Security Target Juniper Networks JUNOS-FIPS JUNOS 10 4...Security Target: Juniper Networks JUNOS-FIPS

  • View
    219

  • Download
    1

Embed Size (px)

Text of Security Target Juniper Networks JUNOS-FIPS JUNOS 10 4...Security Target: Juniper Networks...

  • Security Target: Juniper Networks JUNOS-FIPS 10.4R4 for SRX Series

    Document Version 1.5 2011 Juniper Networks Page 1 of 81

    Security Target

    Juniper Networks JUNOS-FIPS 10.4R4 for SRX Series

    Document Version 1.5

    Rev A

    December 22, 2011

  • Security Target: Juniper Networks JUNOS-FIPS 10.4R4 for SRX Series

    Document Version 1.5 2011 Juniper Networks Page 2 of 81

    Prepared For:

    Prepared By:

    Juniper Networks, Inc.

    1194 North Mathilda Avenue

    Sunnyvale, CA 94089

    www.juniper.net

    Apex Assurance Group, LLC

    530 Lytton Ave, Ste. 200

    Palo Alto, CA 94301

    www.apexassurance.com

    Abstract

    This document provides the basis for an evaluation of a specific Target of Evaluation (TOE), JUNOS-FIPS

    10.4R4 for SRX Series. This Security Target (ST) defines a set of assumptions about the aspects of the

    environment, a list of threats that the product intends to counter, a set of security objectives, a set of

    security requirements and the IT security functions provided by the TOE which meet the set of

    requirements.

    http://www.juniper.net/http://www.apexassurance.com/

  • Security Target: Juniper Networks JUNOS-FIPS 10.4R4 for SRX Series

    Document Version 1.5 2011 Juniper Networks Page 3 of 81

    Table of Contents

    1 Introduction .................................................................................................................................................. 5

    1.1 ST Reference ................................................................................................................................................. 5

    1.2 TOE Reference .............................................................................................................................................. 5

    1.3 About This ST Document .............................................................................................................................. 5

    1.3.1 Document Organization ........................................................................................................................... 5

    1.3.2 Document Conventions ........................................................................................................................... 6

    1.3.3 Document Terminology ........................................................................................................................... 6

    1.4 TOE Overview ............................................................................................................................................... 7

    1.5 TOE Description ............................................................................................................................................ 7

    1.5.1 Logical Boundary .................................................................................................................................... 12

    2 Conformance Claims .................................................................................................................................... 14

    2.1 CC Conformance Claim ............................................................................................................................... 14

    2.2 PP Claim ..................................................................................................................................................... 14

    2.3 Package Claim ............................................................................................................................................ 14

    2.4 Conformance Rationale .............................................................................................................................. 14

    3 Security Problem Definition ........................................................................................................................ 15

    3.1 Threats ....................................................................................................................................................... 15

    3.2 Organizational Security Policies ................................................................................................................. 17

    3.3 Assumptions ............................................................................................................................................... 18

    4 Security Objectives ...................................................................................................................................... 19

    4.1 Security Objectives for the TOE .................................................................................................................. 19

    4.2 Security Objectives for the Operational Environment ................................................................................ 20

    4.3 Statement of Threats Consistency .............................................................................................................. 21

    4.4 Statement of Organizational Security Policies Consistency ........................................................................ 24

    4.5 Statement of Assumptions Consistency ..................................................................................................... 25

    4.6 Statement of Security Objectives for the TOE Consistency ......................................................................... 26

    4.7 Statement of Security Objectives for the Operational Environment Consistency....................................... 29

    5 Extended Components Definition ................................................................................................................ 32

    5.1 IDS Class ..................................................................................................................................................... 32

    5.1.1 IDS_SDC.1 System Data Collection ........................................................................................................ 32

    5.1.2 IDS_ANL.1 Analyzer Analysis .................................................................................................................. 33

    5.1.3 IDS_RDR.1 Restricted Data Review (EXT) ............................................................................................... 34

    5.1.4 IDS_RCT.1 Analyzer React ................................................................................................................... 35

    5.1.5 IDS_STG.1 Guarantee of System Data Availability ................................................................................. 35

    5.1.6 IDS_STG.2 Prevention of System Data Loss ........................................................................................... 36

    5.2 FAU Class .................................................................................................................................................... 36

    5.2.1 FAU_STG_EXT.1 External Audit Trail Storage ........................................................................................ 36

    6 Security Requirements ................................................................................................................................ 38

    6.1 Security Functional Requirements .............................................................................................................. 38

    6.1.1 Security Audit (FAU) ............................................................................................................................... 39

    6.1.2 Cryptographic Support (FCS) .................................................................................................................. 42

    6.1.3 Information Flow Control (FDP) ............................................................................................................. 44

  • Security Target: Juniper Networks JUNOS-FIPS 10.4R4 for SRX Series

    Document Version 1.5 2011 Juniper Networks Page 4 of 81

    6.1.4 Identification and Authentication (FIA) ................................................................................................. 47

    6.1.5 Security Management (FMT) ................................................................................................................. 48

    6.1.6 Protection of the TOE Security Functions .............................................................................................. 50

    6.1.7 Traffic Analysis Component Requirements............................................................................................ 50

    6.2 Statement of Security Requirements Consistency ...................................................................................... 51

    6.3 Security Functional Requirements Rationale .............................................................................................. 53

    6.3.1 Sufficiency of Security Requirements .................................................................................................... 53

    6.3.2 CC Component Hierarchies and Dependencies ..................................................................................... 56

    6.4 Security Assurance Requirements .............................................................................................................. 57

    6.5 Security Assurance Rationale ..................................................................................................................... 58

    7 TOE Summary Specification ......................................................................................................................... 59

    7.1