Nortel-networks Nortel Network VPN Router and Client Workstation 7 Uživatelský manuál stáhnout pdf (Strana 52)

Security Target, Version 3.9

March 18, 2008

Nortel VPN Router v7.05 and Client Workstation v7.11

Page 52 of 67

8 Rationale

This section provides the rationale for the selection of the security requirements, objectives, assumptions, and

threats. In particular, it shows that the security requirements are suitable to meet the security objectives, which in

turn are shown to be suitable to cover all aspects of the TOE security environment.

8.1 Security Objectives Rationale

This section provides a rationale for the existence of each assumption, threat, and policy statement that compose the

Security Target. Table 11 demonstrates the mapping between the assumptions, threats, and polices to the security

objectives is complete. The following discussion provides detailed evidence of coverage for each assumption,

threat, and policy.

Table 11 - Relationship of Security Threats to Objectives

TOE Objectives

Environmental Objectives

Non-IT

O.I&A

O.AUDIT

O.SELFPROTECT

O.CONFIDENT

O.INTEGRITY

O.FILTER

O.FUNCTIONS

O.ADMIN

O.TEST

O.REPLAY

OE.TIME

OE.CERTIFICATE

OE.DOMSEP

OE.PHYS-SEC

OE.TRAINED

OE.DELIVERY

Threats

TOE

T.UNDETECT



T.AUTH-ERROR



T.DATA-MOD



T.HACK-CRYPTO



T.HACK



TOE

Environment

TE.PHYSICAL



TE.AUDIT_FAILURE



TE.BAD_CERT



Assumptions

A.TRAINED-ADMIN



A.TIMESTAMPS



A.PHYSICAL



A.CERTIFICATE



A.INSTALL



A.ACCESS



A.DOMSEP



T.UNDETECT An attacker may gain undetected access due to missing, weak, and/or incorrectly

implemented access controls for the restricted files or TSF Data in order to cause violations

of integrity, confidentiality, or availability of the information protected by and flowing

through the TOE.

The TOE identifies and authenticates users prior to allowing access to TOE functions and data

(O.I&A). The TOE records audit records for data accesses and use of the System functions

(O.AUDIT). The TOE provides functionality that enables only authorized user to establish VPN

sessions with the TOE using IPSec protocol (O.FUNCTIONS). The TOE provides functionality

that enables testing of its correct functioning and integrity (O.TEST).

O.I&A, O.AUDIT, O.FUNCTIONS, and O.TEST combined ensure that this threat is removed.

1 2 ... 47 48 49 50 51 52 53 54 55 56 57 ... 66 67

Komentáře k této Příručce

Žádné komentáře

Nortel-networks Nortel Network VPN Router and Client Workstation 7 Uživatelský manuál Strana 52

Komentáře k této Příručce

Související produkty a manuály pro Hardware Nortel-networks Nortel Network VPN Router and Client Workstation 7