Brocade Communications Systems, Inc. Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1 May 13, 2014 Prepared for: Brocade Communications Systems, Inc.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target 1. Version 1.1, May 13, 2014 SECURITY TARGET INTRODUCTION ........................................................................................................3 1.1 SECURITY TARGET REFERENCE ......................................................................................................................4 1.2 TOE REFERENCE ..................................................................................................
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 1. Security Target Introduction This section identifies the Security Target (ST) and Target of Evaluation (TOE) identification, ST conventions, ST conformance claims, and the ST organization. The TOE is the Brocade Communications Systems, Inc. Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 External IT entity Any IT product or system, untrusted or trusted, outside of the TOE that interacts with the TOE. Role A predefined set of rules establishing the allowed interactions between a user and the TOE. Identity A representation (e.g., a string) uniquely identifying an authorized user, which can either be the full or abbreviated name of that user or a pseudonym.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 controls the switching and routing network frames and packets among the connections available on the hardware appliances. All TOE appliances are configured at the factory with default parameters to allow immediate use of the system’s basic features through its Command Line Interface (CLI).
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 provided (either 8 or 16), while the FCX series models possess either 24 or 48 10/100/1000 Mbps RJ-45 ports and the presence of the “S” in the model number indicates that the model possesses two 16GbE stacking ports, the presence of the “-F” indicates the model has 100/1000 Mbps SFP ports instead of RJ-45 ports, and finally, HPOE designates that the model’s RJ-45 ports are PoE+ ports.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Security management Protection of the TSF TOE access Trusted path/channels Version 1.1, May 13, 2014 Note that use of the following features is limited in the evaluated TOE: 1. The use of SNMP has not been subject to evaluation. Note that SNMP can be used only to monitor and not modify any security related configuration settings. 2.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 1.4.1.2.5 Security management The TOE provides Command Line Interface (CLI) commands to access the wide range of security management functions to manage its security policies. All administrative activity and functions including security management commands are limited to authorized users (i.e.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 2. Conformance Claims This TOE is conformant to the following CC specifications: Common Criteria for Information Technology Security Evaluation Part 2: Security functional components, Version 3.1, Revision 4, September 2012. Part 2 Extended Common Criteria for Information Technology Security Evaluation Part 3: Security assurance components, Version 3.1 Revision 4, September 2102.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 3. Security Objectives The Security Problem Definition may be found in the Protection Profile for Network Devices, version 1.1, 8 June 2012 (NDPP) with Errata #1, Version 1.0, 10 June 2013, and this section reproduces only the corresponding Security Objectives for convenience.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 OE.PHYSICAL Physical security, commensurate with the value of the TOE and the data it contains, is provided by the environment. OE.TRUSTED_ADMIN TOE Administrators are trusted to follow and apply all administrator guidance in a trusted manner.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 4. Extended Components Definition All of the extended requirements in this ST have been drawn from the NDPP. The NDPP defines the following extended SFRs and since they are not redefined in this ST the NDPP should be consulted for more information in regard to those CC extensions. FAU_STG_EXT.1: External Audit Trail Storage FCS_CKM_EXT.4: Cryptographic Key Zeroization FCS_RBG_EXT.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 5. Security Requirements This section defines the Security Functional Requirements (SFRs) and Security Assurance Requirements (SARs) that serve to represent the security functional claims for the Target of Evaluation (TOE) and to scope the evaluation effort. The SFRs have all been drawn from the Protection Profile (PP): Protection Profile for Network Devices, version 1.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 FTA_SSL.4: User-initiated Termination FTA_SSL_EXT.1: TSF-initiated Session Locking FTA_TAB.1: Default TOE Access Banners FTP_ITC.1: Trusted Channel FTP_TRP.1: Trusted Path FTP: Trusted path/channels Table 1 TOE Security Functional Components 5.1.1 Security Audit (FAU) 5.1.1.1 Audit Data Generation (FAU_GEN.1) FAU_GEN.1.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 FAU_GEN.1.2 The TSF shall record within each audit record at least the following information: a) Date and time of the event, type of event, subject identity, and the outcome (success or failure) of the event; and b) For each audit event type, based on the auditable event definitions of the functional components included in the PP/ST, information specified in column three of Table 2 Auditable Events.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Requirement FTP_TRP.1 Auditable Events Initiation of the trusted channel. Termination of the trusted channel. Failures of the trusted path functions. Version 1.1, May 13, 2014 Additional Audit Record Contents Identification of the claimed user identity. Table 2 Auditable Events 5.1.1.2 User Identity Association (FAU_GEN.2) FAU_GEN.2.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 5.1.2 Cryptographic Support (FCS) 5.1.2.1 Cryptographic Key Generation (for asymmetric keys) (FCS_CKM.1) FCS_CKM.1.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 5.1.2.3 Cryptographic Operation (for data encryption/decryption) (FCS_COP.1(1)) FCS_COP.1(1).
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 Refinement: The TSF shall perform keyed-hash message authentication in accordance with a specified cryptographic algorithm HMAC-[SHA-1 key size [equal to the input block size], and message digest sizes [160] bits that meet the following: FIPS Pub 198-1, 'The Keyed-Hash Message Authentication Code', and FIPS Pub 180-3, 'Secure Hash Standard.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 There should be a technical argument for where the unpredictability in the source comes from and why there is confidence in the entropy source exhibiting probabilistic behavior (an explanation of the probability distribution and justification for that distribution given the particular source is one way to describe this).
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 The evaluator shall perform 15 trials for the RBG implementation. If the RBG is configurable, the evaluator shall perform 15 trials for each configuration. The evaluator shall also confirm that the operational guidance contains appropriate instructions for configuring the RBG functionality.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 supports the use of that public key algorithm to authenticate a user connection. Any configuration activities required to support this test shall be performed according to instructions in the operational guidance.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 Test 1: The evaluator shall establish a SSH connection using each of the integrity algorithms specified by the requirement. It is sufficient to observe (on the wire) the successful negotiation of the algorithm to satisfy the intent of the test. FCS_SSH_EXT.1.7 The TSF shall ensure that diffie-hellman-group14-sha1 is the only allowed key exchange method used for the SSH protocol.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 5.1.3 User Data Protection (FDP) 5.1.3.1 Full Residual Information Protection (FDP_RIP.2) FDP_RIP.2.1 The TSF shall ensure that any previous information content of a resource is made unavailable upon the [allocation of the resource to] all objects.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 Test 1: The evaluator shall locally authenticate to the TOE. While making this attempt, the evaluator shall verify that at most obscured feedback is provided while entering the authentication information. 5.1.4.3 Extended: Password-based Authentication Mechanism (FIA_UAU_EXT.2) FIA_UAU_EXT.2.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 5.1.5 Security management (FMT) 5.1.5.1 Management of TSF Data (for general TSF data) (FMT_MTD.1) FMT_MTD.1.1 The TSF shall restrict the ability to manage the TSF data to the Security Administrators.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 however, that each supported method of administering the TOE that conforms to the requirements of the NDPP be tested; for instance, if the TOE can be administered through a local hardware interface; SSH; and TLS/HTTPS; then all three methods of administration must be exercised during the evaluation team’s test activities. 5.1.6 Protection of the TSF (FPT) 5.1.6.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 Test2: [conditional] If the TOE supports the use of an NTP server; the evaluator shall use the operational guidance to configure the NTP client on the TOE, and set up a communication path with the NTP server. The evaluator will observe that the NTP server has set the time to what is expected.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 performs the version verification activity again to verify the version correctly corresponds to that of the update. Test 2: The evaluator performs the version verification activity to determine the current version of the product. The evaluator obtains or produces an illegitimate update, and attempts to install it on the TOE. The evaluator verifies that the TOE rejects the update. 5.1.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 time period. If locking was selected from the component, the evaluator then ensures that re-authentication is needed when trying to unlock the session. 5.1.7.4 Default TOE Access Banners (FTA_TAB.1) FTA_TAB.1.1 Refinement: Before establishing an administrative user session the TSF shall display a Security Administrator-specified advisory notice and consent warning message regarding use of the TOE.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 Test 3: The evaluator shall ensure, for each communication channel with an authorized IT entity, the channel data are not sent in plaintext. Test 4: The evaluators shall, for each protocol associated with each authorized IT entity tested during test 1, the connection is physically interrupted.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Requirement Class ADV: Development AGD: Guidance documents ALC: Life-cycle support ATE: Tests AVA: Vulnerability assessment Version 1.1, May 13, 2014 Requirement Component ADV_FSP.1: Basic functional specification AGD_OPE.1: Operational user guidance AGD_PRE.1: Preparative procedures ALC_CMC.1: Labelling of the TOE ALC_CMS.1: TOE CM coverage ATE_IND.1: Independent testing - conformance AVA_VAN.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 AGD_OPE.1.1c The operational user guidance shall describe, for each user role, the user-accessible functions and privileges that should be controlled in a secure processing environment, including appropriate warnings. AGD_OPE.1.2c The operational user guidance shall describe, for each user role, how to use the available interfaces provided by the TOE in a secure manner. AGD_OPE.1.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 FCS_COP.1(2) mechanism to ensure that a signed update has been received from the certificate owner. This may be supplied with the product initially, or may be obtained by some other means. 2. Instructions for obtaining the update itself. This should include instructions for making the update accessible to the TOE (e.g., placement in a specific directory). 3.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 advertising the TOE, the evaluator shall examine the information on the web site to ensure that the information in the ST is sufficient to distinguish the product. 5.2.3.2 TOE CM coverage (ALC_CMS.1) ALC_CMS.1.1d The developer shall provide a configuration list for the TOE. ALC_CMS.1.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 evaluator is expected to follow the AGD documentation for installation and setup of each platform either as part of a test or as a standard pre-test condition. This may include special test drivers or tools. For each driver or tool, an argument (not just an assertion) should be provided that the driver or tool will not adversely affect the performance of the functionality by the TOE and its platform.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target ST Requirement FAU_GEN.1 FAU_GEN.2 FAU_STG_EXT.1 FCS_CKM.1 FCS_CKM_EXT.4 FCS_COP.1(1) FCS_COP.1(2) FCS_COP.1(3) FCS_COP.1(4) FCS_IPSEC_EXT.1 FCS_RBG_EXT.1 FCS_SSH_EXT.1 FCS_TLS_EXT.1 FDP_RIP.2 FIA_PMG_EXT.1 FIA_UAU.7 FIA_UAU_EXT.2 FIA_UIA_EXT.1 FMT_MTD.1 FMT_SMF.1 FMT_SMR.2 FPT_APW_EXT.1 FPT_SKP_EXT.1 FPT_STM.1 FPT_TST_EXT.1 FPT_TUD_EXT.1 FTA_SSL.3 FTA_SSL.4 FTA_SSL_EXT.1 FTA_TAB.1 FTP_ITC.1 FTP_TRP.1 ADV_FSP.1 AGD_OPE.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 6. TOE Summary Specification This chapter describes the security functions: Security audit Cryptographic support User data protection Identification and authentication Security management Protection of the TSF TOE access Trusted path/channels 6.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 6.2 Cryptographic support The TOE includes a FIPS 140 certified crypto module providing supporting cryptographic functions. The evaluated configuration requires that the TOE be configured in Common Criteria mode to ensure FIPS certified functions are used. The following functions have been FIPS certified in accordance with the identified standards.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target NIST SP800-56B Section Reference 6.6 7.1.2 7.2.1.3 7.2.1.3 7.2.2.3 7.2.2.3 7.2.2.3 7.2.2.3 7.2.2.3 7.2.2.3 7.2.3.3 7.2.3.3 7.2.3.3 7.2.3.3 7.2.3.3 7.2.3.3 8 8.3.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 The TOE stores all persistent secret and private keys in FLASH and store all ephemeral keys in RAM (as indicated in the above table). Additionally, the TOE is designed to zeroize secret and private keys when they are no longer required by the TOE as detailed below. The TOE’s zeroization has been subjected to FIPS 140 validation.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 FCS_CKM.1: See Table 6 NIST SP800-56B Conformance above. FCS_CKM_EXT.4: Keys are zeroized when they are no longer needed by the TOE. FCS_COP.1(1): See Table 5 Cryptographic Functionsabove. FCS_COP.1(2): See Table 5 Cryptographic Functionsabove. FCS_COP.1(3): See Table 5 Cryptographic Functionsabove. FCS_COP.1(4): See Table 5 Cryptographic Functionsabove. FCS_RBG_EXT.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 The user roles offered by the TOE are categorized differently when described in FIPS documentation.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 Note that the TOE does not offer a Web Management Interface when configured for Common Criteria Mode. When running in Common Criteria Mode, the TOE only offers a CLI access from a directly connected terminal or via a remote terminal using SSH. The following table provides the list of security-related commands used to configure or examine the TOE security settings.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 FMT_SMR.2: The TOE includes roles associated with privileges. ‘Authorized Administrator with Super User privilege’ corresponds to the required ‘Authorized Administrator’ also referred to as ‘Security Administrator’ in some requirements. 6.6 Protection of the TSF The TOE is an appliance and as such is designed to work independent of other components to a large extent.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 6.7 TOE access The TOE can be configured to display an administrator-configured message of the day banner that will be displayed before authentication is completed (before the user enters his password). The banner will be displayed when accessing the TOE via the console or SSH interfaces.
Brocade FastIron SX, ICX, and FCX Series Switch/Router 08.0.01 Security Target Version 1.1, May 13, 2014 and modification) using FIPS certified cryptographic operations, and all remote security management functions require the use of one of these secure channels.