Validated Product - Cisco Systems Routers (800, 1700, 1800, 2600XM, 2800, 3700, 3800, and 7200 running Cisco IOS Release 12.4(11)T2; 7300, 7400, and 7600 running Cisco IOS Release 12.2(18)SXF8; 10000 and 12000 running 12.0(32)S7) and Cisco Secure ACS version 4.1.2.12Certificate Date: 29 February 2008 Validation Report Number: CCEVS-VR-VID6014-2008 Product Type: Router, Switch Conformance Claim: EAL3 PP Identifiers: None CC Testing Lab: Arca CCTL PRODUCT DESCRIPTIONThe TOE is Cisco Systems Routers (800, 1700, 1800, 2600XM, 2800, 3700, 3800, and 7200 running Cisco IOS Release 12.4(11)T2; 7300, 7400, and 7600 running Cisco IOS Release 12.2(18)SXF8; 10000 and 12000 running 12.0(32)S7) running Cisco IOS and a Cisco Secure Access Control Server version 4.1.2.12. A router is a device that determines the next network point to which a packet should be forwarded toward its destination. It is located at any gateway (where one network meets another). A router may create or maintain a table of the available routes and their conditions and use this information along with distance and cost algorithms to determine the best route for a given packet. Routing protocols include BGP, RIP, and OSPF. IP packets are forwarded to the router over one or more of its physical network interfaces, which processes them according to the system’s configuration and state information dynamically maintained by the router. This processing typically results in the IP packets being forwarded out of the router over another interface. Routers that support the TOE have common hardware characteristics. These characteristics affect only non-TSF relevant functions of the routers (such as throughput and amount of storage) and therefore support security equivalency of the routers in terms of hardware:
· Central processor that supports all system operations
· Dynamic memory, used by the central processor for all system operations
· Flash memory (EEPROM), used to store the IOS image (binary program)
· USB slot, used to connect USB devices to the TOE (not relevant as none of the USB devices are included in the TOE)
· Non-volatile read-only memory (ROM) is used to store the bootstrap program and power-on diagnostic programs.
· Non-volatile random-access memory (NVRAM) is used to store router configuration parameters used to initialize the system at startup.
· Physical network interfaces (minimally two). Some models have a fixed number and/or type of interfaces; some models have slots that accept additional network interfaces.
Users of the TOE are router and ACS administrators, which will hereafter be referred to generically as Authorized Administrators or by the roles of Privileged Administrator (router), Semi-Privileged Administrator (router), and Authentication Administrator (ACS). Privileged Administrators configure the Cisco routers using the Global configuration commands to apply the features that affect the system as a whole. To initiate Global configuration mode the Privileged Administrator enters the “configure” command at the privileged EXEC mode prompt. The user interface is run from either the console port on the router or by connecting to the router using secure shell. The user interface is a Command Line Interface (CLI) running the Command Interpreter (EXEC).
The Cisco Systems TOE hardware models are:
The TOE also includes ACS, which provides authentication, authorization, and accounting (AAA) services to network devices that function as AAA clients, including routers.
SECURITY EVALUATION SUMMARY
The evaluation was carried out in accordance with the Arca Common Criteria Test Laboratory processes and procedures that are compliant with the Common Criteria Evaluation and Validation Scheme (CCEVS). The evaluation demonstrated that the Auditing (Accounting), Identification and Authentication (Authentication), Traffic Filtering and Routing, Security Management/Access Control (Authorization), and Protection of the TSF of the Cisco IOS/AAA Routers met the security requirements contained in the Security Target. The criteria against which the Cisco IOS/AAA Routers were judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.2 Part II and Part III. The evaluation team conducted the evaluation using the Common Methodology for Information Technology Security Evaluation, Version 2.2. Arca CCTL concluded that the Common Criteria requirements for Evaluation Assurance Level (EAL) 3 have been met with the addition of ALC_FLR.1. The product, configured as outlined in the Secure Installation Guidance, satisfies all of the security functional requirements stated in the Security Target. A Validator, on behalf of CCEVS, monitored the evaluation carried out by Arca CCTL. The evaluation was completed in October 2007. Results of the evaluation can be found in the Validation Report prepared by the National Information Assurance Partnership (NIAP) CCEVS Validation Team.
ENVIRONMENTAL STRENGTHS
The TOE consists of one or more physical devices: router(s) with IOS software and ACS software. ACS software runs on a Windows 2000 Server. It should be noted that the Windows PC is not considered part of the TOE, only the ACS software operating on it. The Windows OS includes a firewall to protect the OS and the ACS. When the TOE-enabled router is in use, at least two of the network interfaces of the internetworking device will be attached to different networks. The router configuration will determine how packet flows received on an interface will be handled. Typically, packet flows are passed through the internetworking device and forwarded to their configured destination. Routing protocols permitted in the evaluated configuration are RIP, OSPF, and BGP. The ACS will be connected to the router either via a internal network or via a crossover cable. The TOE Boundary which includes the router hardware, the IOS software, and the ACS server software, but not the operating system of the server platform the ACS utilizes. The TOE can optionally connect to an NTP server on its internal (protected) network for time services. Also, if the IOS Router or ACS Server are to be remotely administered, then the management station must be connected to a internal (protected) network, SSH must be used to connect to the router, and SSL must be used to connect to the ACS. The ACS, remote management, and NTP boxes (if used) must all be attached to the internal (protected) network.
|
![[X]](/assets/images/button_close.gif){kind=small}
![[PDF]](http://www.niap-ccevs.org/assets/images/icon_pdf.gif){kind=icon}
