Validated Product - Juniper Networks Security Appliances

PRODUCT DESCRIPTION

The TOE, which consists of one or more of the following appliances, is identified as Juniper Networks Security Appliances. Each TOE appliance runs ScreenOS 5.0.0r9 and consists of one or more of the following:

• Juniper Networks NetScreen-5GT (Part number: NS-5GT-00*, NS-5GT-10*, NS-5GT-20*, where * = 1, 3, 5, 7, 8)

• Firmware version: 5.0.0r9.r
• Hardware version: 1010

• Juniper Networks NetScreen-5XT (Part number: NS-5XT-00*, NS-5XT-10*, where * = 1, 3, 5, 7, or 9)

• Firmware version: 5.0.0r9.o
• Hardware version: 1010

• Juniper Networks NetScreen-25 (Part number: NS-025-00*, where * = 1, 3, 5, or 7)

• Firmware version: 5.0.0r9.o
• Hardware version: 4010

• Juniper Networks NetScreen-50 (Part number: NS-050-00*, where * = 1, 3, 5, or 7)

• Firmware version: 5.0.0r9.o
• Hardware version: 4010

• Juniper Networks NetScreen-204 (Part number: NS-204-00*, where * = 1, 3, 5, or 7)

• Firmware version: 5.0.0r9.o
• Hardware version: 0110

• Juniper Networks NetScreen-208 (Part number: NS-208-00*, where * = 1, 3, 5, or 7)

• Firmware version: 5.0.0r9.o
• Hardware version: 0110

• Juniper Networks NetScreen-500 (Part number: NS-500-SK1, NS-500ES-GB1-**, NS-500ES-GB2-**, NS-500SP-GB1-**, NS-500SP-GB2-**, NS-500ES-FE1-**, NS-500ES-FE2-**, where ** = AC or DC)

• Firmware version: 5.0.0r9.o
• Hardware version: 4110

• Juniper Networks ISG 1000 (Part number: NS-ISG 1000-PO*-S00, NS-ISG 1000B-PO*-S00, where * = 0A, 1A, 2A, or 3A)

• Firmware version: 5.0.0r9.y
• Hardware version: 3010

• Juniper Networks ISG 2000 (Part number: NS-ISG 2000-PO*-S00, NS-ISG 2000B-PO*-S00, where * = 0A, 1A, 2A, or 3A)

• Firmware version: 5.0.0r9.y
• Hardware version: 3010

• Juniper Networks NetScreen 5200 (Part number: NS-5200-P00*-**, NS-5200-P01*-**, NS-5200-P10*-**, NS-5200-P11*-**, where * = A or D, and ** = S00, S01, or S02)

• Firmware version: 5.0.0r9.o
• Hardware version: 3010

• Juniper Networks NetScreen 5400 (Part number: NS-5400-P00*-**, NS-5400-P01*-**, NS-5400-P10*-**, NS-5400-P11*-**, where * = A or D, and ** = S00, S01, or S02)

• Firmware version: 5.0.0r9.o
• Hardware version: 3010

The Juniper Networks evaluated products identified above are integrated security appliances that control traffic flow through a network and operate as the central security hub in a network configuration. The appliances integrate stateful packet inspection firewall, virtual private networking (VPN), and traffic management features. All have hardware-accelerated IPSec encryption and very low latency, allowing them to fit into any network.  Installing and managing the appliances is accomplished using a command line interface (CLI).

Each evaluated model consists of hardware and firmware, and each runs ScreenOS 5.0.0r9 in firmware, a Juniper Networks proprietary operating system. The model differences have no affect on the security functions claimed in the Security Target

The TOE generates audit records corresponding to traffic flow, administrator actions, and identification and authentication.  The TOE provides interfaces that allow the administrator to review the audit records, including the ability to search and sort the audit records.  Additionally, the TOE provides the ability to protect the audit records and limit the loss of records due to storage exhaustion.

The TOE enforces an information flow policy that is enforced upon all packets attempting to traverse a Juniper Networks appliance.  The policy is configurable by the administrator and is based on the presumed IP source address, destination IP address, protocol, source and destination interface, and service.  The TOE has a packet buffer for temporary storage of packet information.  All temporary storage is accounted for in that the size of the temporary storage relative to every packet is known, thus ensuring that the TOE does not reuse any previous packet information. Additionally, the TOE provides encryption/decryption capabilities for VPN sessions.

Administrators are the only users of the TOE and are forced to be identified and authenticated by the TOE before they are allowed to invoke any administrator commands. Although the TOE includes the console port, the actual console used is not part of the TOE, but is part of the environment.  The Security Target includes an assumption that a VT-100 terminal, or any device that can emulate a VT-100 terminal, is required for use as a locally-connected console.

Security management is provided through the administrator interface.  This interface allows an administrator (when properly identified and authenticated) to configure the Juniper Networks appliance.  The security management functions are not available to non-administrator users.

The security functions of the TOE are protected in two ways. First, untrusted users do not have a direct interface to these functions; they are limited to sending packets to the device. Second, the administrative interface is a separate interface that is not connected to the network and, therefore, not susceptible to many of the general threats on the network such as packet sniffing or attempts to log into a public administrative interface.  The administrative interface allows an administrator (when properly identified and authenticated) to configure the Juniper Networks appliance.  The security management functions are not available to non-administrator users. Additionally, the TOE includes a system clock that can only be set and modified by the administrator, providing reliable timestamps for audit information.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance with established practices of the Common Criteria Evaluation and Validation Scheme (CCEVS).
The Common Criteria for Information Technology Security Evaluation Version 2.1 [CCV2.1] and the Common Methodology for Information Technology Security Evaluation, Version 1.0 [CEMV1.0], were used for the evaluation of the Juniper Networks Security Appliances. The Science Application International Corporation (SAIC) evaluation team determined that (a) the Security Target is [CCV2.1] conformant; (b) the TOE is [CCV2.1] Part 2 and Part 3 conformant; and (c) recommended that an EAL4 certificate be issued for the Juniper Networks Security Appliances.
The following Juniper Networks Security Appliances have received FIPS 140-2 certification: NetScreen-5400 (Certificate No. 605); NetScreen-5200 (Certificate No. 603); NetScreen-500 (Certificate No. 604); NetScreen-208 (Certificate No. 607); NetScreen-204 (Certificate No. 607); NetScreen-5GT (Certificate No. 629); and NetScreen-5XT (Certificate No. 606).
For this evaluation, it was appropriate for the Security Target to claim compliance with the external standard for DES, TDES, AES, and SHA for the Juniper Networks ISG 1000 and ISG 2000 products; and to claim compliance with the external standard for AES, TDES, DES, DSA, SHS, RSA, HMAC, and RNG for the Juniper Networks NetScreen-25 and NetScreen-50 products. There are many ways of determining compliance with a standard. Juniper Networks has chosen to make a developer claim of compliance. This means there has been no independent verification (by either the evaluators or a third party standards body, such as a FIPS laboratory) that the implementation of the cryptographic algorithm actually meets the claimed standard. Potential users of this product should confirm that the cryptographic capabilities are suitable to meet the user’s requirements.
A CCEVS Validator monitored the evaluation carried out by SAIC.    Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, Juniper Networks Security Appliances, Version 1.0, CCEVS-VR-05-138, December 23, 2005.

ENVIRONMENTAL STRENGTHS

The Juniper Networks Security Appliances are commercial network products that provide identification and authentication, information flow control, security management, Protection of the TSF, and audit security functions. The Juniper Networks Security Appliances provide a level of protection that is appropriate for IT environments that require that information flows be controlled and restricted among network nodes where the Juniper Networks Security Appliances components can be appropriately protected from physical attacks.