Validated Product - Brocade Communications Inc. IronShield (BigIron, NetIron, and FastIron) Switches and Routers (formerly Foundry Networks, Inc.)

Certificate Date: 11 July 2008

Validation Report Number: CCEVS-VR-VID10077-2008

Product Type: Network Switch,Router

Conformance Claim: EAL2 Augmented with ALC_FLR.1

PP Identifiers: None

CC Testing Lab: SAIC Common Criteria Testing Laboratory

Maintenance Release:

Security Target [PDF]
Validation Report [PDF]
CC Certificate [PDF]

PRODUCT DESCRIPTION

 

The TOE is composed of a hardware appliance with embedded software installed on the management processor of all routers and switches. The hardware appliance is either a switch or a router and its software is a version of Foundry Networks' proprietary IronWare Operating System (IOS) and the software-based IronShield Security Module. The Foundry IOS controls the switching and routing of layer 2-3 and layer 4-7 network frames and packets through Foundry switch and router appliances.
 
All switches and routers are configured at the factory with default parameters to allow immediate use of the system’s basic features through its Command Line Interface (CLI)[1]. However, the TOE should be configured in accordance with the evaluated configuration prior to being placed into operation. The CLI is a text based interface which is accessible from a directly connected terminal or via a remote terminal using SSH v2.
 
The TOE consists of the following product families of switches and routers:
 
  • FastIron (Layer 2-3 Switches)
  • NetIron (IPv4/IPv6 and Multiprotocol Label Switching (MPLS)Routers)
  • BigIron (Layer 3 Switches)
 
The hardware platforms that support the TOE have a number of common hardware characteristics:
 
  • Central processor that supports all system operations, i.e. PowerPC etc.
  • Dynamic memory, used by the central processor for all system operations
  • Flash memory, used to store the operating system image
  • Non-volatile memory, which stores configuration parameters used to initialize the system at system startup
  • Multiple physical network interfaces either fixed in configuration or removable as in a chassis based product.
 
The basic operation of the switches and routers is as follows:
 
  1. At system startup the operating system is transferred from flash memory to dynamic memory using a built-in hardware bootstrap.
  2. The operating system reads the configuration parameters from the configuration file in non-volatile memory and then builds the necessary data structures in dynamic memory and begins operation.
 
During normal operation, IP packets are sent to the management IP address or through the appliance over one or more of its physical network interfaces, which processes them according to the system’s configuration and state information dynamically maintained by the appliance. This processing typically results in the frames or packets being forwarded out of the device over another interface, or dropped in accordance with a configured policy.
The TOE may be accessed and managed through a PC or terminal in the environment which can be remote from or directly connected to the TOE.
The TOE can be configured to forward its audit records to a syslog server in the environment. This is generally advisable given the limited audit log storage space on the evaluated appliances.
The TOE can also be configured to use an external authentication service such as a RADIUS or TACACS/TACACS+ using an external server in the environment. 
[1] Note that while the product can be configured to be accessible via a Web Management Interface, this interface is disabled in the evaluated configuration since it is accessible only via insecure HTTP.

SECURITY EVALUATION SUMMARY

 

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Foundry Networks TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.3 and International Interpretations effective on 10, March 2005. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 1.0. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 2 family of assurance requirements. The product, when configured as specified in the installation guides and user guides, satisfies all of the security functional requirements stated in the Foundry Networks Security Target. Validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in May 2008. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report for Foundry Networks prepared by CCEVS.

ENVIRONMENTAL STRENGTHS

 

The Foundry Networks IronShield products are switches and routers that provide audit, user data protection, security management, authentication and identification, trusted path, and protection of the security functions features.
·         Security Audit: TOE generates audit records of user’s actions that occur on the TOE.
·         User Data Protection:  The TOE has the ability for the Authorized Administrators to specify the information flow control security functional policy used to control the flow of user data across the ports of the device. ACLs are used by Foundry to control forwarding of network data at specified ports on network equipment. There are two types of ACLs that can be configured, standard and extended. Standard ACLs permit or deny packets based on source IP address only. Extended ACLs take more factors into consideration including IP protocol information.
·         Identification and Authentication: TOE requires that all users are identified and authenticated before any access to the TOE and the TOE security-relevant data is allowed. The TOE also provides the Authorized Administrator with the ability to configure Authentication Method lists. These lists are used to specify the order in which the authentication methods are employed whenever there are one or more authentication methods available. Authentication methods include external authentication using such mechanisms as RADIUS and TACACS/TACACS+ provided by an external server in the IT environment of the TOE.
·         Security Management: The TOE includes a number of command-line functions to manage its security policies. These functions can be accessed using the Command Line Interface (CLI) (via a directly connected terminal or a remote SSH session). The security management functions are controlled through the use of privileges associated with roles that can be assigned to TOE users. Among the available privileges, only the Super User can actually manage the security policies provided by the TOE and the TOE offers a complete set of functions to facilitate effective management.
·         TSF protection: The TOE protects itself from tampering and bypass by offering only a limited and controlled set of functions at each of its physical interfaces to its environment. Communication via those interfaces is either directed at the TOE for the purpose of administration or is directed through the TOE for communication among network devices. In both cases the TOE implements a set of policies to control the services available and those services are designed to protect and ensure the secure operation of the TOE. Note that the TOE implements its own clock to provide time for its audit records.
 

Vendor Information


Brocade Communications Inc. (formerly Foundry Networks, Inc.)
Franchesca Walker
408.207.1731
408.504.8739 (Fax)
fwalker@brocade.com

http://www.brocade.com/

--->