User guide

ManualsBrandsAruba ManualsComputer equipment620

Aruba Networks

Mobility Controller (7240, 7220, 7210, 6000, 3600,

3400, 3200, 650, 620) with ArubaOS 6.3

Security Target

May 2014

Document prepared by

Summary of content (67 pages)

PAGE 1
Aruba Networks Mobility Controller (7240, 7220, 7210, 6000, 3600, 3400, 3200, 650, 620) with ArubaOS 6.
PAGE 2
Aruba Networks Security Target Document History Version Date Author Description 1.0 27 August 2012 L Turner Release for evaluation. 1.1 3 October 2012 L Turner Incorporate SHA-2 for IPSec and code signing. Update ArubaOS version to 6.3. 1.2 6 December 2012 L Turner Address EOR001. 1.3 21 January 2013 L Turner Address EOR001 v2 and update FCS_RBG_EXT.1.1(2) with CTR_DRBG. 1.4 27 January 2013 W Higaki TSS updates to address assurance activities 1.
PAGE 3
Aruba Networks Security Target Table of Contents 1 Introduction ........................................................................................................................... 5 1.1 1.2 1.3 1.4 2 TOE Description .................................................................................................................... 8 2.1 2.2 2.3 2.4 2.5 2.6 3 Conventions .................................................................................................................
PAGE 4
Aruba Networks Security Target Table 14: Summary of SFRs ......................................................................................................... 19 Table 15: Auditable events ............................................................................................................ 21 Table 16: Assurance Requirements .............................................................................................. 31 Table 17: CSPs............................................................
PAGE 5
Aruba Networks Security Target 1 Introduction 1.1 Overview 1 The Aruba Networks Mobility Controller is a network device that serves as a gateway between wired and wireless networks and provides command-and-control over Access Points (APs) within an Aruba dependant wireless network. ArubaOS 6.3 is the underlying operating system of the Mobility Controller, which is available in modular chassis or network appliance models: a) Aruba 7000 and 6000 Series.
PAGE 6
Aruba Networks d) 1.3 Security Target U.S. Government Approved Protection Profile - Security Requirements for Network Devices , v1.1 (herein referred to as NDPP) Terminology Table 2: Terminology Term Definition ACL Access Control List AP Access Point ARM Adaptive Radio Management CC Common Criteria CLI Command Line Interface CSP Critical Security Parameter EAL Evaluation Assurance Level KAT Known Answer Test NDPP U.S.
PAGE 7
Aruba Networks Security Target [CLI] ArubaOS 6.3.x Command Line Interface, Ref 0511500-00 [SYSLOG] ArubaOS 6.3.x Syslog Messages Guide, Ref 0511324-01 [MIB] ArubaOS 6.
PAGE 8
Aruba Networks Security Target 2 TOE Description 2.1 Type 7 The TOE is a network device. 8 In the CC evaluated configuration, the TOE must be configured to operate in the FIPS 140-2 Approved mode of operation. In FIPS-Approved mode, weak protocols and algorithms are disabled. Please reference the appropriate FIPS 140-2 Security Policy documents for each controller and access point for more details at http://csrc.nist.gov/groups/STM/cmvp/index.html. 2.
PAGE 9
Aruba Networks Security Target f) Provides a web-based (HTTPS/TLS) management UI for the mobility controller g) Provides various WLAN station and AP management functions h) Provides authentication services for the system management interfaces (CLI, web GUI) as well as for WLAN users i) Provides IPsec key management services for APs and connections with other Aruba mobility controllers (Note: IPsec for APs, VPN users and other mobility controllers is not within the scope of evaluation) j) Provides
PAGE 10
Aruba Networks Security Target wireless access point between the controller and the AP. deployment is depicted in Figure 1. A simple TOE Figure 1: TOE usage scenario 17 There are many combinations of deployment scenarios, ranging from branch office environments in which the mobility controller and access point are combined (Aruba 600 Series) to campus deployments with multiple redundant mobility controllers.
PAGE 11
Aruba Networks Security Target b) Verifiable updates. Updates are digitally signed and verified upon installation utilizing digital signatures. c) System monitoring. The TOE maintains an audit log of administrative and security relevant events. Logs can optionally be delivered to a Syslog server. d) Secure administration. The TOE provides administration interfaces for configuration and monitoring. The TOE authenticates administrators and implements session timeouts.
PAGE 12
Aruba Networks Model 620 22 Security Target Max # APs Max # users 8 256 Firewall throughput 800 Mbps The differences in the models include the number of ports, interfaces, throughput and processing speed, memory and storage. Figure 2, Figure 3, Figure 4 and Figure 5 show the physical appearance of the TOE models.
PAGE 13
Aruba Networks Security Target 2.5.1 Guidance Documents 23 The TOE includes the following guidance documents: a) ArubaOS 6.3 Quick Start Guide, Ref 0511320-01 b) ArubaOS 6.3.x User Guide, Ref 0511497-00 c) ArubaOS 6.3.x Syslog Messages, Ref 0511324-01 d) ArubaOS 6.3.x Command Line Interface, Ref 0511500-00 e) ArubaOS 6.3.1.5 Release Notes, Ref 0511467-05 f) Aruba 600/3000/6000/7200 FIPS 140-2 Security Policy 2.5.
PAGE 14
Aruba Networks Security Target 3 Security Problem Definition 3.1 Threats 26 Table 1 and Table 2 identify the threats addressed by the TOE. Table 4: Threats drawn from NDPP Identifier Description T.ADMIN_ERROR An administrator may unintentionally install or configure the TOE incorrectly, resulting in ineffective security mechanisms. T.TSF_FAILURE Security mechanisms of the TOE may fail, leading to a compromise of the TSF. T.
PAGE 15
Aruba Networks Security Target Table 6: Assumptions drawn from NDPP Identifier Description A.NO_GENERAL_PURPOSE It is assumed that there are no general-purpose computing capabilities (e.g., compilers or user applications) available on the TOE, other than those services necessary for the operation, administration and support of the TOE. A.PHYSICAL Physical security, commensurate with the value of the TOE and the data it contains, is assumed to be provided by the environment. A.
PAGE 16
Aruba Networks Security Target 4 Security Objectives 4.1 Objectives for the Operational Environment 29 Table 7 identifies the objectives for the operational environment. Table 7: Operational environment objectives drawn from NDPP Identifier Description OE.NO_GENERAL_PURPOSE There are no general-purpose computing capabilities (e.g., compilers or user applications) available on the TOE, other than those services necessary for the operation, administration and support of the TOE. OE.
PAGE 17
Aruba Networks Security Target Identifier Description O.SESSION_LOCK The TOE shall provide mechanisms that mitigate the risk of unattended sessions being hijacked. O.TSF_SELF_TEST The TOE will provide the capability to test some subset of its security functionality to ensure it is operating properly.
PAGE 18
Aruba Networks Security Target 5 Security Requirements 5.1 Conventions 31 This document uses the following font conventions to identify the operations defined by the CC: a) Assignment. Indicated with italicized text. b) Refinement. Indicated with bold text and strikethroughs. c) Selection. Indicated with underlined text. d) Assignment within a Selection: Indicated with italicized and underlined text. e) Iteration. Indicated by appending the iteration number in parenthesis, e.g.
PAGE 19
Aruba Networks Security Target Component Title Source FTA_SSL_EXT.1 TSF-initiated Session Locking NDPP FCS_IPSEC_EXT.1 Explicit: IPSEC NDPP FCS_TLS_EXT.1 Explicit: TLS NDPP FCS_SSH_EXT.1 Explicit: SSH NDPP 5.3 Functional Requirements Table 10: Summary of SFRs Requirement Title FAU_GEN.1 Audit Data Generation FAU_GEN.2 User Identity Association FAU_STG_EXT.1 External Audit Trail Storage FCS_CKM.1(1) Cryptographic Key Generation (for asymmetric keys – HTTPS/TLS) FCS_CKM.
PAGE 20
Aruba Networks Security Target Requirement Title FIA_PMG_EXT.1 Password Management FIA_UIA_EXT.1 User Identification and Authentication FIA_UAU_EXT.2 Extended: Password-based Authentication Mechanism FIA_UAU.7 Protected Authentication Feedback FMT_MTD.1 Management of TSF Data (for general TSF data) FMT_SMF.1 Specification of Management Functions FMT_SMR.2 Restrictions on Security Roles FPT_SKP_EXT.1 Extended: Protection of TSF Data (for reading of all symmetric keys) FPT_APW_EXT.
PAGE 21
Aruba Networks FAU_GEN.1.2 Security Target The TSF shall record within each audit record at least the following information: a) Date and time of the event, type of event, subject identity, and the outcome (success or failure) of the event; and b) For each audit event type, based on the auditable event definitions of the functional components included in the PP/ST, information specified in column three of Table 11.
PAGE 22
Aruba Networks Security Target Requirement Auditable Events Additional Audit Record Contents Guidance Notes FCS_TLS_EXT.1 Failure to establish a TLS Session. Reason for failure. TLS is only used in the context of HTTPS. Audit messages for TLS will be the same as FCS_HTTPS_EXT.1. Establishment/Termination of a TLS session. Non-TOE endpoint of connection (IP address) for both successes and failures. TLS is only used in the context of HTTPS. Audit messages for TLS will be the same as FCS_HTTPS_EXT.
PAGE 23
Aruba Networks Security Target FCS_CKM.1(2) Cryptographic Key Generation (for asymmetric keys – IPSec) FCS_CKM.1.
PAGE 24
Aruba Networks Security Target FCS_COP.1(1) Cryptographic Operation (for data encryption/decryption) FCS_COP.1.1(1) Refinement: The TSF shall perform encryption and decryption in accordance with a specified cryptographic algorithm AES operating in AES-CBC, AES-CCM, AES-GCM and cryptographic key sizes 128-bits, 256-bits, and 192 bits that meet the following:  FIPS PUB 197, “Advanced Encryption Standard (AES)”  NIST SP 800-38A, NIST SP 800-38C, NIST SP 800-38D FCS_COP.
PAGE 25
Aruba Networks Security Target  Application Note: The TSF shall implement “NIST curves” P-256, P-384 and no other curves (as defined in FIPS PUB 186-3, “Digital Signature Standard”). This component is iterated as instructed by the application notes of the NDPP. FCS_RBG_EXT.1(1) Extended: Cryptographic Operation (Random Bit Generation – SSH/TLS) FCS_RBG_EXT.1.1(1) The TSF shall perform all random bit generation (RBG) services in accordance with FIPS Pub 140-2 Annex C: X9.31 Appendix 2.
PAGE 26
Aruba Networks Security Target TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_ SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_ SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_ SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 FCS_IPSEC_EXT.1 Explicit: IPSEC FCS_IPSEC_EXT.1.
PAGE 27
Aruba Networks Security Target FCS_SSH_EXT.1.2 The TSF shall ensure that the SSH protocol implementation supports the following authentication methods as described in RFC 4252: public keybased, password-based. FCS_SSH_EXT.1.3 The TSF shall ensure that, as described in RFC 4253, packets greater than 32,768 bytes in an SSH transport connection are dropped. FCS_SSH_EXT.1.
PAGE 28
Aruba Networks Security Target FIA_UIA_EXT.1.2 The TSF shall require each administrative user to be successfully identified and authenticated before allowing any other TSF-mediated actions on behalf of that administrative user. FIA_UAU_EXT.2 Extended: Password-based Authentication Mechanism FIA_UAU_EXT.2.1 The TSF shall provide a local password-based authentication mechanism, Radius username/password authentication and Public Key authentication] to perform administrative user authentication.
PAGE 29
Aruba Networks Security Target  Authorized Administrator role shall be able to administer the TOE remotely; are satisfied. 5.3.7 Protection of the TSF (FPT) FPT_SKP_EXT.1 Extended: Protection of TSF Data (for reading of all symmetric keys) FPT_SKP_EXT.1.1 The TSF shall prevent reading of all pre-shared keys, symmetric keys, and private keys.
PAGE 30
Aruba Networks FPT_TST_EXT.1.1 5.3.8 Security Target The TSF shall run a suite of self-tests during initial start-up (on power on) to demonstrate the correct operation of the TSF. TOE Access (FTA) FTA_SSL_EXT.1 TSF-initiated Session Locking FTA_SSL_EXT.1.1 The TSF shall, for local interactive sessions:  terminate the session after a Security Administrator-specified time period of inactivity. FTA_SSL.3 TSF-initiated Termination FTA_SSL.3.
PAGE 31
Aruba Networks Security Target logically distinct from other communication paths and provides assured identification of its end points and protection of the communicated data from disclosure and detection of modification of the communicated data. FTP_TRP.1.2 Refinement: The TSF shall permit remote administrators to initiate communication via the trusted path. FTP_TRP.1.3 The TSF shall require the use of the trusted path for initial administrator authentication and all remote administration actions. 5.
PAGE 32
Aruba Networks Security Target 6 TOE Summary Specification 6.1 Security Functions 6.1.1 Protected Communications Related SFRs: FCS_CKM.1(1), FCS_CKM.1(2), FCS_CKM.1(3), FCS_CKM_EXT.4, FCS_COP.1(1), FCS_COP.1(2), FCS_COP.1(3), FCS_COP.1(4), FCS_RBG_EXT.1(1), FCS_RBG_EXT.1(2), FPT_SKP_EXT.1, FTP_ITC.1, FTP_TRP.1, FCS_IPSEC_EXT.1, FCS_SSH_EXT.1, FCS_TLS_EXT.1, FCS_HTTPS_EXT.1 37 The TOE protects the following communication flows: a) WebUI.
PAGE 33
Aruba Networks Security Target 42 The TOE may be configured to support username/password authentication, client certificate authentication or both. 43 Refer to [USER] Chapter 35 – Management Access. “Configuring Certificate Authentication for WebUI Access” for more information. 6.1.1.2 IPSec Related SFRs: FCS_CKM.1(2), FCS_CKM_EXT.4, FCS_COP.1(1), FCS_COP.1(2), FCS_COP.1(3), FCS_COP.1(4), FCS_COP.1(5), FCS_RBG_EXT.1(2), FPT_SKP_EXT.1, FTP_ITC.1, FCS_IPSEC_EXT.
PAGE 34
Aruba Networks Security Target requires RSA key sizes of 2048 bits or greater. The TOE supports an RSA key size of 1024 bits in addition to 2048 bits. The administrator must not load an RSA X.509 certificate with a key size smaller than 2048 bits when operating in the Common Criteria evaluated configuration. 6.1.1.3 j) Pre-shared keys are manually entered during IKE policy configuration.
PAGE 35
Aruba Networks Security Target 49 A SHA-256 hash of each update image is digitally signed using Aruba’s code signing certificate (RSA 2048 bit). When an update is initiated, the TOE verifies the digital signature with a stored certificate (stored in Boot ROM). 50 Upon successful verification, the TOE boots using the new image. Should verification fail, the TOE will enter into an error state.
PAGE 36
Aruba Networks Security Target when the configuration of the TOE has been erased using the “write erase” command. While in this default state, no TOE services are available and the TOE does not forward traffic through network interfaces. During the initial configuration dialog, an administrative username and password is established. Once initial configuration has been completed, the TOE reboots into a secure state. 57 The TOE provides two interfaces for administration: WebUI and CLI.
PAGE 37
Aruba Networks Security Target 64 The memory buffers used in packet processing are sanitized subsequent to each packet being processed. Buffers are made logically unavailable by overwriting the buffer headers with zeroes. 6.1.6 Self Test Related SFRs: FPT_TST_EXT.1 65 66 The TOE performs both power-up and conditional self-tests to verify correct and secure operation. In the event that any self-test fails, the TOE will enter an error state, log the error, and reboot automatically.
PAGE 38
Aruba Networks Security Target v) 67 HMAC (HMAC-SHA1, HMAC-SHA256, HMAC-SHA384 and HMACSHA512) KAT The following Conditional Self-tests are performed by the TOE: a) Continuous Random Number Generator Test. This test is run upon generation of random data by the switch’s random number generators to detect failure to a constant value.
PAGE 39
Aruba Networks Security Target #469, #466. SHS #2250, #2249, #2246. RNG #1250. DRBG #433. HMAC #1666, #1663. KBKDF #16. Component Validation #251, #232, #152, #150. The CAVP list for each algorithm can be found at http://csrc.nist.gov/groups/STM/cavp/validation.html. 6.2.1 Standards Conformance – Key Generation / Establishment 6.2.1.1 RSA 72 The TOE utilizes RSA for key establishment within HTTPS/TLS and IPSec.
PAGE 40
Aruba Networks Security Target Storage and Zeroization # Name CSPs type Generation Use 1 Key Encryption Key (KEK) Triple-DES 168-bit key Hardcoded during manufacturing Stored in Flash. Zeroized by using command ‘wipe out flash’ Encrypts IKEv1/IKEv2 Pre-shared key, RADIUS server shared secret, RSA private key, ECDSA private key, 802.11i pre-shared key and Passwords. 2 DRBG entropy input SP800-90a DRBG (512 bits) Derived using NONFIPS approved HW RNG Stored in plaintext in volatile memory.
PAGE 41
Aruba Networks Security Target 8 Diffie-Hellman private key Diffie-Hellman private key (224 bits) Generated internally during Diffie-Hellman Exchange Stored in the volatile memory. Zeroized after the session is closed. Used in establishing the session key for an IPSec session 9 Diffie-Hellman public key Diffie-Hellman public key (2048 bits) Note: Key size of DH Group 1 (768 bits) and DH Group 2 (1024 bits) are not allowed in FIPS mode.
PAGE 42
Aruba Networks Security Target 16 User Passwords 8-64 character password CO configured Stored encrypted in Flash with KEK. Zeroized by either deleting the password configuration file or by overwriting the password with a new one. Authentication for accessing the management interfaces, RADIUS authentication 17 IKEv1/IKEv2 Preshared key 64 character preshared key CO configured Stored encrypted in Flash with the KEK. Zeroized by changing (updating) the preshared key through the User interface.
PAGE 43
Aruba Networks Security Target 24 SSHv2 session keys AES (128/196/256 bits) Established during the SSHv2 key exchange Stored in plaintext in volatile memory. Zeroized when the session is closed. Secure SSHv2 traffic 25 SSHv2 session authentication key HMAC-SHA-1 (160-bit) Established during the SSHv2 key exchange Stored in plaintext in volatile memory. Zeroized when the session is closed.
PAGE 44
Aruba Networks 32 ECDSA Public Key Security Target ECDSA suite B P-256 and P-384 curves 6.2.3 Roles and Services 6.2.3.1 Crypto Officer Role Generated in the module Stored in flash memory encrypted with KEK. Zeroized by the CO command write erase all. Used by TLS and EAP-TLS/PEAP protocols during the handshake. The Crypto Officer role has the ability to configure, manage, and monitor all processes and functions within the TOE.
PAGE 45
Aruba Networks Security Target Table 14 - Crypto-Officer Services IKEv1/IKEv2IPSec Provide authenticated and encrypted remote management sessions to access the CLI functionality IKEv1/IKEv2 inputs and IKEv1/IKEv2 data; IPSec inputs, outputs, status, and commands, and data data; IPSec outputs, status, and data 29, 30, 31, 32 (read) 8, 9, 10, 11, 12, 13 (read/write) 17 (read) 18, 19, 20, 21, 22, 23 (read/write) Configuring Module Platform Define the platform subsystem firmware of the module by entering
PAGE 46
Aruba Networks Security Target Table 14 - Crypto-Officer Services HTTPS over TLS Secure browser connection over Transport Layer Security acting as a Crypto Officer service (web management interface) TLS inputs, commands, TLS outputs, and data status, and data 29, 30, 31, 32 (read) 26, 27, 28 (read/write) Status Function Cryptographic officer may use CLI "show" commands or view WebUI via TLS to view the controller configuration, routing tables, and active sessions; view health, temperature, memory sta
PAGE 47
Aruba Networks Security Target Table 14 - Crypto-Officer Services data, self signed certificates Zeroization Zeroizes all flash memory Command Progress information All CSPs will be destroyed.
PAGE 48
Aruba Networks Security Target 7 Rationale 7.1 Conformance Claim Rationale 82 The following rationale is presented with regard to the PP conformance claims: a) TOE type. As identified in section 2.1, the TOE is a network device, consistent with the TOE type identified by the NDPP. b) Security problem definition. As shown in section 3, the threats, OSPs and assumptions are identical to those of the NDPP. c) Security objectives.
PAGE 49
Aruba Networks Security Target X X FCS_CKM_EXT.4 X FCS_COP.1(1) X FCS_COP.1(2) X FCS_COP.1(3) X FCS_COP.1(4) X FCS_RBG_EXT.1(1) X FCS_RBG_EXT.1(2) X FCS_HTTPS_EXT.1 X FCS_TLS_EXT.1 X FCS_IPSEC_EXT.1 X FCS_SSH_EXT.1 X FDP_RIP.2 X FIA_PMG_EXT.1 X FIA_UIA_EXT.1 X FIA_UAU_EXT.2 X FIA_UAU.7 X FMT_MTD.1 X FMT_SMF.1 X FMT_SMR.2 X FPT_SKP_EXT.1 Self Test FCS_CKM.
PAGE 50
Aruba Networks Self Test Residual Information Clearing FPT_APW_EXT.1 Secure Administration System Monitoring Verifiable Updates Protected Communications SFR Security Target X FPT_STM.1 X FPT_TUD_EXT.1 X X FPT_TST_EXT.1 X FTA_SSL_EXT.1 X FTA_SSL.3 X FTA_SSL.4 X FTA_TAB.1 X FTP_ITC.1 X FTP_TRP.
PAGE 51
Aruba Networks Security Target Annex A: NDPP Assurance Activities 87 The NDPP contains assurance activities that are to be performed in meeting the requirements of the NDPP. As these are spread throughout the NDPP document, the table below provides a consolidated reference. # NDPP Source Requirement Assurance Family 1. FAU_GEN. 1 The evaluator shall check the administrative guide and ensure that it lists all of the auditable events and provides a format for audit records.
PAGE 52
Aruba Networks # NDPP Source Security Target Requirement Assurance Family how these records are protected against unauthorized access. The evaluator shall also examine the operational guidance to determine that it describes the relationship between the local audit data and the audit data that are sent to the audit log server (for TOEs that are not acting as an audit log server).
PAGE 53
Aruba Networks # Security Target NDPP Source Requirement Assurance Family 1 Digital Signature Algorithm Validation System (DSA2VS)", "The FIPS 186-3 Elliptic Curve Digital Signature Algorithm Validation System (ECDSA2VS)", and "The RSA Validation System (RSA2VS)" as a guide in testing the requirement above, depending on the selection performed by the ST author.
PAGE 54
Aruba Networks # NDPP Source Security Target Requirement Assurance Family (ECDSAVS or ECDSA2VS), and "The RSA Validation System” (RSAVS) as a guide in testing the requirement above. The Validation System used shall comply with the conformance standard identified in the ST (i.e., FIPS PUB 186-2 or FIPS PUB 186-3). This will require that the evaluator have a reference implementation of the algorithms known to be good that can produce test vectors that are verifiable during the test. 11. FCS_COP.
PAGE 55
Aruba Networks # NDPP Source Security Target Requirement Assurance Family values for each trial. The first is a count (0 – 14). The next three are entropy input, nonce, and personalization string for the instantiate operation. The next two are additional input and entropy input for the first call to generate. The final two are additional input and entropy input for the second call to generate. These values are randomly generated.
PAGE 56
Aruba Networks # NDPP Source Security Target Requirement Assurance Family as part of the establishment of a higher-level protocol, e.g., as part of a HTTPS session. It is sufficient to observe (on the wire) the successful negotiation of a ciphersuite to satisfy the intent of the test; it is not necessary to examine the characteristics of the encrypted traffic in an attempt to discern the ciphersuite being used (for example, that the cryptographic algorithm is 128-bit AES and not 256-bit AES). 16.
PAGE 57
Aruba Networks # NDPP Source Security Target Requirement Assurance Family and attempted to be maintained while more data than is specified in the above assignment flows over the connection. The evaluator shall observe that this SA is closed or renegotiated before the amount of data specified is exceeded.
PAGE 58
Aruba Networks # NDPP Source Security Target Requirement Assurance Family this key to successfully establish an IPsec connection. While the evaluator is not required to test that all of the special characters or lengths listed in the requirement are supported, it is required that they justify the subset of those characters chosen for testing, if a subset is indeed used. 23. FCS_SSH_ EXT.1.
PAGE 59
Aruba Networks # NDPP Source 28. FCS_SSH_ EXT.1.7 Security Target Requirement Assurance Family The evaluator shall ensure that operational guidance contains configuration information that will allow the security administrator to configure the TOE so that all key exchanges for SSH are performed using DH group 14. If this capability is “hard-coded” into the TOE, the evaluator shall check the TSS to ensure that this is stated in the discussion of the SSH protocol.
PAGE 60
Aruba Networks # NDPP Source Security Target Requirement Assurance Family Test 1: The evaluator shall use the operational guidance to configure the appropriate credential supported for the login method. For that credential/login method, the evaluator shall show that providing correct I&A information results in the ability to access the system, while providing incorrect information results in denial of access.
PAGE 61
Aruba Networks # NDPP Source Security Target Requirement Assurance Family team’s test activities. 37. FPT_SKP_ EXT.1 The evaluator shall examine the TSS to determine that it details how any preshared keys, symmetric keys, and private keys are stored and that they are unable to be viewed through an interface designed specifically for that purpose, as outlined in the application note. If these values are not stored in plaintext, the TSS shall describe how they are protected/obscured. ASE_TSS 38.
PAGE 62
Aruba Networks # NDPP Source Security Target Requirement Assurance Family activity again to verify the version correctly corresponds to that of the update. Test 2: The evaluator performs the version verification activity to determine the current version of the product. The evaluator obtains or produces an illegitimate update, and attempts to install it on the TOE. The evaluator verifies that the TOE rejects the update. 41. FPT_TST_ EXT.
PAGE 63
Aruba Networks # NDPP Source Security Target Requirement Assurance Family instance. 46. FTP_ ITC.1 The evaluator shall examine the TSS to determine that, for all communications with authorized IT entities identified in the requirement, each communications mechanism is identified in terms of the allowed protocols for that IT entity. The evaluator shall also confirm that all protocols listed in the TSS are specified and included in the requirements in the ST.
PAGE 64
Aruba Networks # NDPP Source Security Target Requirement Assurance Family modification of the channel data is detected by the TOE. Further assurance activities are associated with the specific protocols. 48. FPT_ITT.1 The evaluator shall examine the TSS to determine that the methods and protocols used to protect distributed TOE components are described.
PAGE 65
Aruba Networks # NDPP Source Security Target Requirement Assurance Family user role the process runs as or under. 52. AGD_OPE. 1 The operational guidance shall contain instructions for configuring the cryptographic engine associated with the evaluated configuration of the TOE. It shall provide a warning to the administrator that use of other cryptographic engines was not evaluated nor tested during the CC evaluation of the TOE. AGD_OPE 53. AGD_OPE.
PAGE 66
Aruba Networks # NDPP Source Security Target Requirement Assurance Family tool will not adversely affect the performance of the functionality by the TOE and its platform. This also includes the configuration of the cryptographic engine to be used. The cryptographic algorithms implemented by this engine are those specified by this PP and used by the cryptographic protocols being evaluated (IPsec, TLS/HTTPS, SSH). 59. ATE_IND.
PAGE 67
Aruba Networks Security Target ----- End of Document ----- Page 67 of 67