1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Switch
  5. 4503-E - Catalyst Data Bundle Switch
  6. Manual

Cisco Catalyst 4503-E Manual

Catalyst 4500 series
Hide thumbs Also See for Catalyst 4503-E:
Table of Contents

Advertisement

Quick Links

See also: Configuration Manual , Installation Manual
Cisco Cat4K NDPP ST
11 March 2014
EDCS-1228241
Cisco Catalyst 4500 Series
Switches (4503-E, 4506-E,
4507R+E, 4510R+E, 4500X and
4500X-F) Running IOS-XE 3.5.2E
Security Target
Revision 1.0
11 March 2014
1

Advertisement

Table of Contents
loading

Related Manuals for Cisco Catalyst 4503-E

Summary of Contents for Cisco Catalyst 4503-E

  • Page 1 Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 Cisco Catalyst 4500 Series Switches (4503-E, 4506-E, 4507R+E, 4510R+E, 4500X and 4500X-F) Running IOS-XE 3.5.2E Security Target Revision 1.0 11 March 2014...

  • Page 2: Table Of Contents

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 Table of Contents Security Target Introduction ....................6 Security Target and TOE Identification ............... 6 Acronyms and Abbreviations ................6 TOE Overview ..................... 8 1.3.1 TOE Evaluated Configuration ..............8 1.3.2 TOE Type...................... 9 1.3.3...
  • Page 3 Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 Threats ........................ 34 Organizational Security Policies ................ 35 3.6.1 OSPs enforced by TOE ................35 Security Objectives ....................... 36 Security Objectives for the TOE ................ 36 Security Objectives for the Environment ............37 Security Requirements ......................

  • Page 4: Edcs

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 List of Tables 1 ST TOE I ................6 ABLE DENTIFICATION ......................6 ABLE CRONYMS ................8 ABLE VALUATED ONFIGURATION 4 IT E ................9 ABLE NVIRONMENT OMPONENTS 4500 S ......... 14...
  • Page 5 San Jose, CA 95134 This document provides the basis for an evaluation of a specific Target of Evaluation (TOE), the Cisco Catalyst 4500 Series Switches (4503-E, 4506-E, 4507R+E, 4510R+E, 4500X and 4500X-F) running IOS-XE 3.5.2E. This Security Target (ST) defines a set of...

  • Page 6: Security Target Introduction

    Security Target and TOE Identification This section provides information needed to identify and control this ST and its TOE. Table 1 ST and TOE Identification Cisco Catalyst 4500 Series Switches (4503-E, 4506-E, 4507R+E, 4510R+E, ST Title 4500X and 4500X-F) Running IOS-XE 3.5.2E Security Target...
  • Page 7 Command Line Interface Configuration Management Diffie-Hellman Evaluation Assurance Level EEPROM Electrically erasable programmable read-only memory, specifically the memory in the switch where the Cisco IOS is stored. EIGRP Enhanced Interior Gateway Routing Protocol FIPS Federal Information Processing Standard HMAC Hashed Message Authentication Code...

  • Page 8: Toe Overview

    Virtual Switching System TOE Overview The TOE is the Cisco Catalyst 4500 Series Switches (4503-E, 4506-E, 4507R+E, 4510R+E, 4500X and 4500X-F) running IOS XE 3.5.2E (herein after referred to as Catalyst Switches). The TOE is a purpose-built, switching and routing platform with OSI Layer2 and Layer3 traffic filtering capabilities.

  • Page 9: Toe Type

    1.3.2 TOE Type The Cisco Catalyst Switches are a switching and routing platform used to construct IP networks by interconnecting multiple smaller networks or network segments. As a Layer2 switch, it performs analysis of incoming frames, makes forwarding decisions based on information contained in the frames, and forwards the frames toward the destination.

  • Page 10: Toe Description

    The Switch IOS subsystem is special purpose software that runs on the Cisco Catalyst 4500 Series Switch hardware. The Catalyst Switches have been designed so that all locally maintained security relevant data can only be manipulated via the secured management interface, a CLI and provides no general purpose programming capability.

  • Page 11: Toe Environment And Configuration

    TOE itself as described in Section 1.7 Logical Scope of the TOE below. 1.5 TOE Environment and Configuration The TOE consists of one or more physical devices; the Catalyst Switch with Cisco IOS XE software. The Catalyst Switch has two or more network interfaces and is connected to at least one internal and one external network.

  • Page 12: Toe Environment

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 configured destination. BGPv4, EIGRP, EIGRPv6 for IPv6, RIPv2, and OSPFv2 Routing protocols are used on all of the Catalyst Switch models. The TOE can optionally connect to an NTP server on its internal network for time services.

  • Page 13: Physical Scope Of The Toe

    1.6 Physical Scope of the TOE The TOE is a hardware and software solution that makes up the following switch models; Cisco Catalyst 4500 Series Switches (4503-E, 4506-E, 4507R+E, 4510R+E, 4500X and 4500X-F) running IOS XE 3.5.2E. The following tables further identify the supported configurations.

  • Page 14: Figure 2 Catalyst 4500 S

    Slot 1 is reserved for supervisor engine only; slots 2 and higher are reserved for line cards. Slots 3 and 4 are reserved for supervisor engines only in Cisco Catalyst 4507R-E and 4507R+E; slots 1-2 and 5-7 are reserved for line cards.
  • Page 15 Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 Feature Cisco Catalyst Cisco Catalyst Cisco Catalyst Cisco Catalyst WS-C4503-E WS-C4506-E WS-C4507R+E WS-C4510R+E Chassis Chassis Chassis Chassis Supervisor 7L-E Supervisor 7L-E Supervisor 7L-E supported Maximum PoE 1,500W 1,500W 1,500W 1,500W slots 1...
  • Page 16 Location of 23- inch rack mount Cisco Catalyst 4500 Series line cards can be mixed and matched to suit numerous LAN access, server connectivity, or branch-office deployments. The Cisco Catalyst 4500 Series supports the following supervisor and line cards, by product number:...
  • Page 17 (ACL) and quality-of-service (QoS) entries to use 8 queues/port and comprehensive security policies per port • Infrastructure services – Cisco IOS XE Software, the modular open application platform for virtualized borderless services – Maximum resiliency with redundant components, Nonstop Forwarding/Stateful Switchover (NSF/SSO), and ISSU support –...
  • Page 18 8 queues per port and comprehensive security policies per port • Infrastructure services: – Cisco IOS XE Software, the modular open application platform for virtualized borderless services – Maximum resiliency with redundant components, Nonstop Forwarding/Stateful Switchover (NSF/SSO), and In-Service Software Upgrade (ISSU) support –...
  • Page 19 The Cisco Catalyst 4500E Supervisor Engine 7L-E is compatible with classic Cisco Catalyst 4500 line cards and power supplies, providing full investment protection. Supervisor Engine 7L-E is not compatible with classic Cisco Catalyst 4500 chassis.
  • Page 20 • Cisco IOS XE Release 3.1.0SG or later • Energy Efficient Ethernet 802.3az • IEEE 802.1AE and Cisco TrustSec capability in hardware • L2-4 Jumbo Frame support (up to 9216 bytes) • Enterprise and commercial: designed for data only user access •...

  • Page 21: Figure 3 Cisco Catalyst

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 The Cisco Catalyst 4500 Series has flexible interface types and port densities that allow network configurations to be mixed and matched to meet the specific needs of the organizations network. The Cisco Catalyst 4500-X Series Switch is a fixed aggregation platform that provides flexibility through two versions of base switches along with optional uplink module.

  • Page 22: Figure 7 Front - To -Back

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 Figure 7 Front-to-Back Airflow Rear View Figure 8 Back-to-Front Airflow Rear View As described above, the physical boundary of the TOE is the switch hardware and software. The software of the TOE is IOS and other supporting functionality (e.g., SSH Server).

  • Page 23: Usb Console Port

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241  Serial port, and  Compact Flash Slot In addition to the communication interfaces above, the TOE includes a number of LEDs and power connectors. The LEDs are output elements only, and while the power connectors provide physical input they are not considered TOE interfaces.

  • Page 24: Compact Flash Slot

     The TOE is a hardware and software solution that uses a combination of chassis, supervisor engine, and line cards as defined in Section 1.3.1, Table 3: the Cisco Catalyst 4500 Series Switches (4503-E, 4506-E, 4507R+E, 4510R+E, 4500X and 4500X-F) running IOS XE 3.5.2E on the Supervisor Engine.

  • Page 25: Security Audit

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 1.7.1 Security Audit The TOE generates a comprehensive set of audit logs that identify specific TOE operations. For each event, the TOE records the date and time of each event, the type of event, the subject identity, and the outcome of the event.

  • Page 26: Identification And Authentication

    TOE. 1.7.4 Identification and Authentication The TOE performs local authentication, using Cisco IOS platform authentication mechanisms, to authenticate access to user EXEC and privileged EXEC command modes. All users wanting to use TOE services are identified and authenticated prior to being allowed access to any of the services.

  • Page 27: Protection Of The Tsf

    Additionally Cisco IOS is not a general-purpose operating system and access to Cisco IOS memory space is restricted to only Cisco IOS functions. The TOE provides secure transmission when TSF data is transmitted between the TOE and other IT entities, such as remote administration via SSH and secure transmission of audit logs to a syslog server via IPsec.

  • Page 28: Resource Utilization

    NTP server and external authentication server using IPsec. 1.8 Excluded Functionality The Cisco IOS contains a collection of features that build on the core components of the system. Those features that are not within the scope of the evaluated configuration include: Features that must remain disabled in the evaluated configuration: ...
  • Page 29 Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 configuration. Including this feature would not meet the security policies as defined in the Security Target. The exclusion of this feature has no effect on the operation of the TOE.  Telnet server sends authentication data in the clear. This feature is enabled by default and must be disabled in the evaluated configuration.

  • Page 30: Conformance Claims

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 ONFORMANCE LAIMS 2.1 Common Criteria Conformance Claim The ST and the TOE it describes are conformant with the following CC package specifications:  Common Criteria for Information Technology Security Evaluation Part 2: Security Functional Components, Version 3.1, Revision 3, July 2009...

  • Page 31: Statement Of Security Requirements Conformance

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 2.3.4 Statement of Security Requirements Conformance The Security Functional Requirements included in the Security Target represent the Security Functional Requirements specified in the U.S. Government Protection Profile for Security Requirements for Network Devices for which conformance is claimed verbatim.

  • Page 32: Security Problem Definition

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 ECURITY ROBLEM EFINITION The security problem definition (SPD) defines the security problem that is to be addressed. This document identifies assumptions as A.assumption with “assumption” specifying a unique name. Threats are identified as T.threat with “threat” specifying a unique name.

  • Page 33: Secondary Assets

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 Asset Asset Description The data which is provided by the TOE during security audit logging. Security properties to be maintained by the TOE: confidentiality, availability, integrity. 3.3.2 Secondary Assets The owner of the TOE presumably places value upon the following secondary entities.

  • Page 34: Threats

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 Assumption Assumption Definition those services necessary for the operation, administration and support of the TOE. A.PHYSICAL Physical security, commensurate with the value of the TOE and the data it contains, is assumed to be provided by the environment.

  • Page 35: Organizational Security Policies

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 Organizational Security Policies Organizational security policies (OSPs) are security rules, procedures, or guidelines enforced by the TOE, its operational environment, or a combination of the two. 3.6.1 OSPs enforced by TOE The following security rules, procedures, or guidelines are enforced by the TOE.

  • Page 36: Security Objectives

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 ECURITY BJECTIVES The security objectives are a concise and abstract statement of the intended solution to the security problem defined by the SPD. This document identifies objectives of the TOE as O.objective with objective specifying a unique name.

  • Page 37: Security Objectives For The Environment

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 TOE Objective TOE Security Objective Definition O.RESOURCE_AVAILABILITY The TOE shall provide mechanisms that mitigate user attempts to exhaust TOE resources (e.g., persistent storage). O.SESSION_LOCK The TOE shall provide mechanisms that mitigate the risk of unattended sessions being hijacked.

  • Page 38: Conventions

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 Conventions The CC defines operations on Security Functional Requirements: assignments, selections, assignments within selections and refinements. This document uses the following font conventions to identify the operations defined by the CC:  Where operations were completed in the NDPP itself, the formatting used in the NDPP has been retained;...
  • Page 39 Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 Functional Component FCS: Cryptographic FCS_CKM.1: Cryptographic key generation (for support asymmetric keys) FCS_CKM_EXT.4: Cryptographic key zeroization FCS_COP.1(1): Cryptographic operation (for data encryption/decryption) FCS_COP.1(2): Cryptographic operation (for cryptographic signature) FCS_COP.1(3): Cryptographic operation (for cryptographic hashing) FCS_COP.1(4): Cryptographic operation (for keyed-...

  • Page 40: Security Audit (Fau)

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 Functional Component reading of keys) FPT_RPL.1: Replay detection FPT_STM.1: Reliable time stamps FPT_TUD_EXT.1: Trusted update FPT_TST_EXT.1: TSF testing FRU: Resource FRU_RSA.1: Maximum quotas utilization FTA: TOE Access FTA_SSL_EXT.1: TSF-initiated session locking FTA_SSL.3: TSF-initiated termination FTA_TAB.1: Default TOE access banners...

  • Page 41: Table 16: Auditablee

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 Table 16: Auditable Events Requirement Auditable Events Additional Audit Record Contents FAU_GEN.1 None. FAU_GEN.2 None. FAU_STG_EXT.1 None. FAU_STG_EXT.3 Loss of connectivity. No additional information. FCS_CKM.1 Failure on invoking No additional information. functionality.
  • Page 42 Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 Requirement Auditable Events Additional Audit Record Contents FMT_MTD.1 None. FMT_SMF.1 None. FMT_SMR.1 None. FPT_ITT.1(1) None. FPT_ITT.1(2) None. FPT_PTD_EXT.1(1) None. FPT_PTD_EXT.1(2) None. FPT_RPL.1 Detected replay attacks. Origin of the attempt (e.g., IP address).

  • Page 43: Cryptographic Support (Fcs)

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 Requirement Auditable Events Additional Audit Record Contents FTP_TRP.1(1) Initiation of the trusted Identification of the channel. claimed user identity. Termination of the trusted channel. Failures of the trusted path functions. FTP_TRP.1(2) Initiation of the trusted Identification of the channel.
  • Page 44 Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241  ANSI X9.80 (3 January 2000), “Prime Number Generation, Primality Testing, Primality Certificates” using random integers with deterministic tests, or constructive generation methods  Generated key strength shall be equivalent to, or greater than, a symmetric key strength of 112 bits using conservative estimates.
  • Page 45 Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 SHA 256, SHA-512] and message digest sizes [160, 256, 512] bits that meet the following: FIPS Pub 180-3 “Secure Hash Standard.” 5.2.2.6 FCS_COP.1(4): Cryptographic operation (for keyed-hash message authentication) FCS_COP.1.1(4) The TSF shall perform [keyed-hash message authentication] in...
  • Page 46 Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 FCS_IPSEC_EXT.1.3 The TSF shall ensure that IKEv1 SA lifetimes are able to be limited to 24 hours for Phase 1 SAs and 8 hours for Phase 2 SAs. FCS_IPSEC_EXT.1.4 The TSF shall ensure that IKEv1 SA lifetimes are able to be limited to [an administratively configurable number of kilobytes including the range from 100 –...

  • Page 47: User Data Protection (Fdp)

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 FCS_SSH_EXT.1.7 The TSF shall ensure that the SSH transport implementation uses SSH_RSA and [no other public key algorithms] as its public key algorithm(s). FCS_SSH_EXT.1.8 The TSF shall ensure that data integrity algorithms used in the SSH transport connection is [hmac-sha1, hmac-sha1-96, hmac-md5-96].

  • Page 48: Security Management (Fmt)

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 5.2.4.2 FIA_UIA_EXT.1: User identification and authentication FIA_UIA_EXT.1.1 The TSF shall allow [no services] on behalf of the user to be performed before the user is identified and authenticated. FIA_UIA_EXT.1.2 The TSF shall require each user to be successfully identified and authenticated before allowing any other TSF-mediated actions on behalf of that user.

  • Page 49: Protection Of The Tsf (Fpt)

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241  Ability to update the TOE, and to verify the updates using the digital signature capability (FCS_COP.1(2)) and [no other functions]  Ability to manage the cryptographic functionality  Ability to manage the audit logs and functions ...

  • Page 50: Fru - Resource Utilization

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 5.2.6.4 FPT_PTD_EXT.1(2): Management of TSF data (for reading of all symmetric keys) FPT_PTD_EXT.1.1(2) The TSF shall prevent reading of all pre-shared keys, symmetric key, and private keys. 5.2.6.5 FPT_RPL.1: Replay detection FPT_RPL.1.1 The TSF shall detect replay for the following entities: [network packets terminated at the TOE].

  • Page 51: Toe Access (Fta)

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 5.2.8 TOE Access (FTA) 5.2.8.1 FTA_SSL_EXT.1: TSF-initiated session locking FTA_SSL_EXT.1.1 The TSF shall, for local interactive sessions, [terminate the session] after a Security Administrator-specified time period of inactivity. 5.2.8.2 FTA_SSL.3: TSF-initiated termination FTA_SSL.3.1 The TSF shall terminate a remote interactive session after a...

  • Page 52: Extended Components Definition

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 FTP_ITC.1.3(2) The TSF shall initiate communication via the trusted channel for [all authentication functions, [IPSec]]. 5.2.9.3 FTP_TRP.1(1): Trusted path FTP_TRP.1.1(1) Refinement: The TSF shall provide a communication path between itself and remote administrators using [SSH as specified in FCS_SSH_EXT.1 to access the CLI] that is logically distinct...
  • Page 53 Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 The dependencies for each extended component are identified in the TOE SFR Dependencies section of this ST below. D. The management requirements, if any, associated with the extended SFRs are incorporated into the Security management SFRs defined in this ST.

  • Page 54: Toe Sfr Dependencies Rationale

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 This SFR was taken from NDPP – where it is defined as a requirement for specific password composition and aging constraints.. FIA_UAU_EXT.5: This SFR was taken from NDPP – where it is defined as a requirement allowing the identification of required external authentication services.
  • Page 55 Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 Dependency Rationale FAU_GEN.1 FPT_STM.1 Met by FPT_STM.1 FAU_GEN.2 FAU_GEN.1 Met by FAU_GEN. FIA_UID.1 Met by FIA_UIA_EXT.1 FAU_STG_EXT.1 FAU_GEN.1 Met by FAU_GEN.1 FAU_STG_EXT.3 FAU_STG_EXT.1 Met by FAU_STG_EXT.1 FCS_CKM.1 FCS_CKM.2 or Met by FCS_COP.1(2), (3), and FCS_COP.1...

  • Page 56: Security Assurance Requirements

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 Dependency Rationale FMT_SMF.1 No dependencies FIA_UID.1 Met by FIA_UIA_EXT.1 FMT_SMR.1 FPT_ITT.1(1) No dependencies FPT_ITT.1(2) No dependencies FPT_PTD_EXT.1(1) No dependencies FPT_PTD_EXT.1(2) No dependencies FPT_RPL.1 No dependencies FPT_STM.1 No dependencies FPT_TUD_EXT.1 No dependencies FPT_TST_EXT.1 No dependencies FRU_RSA.1...

  • Page 57: Security Assurance Requirements Rationale

    Assurance Measures The TOE satisfies the identified assurance requirements. This section identifies the Assurance Measures applied by Cisco to satisfy the assurance requirements. The table below lists the details. Table 19: Assurance Measures Component How requirement will be met ADV_FSP.1...
  • Page 58 This includes details on what changes are tracked, how potential changes are incorporated, and the degree to which automation is used to reduce the scope for error. ATE_IND.1 Cisco will provide the TOE for testing. AVA_VAN.1 Cisco will provide the TOE for testing.

  • Page 59: Toe Summary Specification

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 6 TOE S UMMARY PECIFICATION TOE Security Functional Requirement Measures This section identifies and describes how the Security Functional Requirements identified above are met by the TOE. Table 20: How TOE SFRs are Met...
  • Page 60 Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 TOE SFRs How the SFR is Met The log buffer is circular, so newer messages overwrite older messages after the buffer is full. Administrators are instructed to monitor the log buffer using the show logging privileged EXEC command to view the audit records.
  • Page 61 Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 TOE SFRs How the SFR is Met in the log record. Any use of the Events will be generated for authentication attempted identification/ mechanism. authentication, and the username attempting to authenticate will be included...
  • Page 62 Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 TOE SFRs How the SFR is Met and failure related to trusted channel sessions with peer/neighbor routers and or the remote administration console FAU_GEN.2 The TOE shall ensure that each auditable event is associated with the user that triggered the event and as a result, they are traceable to a specific user.
  • Page 63 Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 TOE SFRs How the SFR is Met exchanged and entered electronically. Persistent keys are entered by the privileged administrator via the console port CLI, transient keys are generated or established and stored in DRAM. If present, a VSS link can export all DRAM and NVRAM keys to another switch over a secure connection for high availability purposes.
  • Page 64 Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 TOE SFRs How the SFR is Met server key Overwritt en with: 0x0d ANSI 16 bytes This is the seed DRAM Zeroized Seed X9.31 ANSI (plainte upon Append X9.31 RNG power cycle the...
  • Page 65 Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 TOE SFRs How the SFR is Met Overwritt en with: 0x00 HMAC 160-bits This is the SSH DRAM Automati session SHA-1 session (plainte cally authentica authentication when tion key session terminate 1024/1536/...
  • Page 66 Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 TOE SFRs How the SFR is Met MACsec secret 128/256 Used to verify MACse Automati bits integrity c PHY cally (plainte when authenticity of session MPDUs expires SESA “no fips SESA 128 bits...
  • Page 67 BGPv4 uses MD5 for authentication of routing updates as defined in RFC 2385 (Protection of BGP Sessions via TCP MD5 Signature Option).  EIGRP and EIGRPv6 (Cisco proprietary) uses MD5 for authentication of routing updates.  RIPv2 uses MD5 for authentication of routing updates as defined in Section 2.4 of RFC 2453.
  • Page 68 Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 TOE SFRs How the SFR is Met The TOE implements a NIST-approved AES-CTR Deterministic Random Bit Generator (DRBG), as specified in SP 800-90. The entropy source used to seed the Deterministic Random Bit Generator (e.g.
  • Page 69 Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 TOE SFRs How the SFR is Met methods. FCS_IPSEC_EXT.1 The TOE implements IPsec to provide authentication and encryption services to prevent unauthorized viewing or modification of data as it travels over the external network. The...
  • Page 70 Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 TOE SFRs How the SFR is Met allowed to flow for a given IPsec SA using the following command, ‘crypto ipsec security-association lifetime’ as specified for the evaluated configuration. The default amount is 2560KB, which is the minimum configurable value.
  • Page 71 Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 TOE SFRs How the SFR is Met connected console or remotely through an SSHv2 connection, the TOE prompts the user for a user name and password. Only after the administrative user presents the correct authentication credentials will access to the TOE administrative functionality be granted.
  • Page 72 System Administrator (level 15) will be required to enter their current password prior to entering a new password. See the Cisco Catalyst 4500 Series Switches (4503-E, 4506-E, 4507R+E, 4510R+E, 4500X and 4500X-F) Running IOS-XE 3.5.2E Common Criteria Operational User Guidance and Preparative Procedures for details and configuration settings.
  • Page 73 Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 TOE SFRs How the SFR is Met  Ability to manage routing tables - allows the authorized administrator the ability to create, modify, and delete the routing tables to control the routed network traffic ...
  • Page 74 Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 TOE SFRs How the SFR is Met For level 0, there are five commands associated with privilege level 0: disable, enable, exit, help, and logout. However, the level could be configured to allow a user to have access to the ‘show’...
  • Page 75 Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 TOE SFRs How the SFR is Met staff that are usually not allowed to run all of the commands available in privileged EXEC mode (privilege level 15) on a networking device. They are prevented from running commands...
  • Page 76 Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 TOE SFRs How the SFR is Met Step 3 clear counters The clear counters command clears the interface counters. This command has been changed from privilege level 15 to privilege level 7.
  • Page 77 Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 TOE SFRs How the SFR is Met returns to privilege level 1. Router# disable Step 8 show privilege Displays the privilege level of the current CLI session Router> show privilege Current privilege level is 1 The term “authorized administrator”...
  • Page 78 (i.e., public hashes) are used to verify software/firmware update files (to ensure they have not been modified from the originals distributed by Cisco) before they are used to actually update the applicable TOE components. As a FIPS 140-2 validated product, the TOE runs a suite of self- FPT_TST_EXT.1...

  • Page 79: Toe Bypass And Interference/Logical Tampering Protection Measures

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 TOE SFRs How the SFR is Met The allowable range is from 1 to 65535 seconds. The TOE displays a privileged Administrator specified banner on FTA_TAB.1 the CLI management interface prior to allowing any administrative access to the TOE.
  • Page 80 Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 plane allows the ability to forward network traffic; the control plane allows the ability to route traffic correctly; and the management plane allows the ability to manage network elements. There is no opportunity for unaccounted traffic flows to flow into or out of the TOE.

  • Page 81: Rationale

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 ATIONALE This section describes the rationale for the Security Objectives and Security Functional Requirements as defined within this Security Target. The following matrix is the typical display that is drawn from the information presented in Sections 2 and 3 of the NDPP.

  • Page 82: Table 22: Threat /Policies

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 Table 22: Threat/Policies/TOE Objectives Rationale Objective Rationale Security Objectives Drawn from NDPP O.PROTECTED_COMMUNICATIONS This security objective is necessary to counter the threat: T.UNAUTHORIZED_ACCESS and T.UNAUTHORIZED_UPDATE to ensure the communications with the TOE is not compromised.

  • Page 83: Rationale For The Security Objectives For The Environment

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 Objective Rationale ensure accounts cannot be compromised and used by an attacker that does not otherwise have access to the TOE. O.TSF_SELF_TEST This security objective is necessary to counter the threat T.TSF_FAILURE to ensure failure of mechanisms do not lead to a compromise in the TSF.

  • Page 84: Rationale For Toe Security Functional Requirements

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 Environment Objective Rationale the assumption A.TRUSTED_ADMIN by ensuring the administrators are non-hostile and follow all administrator guidance. Rationale for TOE Security Functional Requirements The security requirements are derived according to the general model presented in Part 1 of the Common Criteria.
  • Page 85 Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 FCS_RBG_EXT.1 FCS_COMM_PROT_EXT.1 FCS_IPSEC_EXT.1 FCS_SSH_EXT.1 FDP_RIP.2 FIA_PMG_EXT.1 FIA_UIA_EXT.1 FIA_UAU_EXT.5 FIA_UAU.6 FIA_UAU.7 FMT_MTD.1 FMT_SMF.1 FMT_SMR.1 FPT_ITT.1(1) FPT_ITT.1(2) FPT_PTD_EXT.1(1) FPT_PTD_EXT.1(2) FPT_RPL.1 FPT_STM.1 FPT_TUD_EXT.1 FPT_TST_EXT.1...

  • Page 86: Table 26: Objectives Tor

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 FRU_RSA.1 FTA_SSL_EXT.1 FTA_SSL.3 FTA_TAB.1 FTP_ITC.1(1) FTP_ITC.1(2) FTP_TRP.1(1) FTP_TRP.1(2) Table 26: Objectives to Requirements Rationale Objective Rationale Security Functional Requirements Drawn from Security Requirements for NDPP O.PROTECTED_COMMUNICA The SFRs, FAU_STG_EXT.3, FCS_CKM.1, TIONS FCS_CKM_EXT.4, FCS_COP.1(1), FCS_COP.1(2), FCS_COP.1(3), FCS_COP.1(4), FCS_RBG_EXT.1,...
  • Page 87 Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 Objective Rationale FCS_COP.1(3) meet this objective by ensuring the update was downloaded via secure communications, is from a trusted source, and the update can be verified by cryptographic mechanisms prior to installation.

  • Page 88: Annex A: References

    Cisco Cat4K NDPP ST 11 March 2014 EDCS-1228241 A: R NNEX EFERENCES The following documentation was used to prepare this ST: Table 27: References Common Criteria for Information Technology Security Evaluation – Part 1: Introduction and [CC_PART1] general model, dated July 2009, version 3.1, Revision 3 Common Criteria for Information Technology Security Evaluation –...

This manual is also suitable for:

Catalyst 4506-eCatalyst 4500xCatalyst 4500x-fCatalyst 4507r+eCatalyst 4510r+e

Table of Contents