PRODUCT DESCRIPTION

The TOE consists of a Marconi service edge router appliance from model numbers:  BXR-1000 and BXR-5000.  Each of these models enforce the same security features.  The primary differences between the models are performance and form factor.

The Marconi service edge routers are network appliances that provide network traffic management and control.  The Marconi service edge routers are highly scalable and flexible.  They support any type of switched or routed data service for virtually any interface; they can manage traffic over essentially any type of network, with the different models providing varying level of performance speed and scalability of the traffic volume.  All packets and traffic flows on the monitored network are scanned and then compared against a set of rules to determine whether the traffic should be switched or routed, and then it is passed to the appropriate destination.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Marconi multiservice switches and switch routers TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.2, Revision 256, January 2004 and International Interpretations effective on 2 March 2005.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 2.2, Revision 256, January 2004.  Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL3 family of assurance requirements.  The product, when configured as specified in the BXR-5000 & BXR-1000 Service Edge Routers User Guide: Volume 10 Common Criteria Certification (CCC) Evaluated Configuration Guide, satisfies all of the security functional requirements stated in the Marconi Service Edge Routers (BXR-1000 and BXR-5000) Security Target, Version 1.0.  One Validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC.  The evaluation was completed in January 2006.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-06-0016, dated 29 March 2006) prepared by CCEVS.

ENVIRONMENTAL STRENGTHS

The Marconi service edge routers provide combined switching and routing solutions for connected networks. They are called “Service Edge Routers” in that they are normally used to provide services such as B-RAS (Broadband Remote Access Server) and DSLAM (Digital Subscriber Line Access Management) on WAN connections for customer networks at the edge of a service provider network, or to connect small departmental networks to an enterprise backbone network. Thus the Marconi service edge routers provide features such as traffic prioritization, filtering, route summarization, VPNs (Virtual Private Networks), and MPLS (MultiProtocol Label Switching) LER (Label Edge Router) services for the service provider’s customers, or for the internal networks of an enterprise or government agency. In order to successfully maintain control over the routing and switch configuration in a volatile network environment, these appliances must remain physically connected to the networks that they route or switch.  The appliances must be appropriately placed in a network infrastructure, protected from physical attacks, and direct logical access must be restricted to authorized users.  To ensure that the design of the IT networks is acknowledged and that the risks to the target environment are adequately addressed, the assurance requirements for EAL3, and the minimum strength of function, SOF-Basic, were chosen.  Marconi service edge routers supports the following five security functions:

Security Audit

The TOE provides an audit feature that provides the ability to audit user actions related to authentication attempts and administrator actions.
Information Flow Control

In general, network devices exchange valuable information among themselves. To mitigate threats of spoofing, replay attacks, unauthorized access and DoS attacks among others, the TOE provides an Information Flow Control mechanism that supports control of the flow of traffic generated by the network devices.  The Information Flow Control Policies are configured on each network devices to allow traffic to only flow between the authorized sources and authorized destinations.

Identification and Authentication

The TOE requires administrative users to provide unique identification and authentication data before any administrative access to the system is granted. The TOE provides the ability to define levels of authority for such users via “profiles”, providing administrative flexibility by allowing highly granular assignment of management rights down to the level of individual commands or entire “directories” of commands. Only authorized administrators may access the TOE.  Note, any user that is defined such that they can directly authenticate to the TOE is considered to be an administrator though the specific authorizations may vary with the profile of the individual TOE user (administrator). End users whose traffic may traverse the TOE via its switching and routing functions do not need to be authenticated to use these services since they have no control over the TOE.  Thus the term “user” as applied to the TOE should be understood to refer to administrators unless otherwise specified by terms such as “end users.”

Security Management

The TOE is managed through a Command Line Interface (CLI) that can be accessed locally using the terminal console, or remotely using telnet. Additionally, many of the TOE’s functions can be monitored remotely via SNMP GET. Through the CLI, authorized administrators can configure and manage all TOE functions, including configuring the TOE and managing administrative user accounts (if authorized by their profile).

Protection of Security Functions

The TOE provides protection mechanisms for its security functions. One of the protection mechanisms is that administrative users must authenticate before any administrative operations can be performed on the system, whether those functions are related to the management of administrative user accounts or the configuration of the switching and routing functions. Another protection mechanism is that the TOE is self-contained and therefore maintains its own execution domain.  All TOE security functions are confined to the device.

Vendor Information

Ericsson Federal Incorporated
Federal Sales
1-866 MARCONI (1-866-627-2664) (Fax)
federalsales@marconi.com

http://www.ericsson.com