Security Target for Juniper Networks EX3200 and EX4200 Switches

  • View
    214

  • Download
    1

Embed Size (px)

Text of Security Target for Juniper Networks EX3200 and EX4200 Switches

  • Security Target for Juniper Networks EX3200 and EX4200 Switches running JUNOS 9.3R2

    Version 1.4 April 05, 2011

    Prepared for: Juniper Networks 1194 North Mathilda Avenue Sunnyvale California 94089 USA Prepared by: IconSecurity Ltd

  • 2011 Juniper Inc. Page 2 of 38 All Rights Reserved

    Contents 1 ST Introduction ................................................................................................................................... 4

    1.1 ST and TOE Reference Identification ......................................................................................... 4 1.2 TOE Overview .............................................................................................................................. 4

    1.2.1 Usage and major features of the TOE ............................................................................... 4 1.3 References ................................................................................................................................... 4

    1.3.1 TOE Type ............................................................................................................................ 5 1.3.2 Required non-TOE hardware/software/firmware .............................................................. 5

    1.4 TOE Description ........................................................................................................................... 5 1.4.1 EX Switch ............................................................................................................................ 5

    1.5 TOE Boundaries ........................................................................................................................... 6 2 CC Conformance ............................................................................................................................... 9 3 Security Problem Definition ............................................................................................................. 10

    3.1 Threats ........................................................................................................................................ 10 3.2 Organizational Security Policies ............................................................................................... 11 3.3 Assumptions ............................................................................................................................... 11

    3.3.1 Physical Assumptions ....................................................................................................... 11 3.3.2 Personnel Assumptions .................................................................................................... 11 3.3.3 IT Environment Assumptions ........................................................................................... 11

    4 Security Objectives .......................................................................................................................... 12 4.1 Security Objectives for the TOE ................................................................................................ 12 4.2 Security Objectives for the Environment .................................................................................. 12

    5 Extended Component Definition ..................................................................................................... 13 6 IT Security Requirements ................................................................................................................ 14

    6.1 Conventions ................................................................................................................................ 14 6.2 Security Functional Requirements ............................................................................................ 14

    6.2.1 Audit (FAU) ........................................................................................................................ 15 6.2.2 User data protection (FDP) .............................................................................................. 16 6.2.3 Identification and authentication (FIA) ............................................................................. 17 6.2.4 Security management (FMT) ........................................................................................... 18 6.2.5 Protection of the TOE security functions (FPT) .............................................................. 19 6.2.6 TOE access (FTA) ............................................................................................................ 20

    6.3 Security Assurance Requirements ........................................................................................... 20 7 TOE Summary Specification ........................................................................................................... 22

    7.1 TOE Security Functions ............................................................................................................. 22 7.1.1 Information flow function................................................................................................... 22 7.1.2 Identification and authentication function ........................................................................ 22 7.1.3 Security management function ........................................................................................ 24 7.1.4 Protection function ............................................................................................................ 25 7.1.5 Audit function ..................................................................................................................... 25 7.1.6 TOE access function ......................................................................................................... 26 7.1.7 Clock function .................................................................................................................... 26

    8 Rationale ........................................................................................................................................... 28 8.1 Rationale for Security Objectives .............................................................................................. 28

    8.1.1 Rationale for Security Objectives for the TOE ................................................................ 28 8.1.2 Rationale for Security Objectives for the Environment................................................... 29

    8.2 Rationale for Security Requirements ........................................................................................ 30 8.2.1 Rationale for TOE security functional requirements ....................................................... 30 8.2.2 Rationale for TOE Environment Security Functional requirements............................... 33 8.2.3 Rationale for Security Assurance Requirements (SAR) ................................................ 33 8.2.4 Dependencies Rationale .................................................................................................. 34

    8.3 TOE Summary Specification Rationale .................................................................................... 34 8.4 IT security functions mutually supportive ................................................................................. 37

    9 Acronyms .......................................................................................................................................... 38

  • 2011 Juniper Inc. Page 3 of 38 All Rights Reserved

    List of tables Table 6-1 Security Functional Components .......................................................................................... 15 Table 6-2 TOE Assurance Components ................................................................................................ 21 Table 8-1 TOE Security Objectives Rationale ....................................................................................... 28 Table 8-2 Environment Security Objectives Rationale ......................................................................... 29 Table 8-3 Security Functional Requirements Rationale ....................................................................... 31 Table 8-4 Security Functions Rationale ................................................................................................. 35

  • 2011 Juniper Inc. Page 4 of 38 All Rights Reserved

    1 ST Introduction

    1.1 ST and TOE Reference Identification TOE Reference: Juniper Networks EX3200 and EX4200 switches running JUNOS 9.3R2.8. ST Reference: Security Target for Juniper Networks EX3200 and EX4200 Switches running JUNOS 9.3R2. ST Version: Version 1.4. ST Date: April 05, 2011. Assurance Level: Evaluation Assurance Level (EAL) 3 augmented with ALC_FLR.3. ST Author: IconSecurity Ltd Keywords: Router, IP, Service Manager

    1.2 TOE Overview

    1.2.1 Usage and major features of the TOE

    The TOE is an EX3200 and EX4200 switch providing a wide variety of services to the user. The switch routes IP traffic over any type of network, with increasing scalability of the traffic volume with each switch model. All packets on the monitored network are scanned and then compared against a set of rules to determine where the traffic should be routed, and then passed to the appropriate destination.

    1.3 References [CC1] Common Criteria for Information Technology Security Evaluation, Part 1:

    Introduction and General Model, Version 3.1 Revision 1, September 2006, CCMB-2006-09-001.

    [CC2] Common Criteria for Information Technology Security Evaluation, Part 2: Security Functional Components, Version 3.1 Revision 2, September 2007, CCMB-2007-09-002.

    [CC3] Common Criteria for Information Technology Security Evaluation, Part