Security Target Junos 15.1X49-D60 for SRX platforms (NDPP ... Juniper Networks, Inc. Junos 15.1 X49-D60

  • View
    1

  • Download
    0

Embed Size (px)

Text of Security Target Junos 15.1X49-D60 for SRX platforms (NDPP ... Juniper Networks, Inc. Junos 15.1...

  • Security Target - Junos 15.1X49-D60 for SRX platforms (NDPP, TFFWEP, VPNEP, IPSEP) Version 1.0

    Page 1 of 92

    Security Target

    Junos 15.1X49-D60 for SRX platforms (NDPP, TFFWEP, VPNEP, IPSEP)

    Document Reference: Document Status: Document Version: Issue Date:

    Junos_15.1X49-D60_ST_1.0 Released 1.0 24 January 2017

  • Security Target - Junos 15.1X49-D60 for SRX platforms (NDPP, TFFWEP, VPNEP, IPSEP) Version 1.0

    Page 2 of 92

    Prepared For: Prepared By:

    Juniper Networks, Inc.

    1133 Innovation Way

    Sunnyvale, CA 94089, USA

    www.juniper.net

    BAE Systems Applied Intelligence, Pty Ltd

    Level 1, 14 Childers Street

    Canberra ACT 2601, Australia

    www.baesystems.com/ai

    Abstract

    This document provides the basis for an evaluation of a specific Target of Evaluation (TOE), Juniper Networks, Inc. Junos 15.1 X49-D60 for SRX platforms. This Security Target (ST) defines a set of assumptions about the aspects of the environment, a list of threats that the product intends to counter, a set of security objectives, a set of security requirements and the IT security functions provided by the TOE which meet the set of requirements.

    Amendment history

    Version Date Revisions

    0.1 13-AUG-15 Initial draft

    0.2 09-SEP-15 Update platform specification

    0.3 07-JAN-16 Update platform specification

    0.4 21-APR-16 Update platform specification and major rework of SFRs

    0.5 28-NOV-16 Updated due to developer feedback.

    0.6 11-JAN-17 Updated due to developer feedback.

    1.0 24-JAN-17 Updated due to ETR Feedback

    Copyright statement

    Copyright © 2015 Juniper Networks, Inc.

  • Security Target - Junos 15.1X49-D60 for SRX platforms (NDPP, TFFWEP, VPNEP, IPSEP) Version 1.0

    Page 3 of 92

    Table of contents

    1  Introduction.................................................................................................................. 7  1.2 TOE Reference ......................................................................................................... 7 1.1 ST Reference ............................................................................................................ 7    1.3 Document Organization ............................................................................................ 7

        1.4 Document Conventions............................................................................................. 8

        1.5 Document Terminology ............................................................................................. 8

        1.6 TOE Overview......................................................................................................... 12

         

    1.7  TOE Description...................................................................................................... 12  

    1.7.1 Overview............................................................................................................. 12  

    1.7.2 Physical Boundary.............................................................................................. 13    

    1.7.3 Logical Boundary................................................................................................ 14    

    1.7.4 Summary of Out-of-Scope Items ........................................................................ 16    

    1.7.5 TOE Security Functional Policies ....................................................................... 17        

    1.7.6  TOE Product Documentation.............................................................................. 17  2  Conformance Claims................................................................................................. 18 

      2.2  Protection Profile Conformance Claim .................................................................... 18 2.1 CC Conformance Claim .......................................................................................... 18 

    2.2.1 TOE Type Consistency....................................................................................... 18  

    2.2.2 Security Problem Definition Consistency............................................................ 18    

    2.2.3 Security Objectives Consistency ........................................................................ 18    

    .2.4 Security Functional Requirements Consistency ................................................. 18      

    .2.5  Security Assurance Requirements Consistency................................................. 19 2   2  

    2.3  Package Claim ........................................................................................................ 19  3  Security Problem Definition...................................................................................... 20 

    3.2 Organizational Security Policies.............................................................................. 22 3.1 Threats .................................................................................................................... 20   

        3.3  Assumptions............................................................................................................ 22 

    4  Security Objectives ................................................................................................... 24  4.2 Security Objectives for the Operational Environment ............................................. 26 4.1 Security Objectives for the TOE.............................................................................. 24   

        4.3  Security Objectives Rationale ................................................................................. 27 

    5  Extended Components Definition ............................................................................ 28  5.1  Rationale for Extended Components ...................................................................... 29 

    6  Security Requirements.............................................................................................. 30   

    6.1.1  Security Audit (FAU)........................................................................................... 32  6.1  Security Functional Requirements .......................................................................... 30

  • Security Target - Junos 15.1X49-D60 for SRX platforms (NDPP, TFFWEP, VPNEP, IPSEP) Version 1.0

    Page 4 of 92

    6.1.2 Cryptographic Support (FCS) ............................................................................. 37    6.1.4 Identification and Authentication (FIA)................................................................ 41 6.1.3 User Data Protection (FDP)................................................................................ 41    6.1.5 Security Management (FMT).............................................................................. 43

        6.1.6 Protection of the TSF (FPT) ............................................................................... 45

        6.1.7 TOE Access (FTA) ............................................................................................. 46

        6.1.8 Trusted Path/Channel (FTP) .............................................................................. 47

         

    .1.9  Stateful Traffic/Packet Filtering (FFW and FPF)................................................ 48  

    .1.10  Intrusion Prevention System (IPS) ..................................................................... 53 6  

    6.2 CC Component Hierarchies and Dependencies ..................................................... 57 6  

    6.3 Security Assurance Requirements.......................................................................... 57      

    6.4  Security Requirements Rationale............................................................................ 58  

    6.4.1 Security Functional Requirements...................................................................... 58  

    6.4.2 Sufficiency of Security Requirements................................................................. 58    

    6.4.3 Security Assurance Requirements ..................................................................... 61    

    6.4.4 Security Assurance Requirements Rationale ..................................................... 61        

    6.4.5  Security Assurance Requirements Evidence ..................................................... 61  7  TOE Summary Specification..................................................................................... 63 

    7.2 Security Audit .......................................................................................................... 63 7.1 TOE Security Functions .......................................................................................... 63   

      7.3 Cryptographic Support ............................................................................................ 66

      .3.1  IPSEC Support ................................................................................................... 70    

    7.4 User Data Protection............................................................................................... 72 7  

    7.5 Identification and Authentication ............................................................................. 73    

    7.6 Security Management ..........................................................