Validated Product - Juniper Networks Secure Access Family, Release 5.1R2

Certificate Date: 16 December 2005

Validation Report Number: CCEVS-VR-05-0132

Product Type: Miscellaneous

Conformance Claim: EAL2

PP Identifiers: None

CC Testing Lab: SAIC Common Criteria Testing Laboratory

CC Certificate [PDF]
Security Target [PDF]
Validation Report [PDF]

PRODUCT DESCRIPTION

The TOE, which consists of one or more of the following appliances, is identified as the Juniper Networks Secure Access Family, Release 5.1R2 (hereafter Secure Access or SA).

  • Juniper Networks SA 2000, Release 5.1R2
  • Juniper Networks NetScreen-SA 3000 FIPS, Release 5.1R2
  • Juniper Networks SA 4000, Release 5.1R2
  • Juniper Networks NetScreen-SA 5000 FIPS, Release 5.1R2
  • Juniper Networks SA 6000, Release 5.1R2

The SA appliances are designed and manufactured by Juniper Networks, Inc. The TOE is completely self-contained, housing the software and hardware necessary to perform all functions. The differences between appliance models have no affect on the security functions claimed in the Security Target. Model variations are associated with differences in throughput and redundancy.

Secure Access acts as a secure application-layer gateway intermediating requests between remote computers and internal corporate resources. All requests from remote computers to a Secure Access appliance, and from a Secure Access appliance to remote computers, are encrypted as per the Triple Data Encryption Standard (TDES), with cryptographic key sizes 168 binary digits in length.. Each request is subject to administratively-defined access control and authorization policies before the request is forwarded to an internal resource.

Secure Access supports the roles User, User Admin, Administrator, and Read-Only Administrator. All users are required to be identified and authenticated before any information flows are permitted. Users gain authenticated access to authorized resources via an extranet session hosted by the appliance, and can access Web-based enterprise applications, Java applications, file shares and terminal hosts from any Internet-connected Web browser.
Secure Access generates audit records for security events. The administrator and read-only administrator are the only roles with access to the audit trail.

Secure Access provides an information flow security policy. The security policy limits traffic (e.g., URLs and resource types, such as file servers) to specific user roles.

Secure Access provides a wide range of security management functions.  Administrators can configure the TOE and manage users, the information flow policy, and audit.

Secure Access protects itself by providing well-defined network interfaces for user access, and requiring all users to be identified and authenticated before any information flows are permitted. Additionally, only trusted software runs on the TOE, assuring that the TOE maintains a domain for its own execution.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance with established practices of the Common Criteria Evaluation and Validation Scheme (CCEVS).

The Common Criteria for Information Technology Security Evaluation Version 2.2 [CCV2.2] and the Common Methodology for Information Technology Security Evaluation Version 2.2 Revision 256 [CEMV2.2], were used for the evaluation of the Juniper Networks Secure Access Family, Release 5.1R2. The Science Application International Corporation (SAIC) evaluation team determined that (a) the Security Target is [CCV2.2] conformant; (b) the TOE is [CCV2.2] Part 2 and Part 3 conformant; and (c) recommended that an EAL2 certificate be issued for the Juniper Networks Secure Access Family, Release 5.1R2.

For this evaluation, it was appropriate for the Security Target to claim compliance with the external standard for the Triple Data Encryption Standard (TDES) for the definition of the encryption algorithm. There are many ways of determining compliance with a standard. The Juniper Networks Secure Access Family, Release 5.1R2, has chosen to make a developer claim of compliance. This means there has been no independent verification (by either the evaluators or a third party standards body, such as a FIPS laboratory) that the implementation of the cryptographic algorithm actually meets the claimed standard. Potential users of this product should confirm that the cryptographic capabilities are suitable to meet the user’s requirements.

A CCEVS Validator monitored the evaluation carried out by SAIC.    Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, Juniper Networks Secure Access Family, Release 5.1R2, Version 1.0, CCEVS-VR-05-132, December 16, 2005.

ENVIRONMENTAL STRENGTHS

Juniper Networks Secure Access Family, Release 5.1R2, is a secure application-layer gateway product that provides identification and authentication, information flow control, audit, cryptographic support, security management, and TSF protection. The Secure Access appliances, which must be protected from physical attacks, provide a level of protection appropriate for IT environments that require information flows to be controlled.

Vendor Information

logo
Juniper Networks, Inc.
Rich Campagna, Product Manager, Security Products Group
408.936.4963
SPG-PLM-SSL@juniper.net

http://www.juniper.net