli[29837]:
[cli.INFO]: user admin: session 1: closing, but already
closed
Oct 29 11:13:20 GigaVUE-HD cli[29837]:
[cli.NOTICE]: user admin: CLI exiting
Oct 29 11:13:20 GigaVUE-HD sshd[29832]:
Connection closed by 192.168.1.241
27 | P a g e
Oct 29 11:13:20 GigaVUE-HD sshd[29832]:
pam_unix(sshd:session): session closed for user admin
Oct 29 11:13:20 GigaVUE-HD sshd[29832]:
Transferred: sent 3408, received 3056 bytes
Oct 29 11:13:20 GigaVUE-HD sshd[29832]: Closing
connection to 192.168.1.241 port 50844
Manual session termination by admin (remote
WebGUI):
Oct 29 11:17:47 GigaVUE-HD ugwd[2247]:
[ugwd.INFO]: ugwd_release_session_ptr: sessions
IKklQOWsG3GsGsAHUT7LronYyFy54sZej6VCAhc
ZgCYCABs= count 0 logout 1
Oct 29 11:17:47 GigaVUE-HD ugwd[2247]:
[ugwd.INFO]: session 1: closing for peer mgmtd user
i:2115-0-0 (0/0) 0
Oct 29 11:17:47 GigaVUE-HD mgmtd[2115]:
[mgmtd.INFO]: session 129: closing for peer
ugwc.26-2247 user admin (0/0) 1
Oct 29 11:17:47 GigaVUE-HD wsmd[2237]:
[wsmd.NOTICE]: User admin (System Administrator)
from 192.168.1.241 logged out of Web UI
Oct 29 11:17:47 GigaVUE-HD wsmd[2237]:
[wsmd.INFO]: session 1: closing for peer mgmtd user
i:2115-0-0 (0/0) 0
Oct 29 11:17:47 GigaVUE-HD wsmd[2237]:
[wsmd.INFO]: Web session 27 closed
FTP_ITC.1 Initiation of
the trusted
channel.
Termination
of the
trusted
channel.
Failure of
the trusted
channel
functions.
Identification of the
initiator and target of
failed trusted channels
establishment attempt.
Initiation & termination of the trusted channel
(HTTPS update web server):
Nov 2 12:27:06 GigaVUE-HD cli[2377]: [cli.INFO]:
user admin: Executing command: image fetch
https://chris.cctl.com/4.4.03/hdccv2_2015-10-26.img
Nov 2 12:27:06 GigaVUE-HD cli[2377]: [cli.INFO]:
user admin: Tracking progress on operation ID cli-
2377-62
Nov 2 12:27:06 GigaVUE-HD mgmtd[1943]:
[mgmtd.INFO]: Action ID 7: requested by: user
admin (System Administrator) via CLI
Nov 2 12:27:06 GigaVUE-HD mgmtd[1943]:
[mgmtd.INFO]: Action ID 7: descr: download file
Nov 2 12:27:30 GigaVUE-HD progress[2401]:
28 | P a g e
[progress.INFO]: session 1: closing, but already
closed
Nov 2 12:27:30 GigaVUE-HD progress[2401]:
[progress.INFO]: Progress wrapper exiting
Nov 2 12:27:30 GigaVUE-HD mgmtd[1943]:
[mgmtd.INFO]: Download of
/var/opt/tms/images/.temp/hdccv2_2015-10-26.img
complete, now 0 downloads active
Nov 2 12:27:30 GigaVUE-HD mgmtd[1943]:
[mgmtd.INFO]: Action ID 7: status: completed with
success
Failure of the trusted channel functions (HTTPS
update web server):
Nov 5 17:57:22 GigaVUE-HD cli[2441]: [cli.INFO]:
user admin: Executing command: image fetch
https://chris.cctl.com/4.4.03/hb1_2015-10-26.img
Nov 5 17:57:22 GigaVUE-HD mgmtd[1957]:
[mgmtd.INFO]: Download of
/var/opt/tms/images/.temp/hb1_2015-10-26.img
complete, now 0 downloads active
Nov 5 17:57:22 GigaVUE-HD mgmtd[1957]:
[mgmtd.ERR]: Set commit return status: code 0x1,
message: SSL certificate verification failed.
Nov 5 17:57:22 GigaVUE-HD mgmtd[1957]:
[mgmtd.INFO]: Action ID 18: status: completed with
failure
Initiation of the trusted channel (Remote syslog via
SSH):
Nov 5 18:14:25 GigaVUE-HD mgmtd[1957]:
[mgmtd.INFO]: md_syslog_create_ssh: Creating ssh
connection to [email protected]:6514 from local port
61001
Nov 5 18:14:25 GigaVUE-HD mgmtd[4267]:
[mgmtd.NOTICE]: Respawning ssh process to
[email protected]:6514 from localhost:61001
Nov 5 18:14:25 GigaVUE-HD mgmtd[1957]:
[mgmtd.INFO]: md_syslog_create_netcat: Creating
netcat for 192.168.1.51:61001 through /tmp/fifo-
192.168.1.51
Nov 5 18:14:31 GigaVUE-HD mgmtd[1957]:
[mgmtd.INFO]: md_syslog_create_fifo: Fifofile
/tmp/fifo-192.168.1.51 exist, no need to recreate.
29 | P a g e
Nov 5 18:14:31 GigaVUE-HD mgmtd[1957]:
[mgmtd.INFO]: md_syslog_create_ssh: Creating ssh
connection to [email protected]:6514 from local port
61001
Nov 5 18:14:31 GigaVUE-HD mgmtd[4281]:
[mgmtd.NOTICE]: Respawning ssh process to
[email protected]:6514 from localhost:61001
Nov 5 18:14:31 GigaVUE-HD mgmtd[1957]:
[mgmtd.INFO]: md_syslog_create_netcat: Creating
netcat for 192.168.1.51:61001 through /tmp/fifo-
192.168.1.51
Termination of the trusted channel (Remote syslog
via SSH):
Nov 5 18:25:27 GigaVUE-HD mgmtd[1957]:
[mgmtd.INFO]: Config change ID 33: requested by:
user admin (System Administrator) via CLI, 6 item(s)
changed
Nov 5 18:25:27 GigaVUE-HD mgmtd[1957]:
[mgmtd.INFO]: Config change ID 33: item 1: syslog:
remote sink 192.168.1.51 deleted
Nov 5 18:25:27 GigaVUE-HD mgmtd[1957]:
[mgmtd.INFO]: Config change ID 33: item 2: syslog:
remote sink 192.168.1.51: minimum log severity was
"info" before deletion
Nov 5 18:25:27 GigaVUE-HD mgmtd[1957]:
[mgmtd.INFO]: Config change ID 33: item 3: syslog:
remote sink 192.168.1.51: per-facility override was
enabled before deletion
Nov 5 18:25:27 GigaVUE-HD mgmtd[1957]:
[mgmtd.INFO]: Config change ID 33: item 4: syslog:
remote sink 192.168.1.51: TCP forwarding port was
6514 before deletion
Nov 5 18:25:27 GigaVUE-HD mgmtd[1957]:
[mgmtd.INFO]: Config change ID 33: item 5: syslog:
remote sink 192.168.1.51: SSH enabled was enabled
before deletion
Nov 5 18:25:27 GigaVUE-HD mgmtd[1957]:
[mgmtd.INFO]: Config change ID 33: item 6: syslog:
remote sink 192.168.1.51: SSH username was "cctl"
before deletion
Failure of the trusted channel (Remote syslog via
SSH):
30 | P a g e
Jan 29 14:40:48 GigamonHD4 mgmtd[2109]:
[mgmtd.INFO]: md_syslog_create_ssh: Creating ssh
connection to [email protected]:6514 from local port
61001
Jan 29 14:40:49 GigamonHD4 mgmtd[5500]:
[mgmtd.ERR]: SSH connection to
[email protected]:6514 failed
Jan 29 14:40:49 GigamonHD4 pm[2108]:
[pm.NOTICE]: Output from mgmtd (Management
Daemon) (pid 2109): [mgmtd.ERR]: SSH connection
to 61001 failed
Jan 29 14:40:49 GigamonHD4 mgmtd[2109]:
[mgmtd.INFO]: md_syslog_create_ssh: Running
/opt/tms/bin/gv_syslog_ssh.sh 61001 192.168.1.51
cctl 6514
Jan 29 14:40:49 GigamonHD4 mgmtd[2109]:
[mgmtd.INFO]: md_syslog_create_netcat: Creating
netcat for 192.168.1.51:61001 through /tmp/fifo-
192.168.1.51
Initiation of the trusted channel (LDAP
authentication server):
Jan 27 20:20:53 GigamonHD4 sshd[24229]:
pam_ldap: session established to LDAP server
tacacs.cctl.com:389:
Termination of the trusted channel (LDAP
authentication server):
Jan 29 15:14:24 GigamonHD4 sshd[6462]: pam_ldap:
connection closed to LDAP admin@server
tacacs.cctl.com:389:
Failure of the trusted channel (LDAP
authentication server):
Nov 6 11:01:39 GigaVUE-HD
<EF><BB><BF><14>tornado.login: [INFO]: user
testUser1 attempting login from 192.168.1.99
Nov 6 11:01:39 GigaVUE-HD wsmd[2069]:
pam_ldap: ldap_starttls_s: server tacacs.cctl.com:389:
Connect error: certificate verify failed
FTP_TRP.1 Initiation of
the trusted
channel.
Termination
of the
trusted
channel.
Failures of
the trusted
path
Identification of the
claimed user identity.
Initiation & termination of the trusted path (SSH):
Nov 5 17:59:31 GigaVUE-HD sshd[3870]:
Connection from 192.168.1.99 port 7274
Nov 5 17:59:34 GigaVUE-HD sshd[3870]: Postponed
keyboard-interactive for admin from 192.168.1.99
port 7274 ssh2 [preauth]
Nov 5 17:59:36 GigaVUE-HD sshd[3870]: Postponed
keyboard-interactive/pam for admin from
31 | P a g e
functions. 192.168.1.99 port 7274 ssh2 [preauth]
Nov 5 17:59:36 GigaVUE-HD sshd[3870]: Accepted
keyboard-interactive/pam for admin from
192.168.1.99 port 7274 ssh2
Nov 5 17:59:36 GigaVUE-HD sshd[3870]: User
admin (System Administrator) logged in via ssh2 from
192.168.1.99
Nov 5 17:59:39 GigaVUE-HD sshd[3870]:
Connection closed by 192.168.1.99
Nov 5 17:59:39 GigaVUE-HD sshd[3870]:
pam_unix(sshd:session): session closed for user admin
Nov 5 17:59:39 GigaVUE-HD sshd[3870]:
Transferred: sent 1920, received 2096 bytes
Nov 5 17:59:39 GigaVUE-HD sshd[3870]: Closing
connection to 192.168.1.99 port 7274
Failure of the trusted path functions (SSH):
Nov 4 14:07:44 GigaVUE-HD sshd[4691]:
Connection from 192.168.1.99 port 55592
Nov 4 14:07:44 GigaVUE-HD sshd[4691]: fatal:
Unable to negotiate a key exchange method [preauth]
Nov 4 14:08:28 GigaVUE-HD sshd[4714]:
Connection from 192.168.1.99 port 55619
Nov 4 14:08:28 GigaVUE-HD sshd[4714]: fatal: no
matching mac found: client hmac-md5 server hmac-
sha1,hmac-sha2-256,hmac-sha2-512 [preauth]
Nov 4 14:09:06 GigaVUE-HD sshd[4737]:
Connection from 192.168.1.99 port 55648
Nov 4 14:09:06 GigaVUE-HD sshd[4737]: fatal: no
matching cipher found: client 3des-cbc server aes128-
cbc,aes256-cbc [preauth]
Initiation & termination of the trusted channel
(HTTPS WebGUI):
Nov 5 18:02:23 GigaVUE-HD mgmtd[1957]:
[mgmtd.NOTICE]: User admin: login from
192.168.1.99 through trusted web channel.
Nov 5 18:02:28 GigaVUE-HD mgmtd[1957]:
[mgmtd.NOTICE]: User admin: logout from
192.168.1.99 through trusted web channel.
32 | P a g e
Failure of the trusted path functions (HTTPS
WebGUI):
Jan 27 17:05:12 GigamonHD4 httpd[20125]: [Wed
Jan 27 17:05:12 2016] [error] [client 192.168.1.99]
(70014)End of file found: SSL handshake interrupted
by system
Table 8-1: NDPP Auditable Events
The right most column in Table 8-1 provides examples for each audit event for which the TOE needs to
produce a record. The following is one example of an audit record to describe the contents of the record:
Oct 29 01:22:24 GigaVUE-HD mgmtd[2115]: [mgmtd.NOTICE]: User cctl: login from
192.168.1.241 through trusted CLI channel.
The following are the fields for this audit record:
Oct 29 01:22:24 = This is the date and time the event occurred
GigaVUE-HD = This is the GigaVUE model that recorded the event
mgmtd[2115]: [mgmtd.NOTICE]: = This is the management channel for the event
User cctl: = This is the subject identity; which for this case is the username of the user that
caused the event
login from 192.168.1.241 through trusted CLI channel. = This is a message that indicates the
type of event as well as identifies the IP address of the remote system connecting to the TOE.
8.1 Audit Storage
The TOE generates audit records which are stored locally or on a configured Syslog Server. Once the
Syslog Server is configured audit records are stored both locally and also sent immediately to the Syslog
Server over an SSH encrypted channel. The following sections show how to create an SSH RSA key and
configure the Syslog Server.
If the connection is interrupted during a log transfer, the TOE will automatically continue the secure log
transfer over SSH once the connection is re-established.
8.1.1 Assigning a Public-Key to the Syslog Server and Enable SSH (CLI)
In order for the communications between the TOE and the Syslog Server to be encrypted by SSH, an
RSA key must be generated on the TOE, which acts as the SSH client, and copied over to the Syslog
Server which acts as the SSH server. This is achieved by the following steps.
1. Create the RSA key on the TOE using the command:
enable
config terminal
ssh client user <USERNAME> identity rsa2 generate
show ssh client
2. Copy the RSA public key to the Syslog Server and insert it into the “~/ssh/authorized_keys”
file.
33 | P a g e
8.1.2 Configuring the Syslog Server (CLI)
The “logging” command is used to configure the Syslog Server. For more information on the “logging”
command, refer to the ‘logging’ Section in document [1] between pages 777 and 780. The configuration
must be performed by an Admin user via the CLI and the following commands must be used in the
evaluated configuration of the TOE for connecting to a Syslog Server.
enable
config terminal
logging < SYSLOG_SERVER_IP_ADDRESS > tcp <0-65535> ssh username <USERNAME>
logging trap info
9 Communications Protocols and Services
In the evaluated configuration, the SSH2 protocol was tested for remote administration and secure
transfer of audit data to the Syslog Server. TLS/HTTPS was also tested in the evaluated configuration to
secure the WebGUI, update server and LDAP server (TLS only) trusted channels The Telnet protocol is
excluded from the evaluated configuration of the GigaVUE product because it does not provide security
for data in transit. The product supports numerous communications protocols that were not evaluated as
part of the Common Criteria evaluation because they provide functionality that is not assessed by the
Protection Profile. These protocols are facilitated by processes on the GigaVUE device that support their
implementation and include the following:
ARP
CDP
DHCP
DHCPv6
FTP
GRE
GTP
HTTP
IGMP
ICMP
ISL
IPv4
IPv6
LLDP
MPLS
NTP
PDP
RADIUS
RSVP
SCP
SFTP
34 | P a g e
SNMP
SSL
TACACS+
TCP
Telnet
TFTP
TLS
UDP
Information about the configuration and usage of these protocols can be found in the standard Gigamon
documentation for the product as specified in Section 4 of this document.
10 Modes of Operation
The TOE has two modes of operation, these modes are as follows:
Booting – While booting, the GigaVUE does not allow access to the administrator interfaces or process
network traffic until the software image and configuration have loaded. During this mode of operation the
TOE’s Power-on self-tests (POST) are performed. As long as there are no errors during the POST, this
mode of operation automatically progresses to the Normal mode of operation.
Normal – The GigaVUE software image and configuration are loaded and the GigaVUE is operating as
configured. It should be noted that all levels of administrative access occur in this mode and that all
GigaVUE based security functions are operating.
The POST includes self-tests for the cryptographic module’s operations, an integrity check of the
configuration database, and a hardware inspection for anomalies. If there is a self-test failure during the
POST, then the TOE will display error messages providing information regarding the self-test that failed
via the serial console. If any of the POST self-tests fail, the following actions should be taken:
Restart the TOE to perform POST again and determine if normal operation can be resumed
If the problem persists, refer to Section 11 to contact Gigamon
11 Obtaining Technical Assistance
Gigamon offers technical assistance through their website: www.gigamon.com under the heading
“Support and Services”. There is a specific customer support portal with website:
https://gigamoncp.force.com/gigamoncp/ where customers can login with a username and password.
Support in North American can be contacted using the telephone number: +1 855-430-0813 (Toll Free).
In addition the support team can be contacted by email at: [email protected]
Other support contact information can be found at: https://www.gigamon.com/support-and-
services/contact-support