Security Target Junos OS 17.4R1 for SRX1500, SRX4100 and ... Target Junos OS 17.4R1 for... Each Juniper Networks SRX Services Gateway appliance is a security system that supports a

Security Target Junos OS 17.4R1 for SRX1500, SRX4100 and SRX4200 Series
Juniper Networks
Version 2.2
June 22, 2018
Prepared for: Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, CA 94089 www.juniper.net
http://www.juniper.net/

Security Target Junos OS 17.4R1 for SRX1500, SRX4100 and SRX4200 Series Juniper Networks
Version 2.2 Page 2 of 85
Abstract
This document provides the basis for an evaluation of a specific Target of Evaluation (TOE), Junos OS 17.4R1-S1 for SRX1500, SRX4100 and SRX4200. This Security Target (ST) is conformant to the requirements of Collaborative Protection Profile for Network Devices (or NDcPP) v2.0, and those for Firewall [FWcPP], Intrusion Prevention Systems [IPS_EP], and VPN Gateway [VPN_EP].
References
[CC1] Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and general model, CCMB-2012-09-001, Version 3.1 Revision 4, September 2012
[CC2] Common Criteria for Information Technology Security Evaluation, Part 2: Security Functional Components, CCMB-2012-09-002, Version 3.1 Revision 4, September 2012
[CC3] Common Criteria for Information Technology Security Evaluation, Part 3: Security Assurance Components, CCMB-2012-09-003, Version 3.1 Revision 4, September 2012
[CC_Add] CC and CEM Addenda, Exact Conformance, Selection-Based SFRs, Optional SFRs, CCDB- 2017-05-xxx, Version 0.5, May 2017
[FWcPP] collaborative Protection Profile for Stateful Traffic Filter Firewalls, Version 2.0+Errata 20180314, dated 14 March 2018
[FWcPP_SD] Supporting Document, Evaluation Activities for Stateful Traffic Filter Firewall cPP, October 2017, version 2.0
[IPS_EP] collaborative Protection Profile for Network Devices/collaborative Protection Profile for Stateful Traffic Filter Firewalls Extended Package (EP) for Intrusion Prevention Systems (IPS), version 2.11, dated 15 June 2017
[NDcPP] Collaborative Protection Profile for Network Devices, version 2.0+Errata 20180314, dated 14 March 2018
[SD] Supporting Document, Evaluation Activities for Network Device cPP, March 2018, version 2.0+Errata 20180314
[VPN_EP] Network Device Collaborative Protection Profile (NDcPP)/Stateful Traffic Filter Firewall Collaborative Protection Profile (FWcPP) Extended Package VPN Gateway, version 2.1, dated 08 March 2017
Product Guide References
[ECG] Junos OS Common Criteria and FIPS Evaluated Configuration Guide for SRX Series Devices, Release 17.4R1, 22-Jun-18
[IDPGuide] Junos OS Intrusion Detection and Prevention Feature Guide for Security Devices, 22- Jun-18
[VPNGuide] Junos OS VPN Feature Guide for Security Devices, 31-Oct-17 [CLIGuide] Junos OS CLI User Guide, 19-Sep-17 [InsGuide] Junos OS Installation and Upgrade Guide, 30-Oct-17 [FWGuide] Junos OS Routing Policies, Firewall Filters, and Traffic Policers Feature Guide, 22-Aug-17

Table of Contents
1 Introduction .................................................................................................................................... 6
1.1 ST reference ............................................................................................................................ 6
1.2 TOE Reference ......................................................................................................................... 6
1.3 About this document .............................................................................................................. 6
1.4 Document Conventions .......................................................................................................... 6
1.5 TOE Overview .......................................................................................................................... 7
1.6 TOE Description....................................................................................................................... 7
1.6.1 Overview ......................................................................................................................... 7
1.6.2 Physical boundary ........................................................................................................... 8
1.6.3 Logical Boundary ............................................................................................................. 9
1.6.4 Non-TOE hardware/software/firmware ....................................................................... 11
1.6.5 Summary of out scope items ........................................................................................ 11
2 Conformance Claim ....................................................................................................................... 12
2.1 CC Conformance Claim ......................................................................................................... 12
2.2 PP Conformance claim .......................................................................................................... 12
2.3 Technical Decisions ............................................................................................................... 13
3 Security Problem Definition .......................................................................................................... 16
3.1 Threats .................................................................................................................................. 16
3.2 Assumptions .......................................................................................................................... 18
3.3 Organizational Security Policies ............................................................................................ 20
4 Security Objectives ........................................................................................................................ 21
4.1 Security Objectives for the TOE ............................................................................................ 21
4.2 Security Objectives for the Operational Environment .......................................................... 23
4.3 Security Objectives rationale ................................................................................................ 24
5 Security Functional Requirements ................................................................................................ 25
5.1 Security Audit (FAU) .............................................................................................................. 25
5.1.1 Security Audit Data generation (FAU_GEN) .................................................................. 25
5.1.2 Security audit event storage (Extended – FAU_STG_EXT) ............................................ 29
5.2 Cryptographic Support (FCS) ................................................................................................. 30
5.2.1 Cryptographic Key Management (FCS_CKM) ................................................................ 30
5.2.2 Cryptographic Operation (FCS_COP) ............................................................................ 31
5.2.3 Random Bit Generation (Extended – FCS_RBG_EXT).................................................... 32
5.2.4 Cryptographic Protocols (Extended – FCS_ IPSEC_EXT & FCS_SSHS_EXT SSH Protocol32
5.3 Identification and Authentication (FIA) ................................................................................ 34
5.3.1 Authentication Failure Management (FIA_AFL) ........................................................... 34
5.3.2 Password Management (Extended – FIA_PMG_EXT) ................................................... 35

5.3.3 User Identification and Authentication (Extended – FIA_UIA_EXT) ............................. 35
5.3.4 User authentication (FIA_UAU) (Extended – FIA_UAU_EXT) ........................................ 35
5.3.5 Authentication using X.509 certificates (Extended – FIA_X509_EXT)........................... 36
5.4 Security Management (FMT) ................................................................................................ 37
5.4.1 Management of functions in TSF (FMT_MOF) .............................................................. 37
5.4.2 Management of TSF Data (FMT_MTD) ......................................................................... 38
5.4.3 Specification of Management Functions (FMT_SMF) ................................................... 38
5.4.4 Security management roles (FMT_SMR) ...................................................................... 39
5.5 Protection of the TSF (FPT) ................................................................................................... 39
5.5.1 Protection of TSF Data (Extended – FPT_SKP_EXT) ...................................................... 39
5.5.2 Protection of Administrator Passwords (Extended – FPT_APW_EXT) .......................... 40
5.5.3 TSF testing (Extended – FPT_TST_EXT) ......................................................................... 40
5.5.4 Trusted Update (FPT_TUD_EXT) .................................

Security Target Junos OS 17.4R1 for SRX1500, SRX4100 and ... Target Junos OS 17.4R1 for... Each Juniper Networks SRX Services Gateway appliance is a security system that supports a

Text of Security Target Junos OS 17.4R1 for SRX1500, SRX4100 and ... Target Junos OS 17.4R1 for... Each...

Security Target Junos OS 19.4R1 for EX4300-48MP ... Security Target Junos OS 19.4R1 for EX4300-48MP Juniper Networks Version 1.0 Page 2 of 45 Abstract This document provides the basis

Security Target Junos OS 17.4R1 for SRX300, SRX320, ... Jun 22, 2018 · All the SRX Services Gateway appliance models run the same Juniper Networks Junos operating system (Junos

Security Target Junos 15.1X49-D60 for SRX platforms (NDPP ... · PDF file Juniper Networks, Inc. Junos 15.1 X49-D60 for SRX platforms. This Security Target (ST) defines a set of assumptions

Security Target Juniper Networks Junos Pulse SA 7.2R4 EAL3... ST Title Security Target: Juniper Networks Junos Pulse Secure Access Service 7.2 R4 ST Revision 1.4 ST Publication Date

Junos Pulse Mobile Security Suite Launch

Security Target - Common Criteria Security Target Juniper Networks EX4300 Switches Running Junos OS 14.1X53-D30 ... OS provides both management and control functions as well as all

Security - · PDF fileInformation Risk & Security Performance Management solutions Networking, Routers, Switches, Security, Junos Operating System, VPN, Junos Spaces, Junos Pulse

Security Target Junos OS 19.2R1-S2 for SRX5400, SRX5600 and · PDF file 2020. 7. 14. · Each Juniper Networks SRX Services Gateway appliance is a security system that supports a variety

Security Target Juniper Networks JUNOS-FIPS JUNOS 10 4...Security Target: Juniper Networks JUNOS-FIPS 10.4R4 for SRX Series ... Security Target: Juniper Networks JUNOS-FIPS 10.4R4

Security Target for Symantec Enterprise Firewall Version 7 ... 1 Introduction to the Security Target 1.1 Security Target Identification 1 Title: Security Target for Symantec Enterprise

JunOS Jumstart 01 - JunOS Overview

Security Target Juniper Networks JUNOS 9.3 for J Target: Juniper Networks JUNOS 9.3 for J-Series and SRX-Series Platforms Document Version 1.6 © Juniper Networks Page 7 of 58 This

Junos® Space Security Design Restful Web Services API ... · PDF fileJuniperNetworks,Junos,Steel-BeltedRadius,NetScreen,andScreenOSareregisteredtrademarksofJuniperNetworks,Inc.intheUnited

Junos Space Security Director - event. · PDF file Junos Space Security Director Data Sheet 1000332-015-KR Mar 2016 저작권ⓒ2016주니퍼 네트웍스사. 모든 권리 보유

Security Target Junos 12.3 X48-D30 for SRX XLR Platforms · PDF file 2017-02-21 · Juniper Networks, Inc. Junos 12.3 X48-D30 for SRX XLR Platforms. This Security Target (ST) defines

WHAT’S NEW FROM JUNIPER? · PDF file · 2012-12-17IT security seminar “Stallion 071112”, Tallinn Jukka Piirainen Channel Manager . ... Junos® Space Junos® SDK EX Series Junos®

JUNOS Router Security - · PDF fileApplication Note JUNOS Router Security Best Common Practices for Hardening the Infrastructure Pejhan Peymani Systems Engineer Matt Kolon Marketing

The JUNOS Powered Enterprise - Westcon- · PDF fileSRX SERIES SERVICE GATEWAYS 21 ... Slot guide [ or SPCs ] ... Course Description Target Audience URL JSL JUNOS As a Second Language

Junos Security Feature Support Guide

Junos Security Swconfig Security

Security Target Junos OS 19.2R1 for SRX300, SRX320 ... ... Security Target Junos OS 19.2R1 for SRX300, SRX320, SRX340, SRX345, SRX345-DUAL-AC and SRX550M Series Juniper Networks Version

Security Target SOMA801STM Electronic Passport · PDF fileAuthor Marco EVANGELISTA Reference TCLE130008 Keywords Security target, security target lite, common criteria . SOMA801STM

Security Target for Juniper Networks EX3200 and EX4200 ... · PDF file Security Target for Juniper Networks EX3200 and EX4200 Switches running JUNOS 9.3R2 Version 1.0 January 30, 2009

Juniper Networks SRX1500, SRX4100, SRX4200 and ... ... Juniper Networks SRX1500, SRX4100, SRX4200 and SRX4600 Services Gateways Non-Proprietary FIPS 140-2 Cryptographic Module Security

Junos Security Swconfig Initial

Junos Fusion Data Center - Network Security & . · PDF filepresentation. This presentation contains proprietary roadmap ... Network Director 3.1 : Junos Fusion for DC support Holistic

Junos - Associate (JNCIA-Junos)

Advanced Threat Prevention Appliance - Data Networks ... lines, as well as the SRX550M and SRX1500; Junos 18.1 is the minimum supported release for SRX Series integration • Operates

Security Target Juniper Networks JUNOS-FIPS 10.4R4 for SRX JUNOS 10... · PDF file 2012-02-10 · ST Title Security Target: Juniper Networks JUNOS-FIPS 10.4R4 for SRX Series ST Revision

Juniper JNCIA Security · PDF file 2019-08-19 · JunOS Security Overview 1. Junos security architecture 2. Branch vs. high-end platforms 3. Major hardware components of SRX Series