Validated Product - Thales e-Security Datacryptor SONET/SDH Release 4.0 with Element Manager and Thales e-Security Datacryptor Gigabit Ethernet Release 4.0 with Element Manager

Certificate Date: 07 April 2009

Validation Report Number: CCEVS-VR-VID10189-2009

Product Type: Sensitive Data Protection

Conformance Claim: EAL3

PP Identifiers: None

CC Testing Lab: COACT Inc. CAFE Laboratory

Security Target [PDF]
Validation Report [PDF]
CC Certificate [PDF]

PRODUCT DESCRIPTION

The Thales’ Datacryptor SONET/SDH implements security features for data flows over a Synchronous Optical Network (SONET). The primary security function of the product is to provide confidentiality services for data flows over optical networks, and the other functions of the TOE support this primary function. The product is deployed at the edge of an untrusted optical network with the intent to provide secure communications between two trusted networks that are physically separated.

Potential areas of application include scenarios where distant PBX devices, routers (POS) or switches are connected via SONET/SDH links vulnerable to interception and alteration. The Datacryptor SONET/SDH encryption appliance delivers high performance and confidentiality to these usage applications.

The TOE encrypts unencrypted data flows that enter the device from the trusted network side before they are forwarded across the untrusted optical network. When the encrypted data flow reaches the remote device, the TOE decrypts the data before forwarding it to the remote trusted network. In short, data is encrypted at one device's outbound interface and decrypted at the other device’s inbound interface.

The Thales’ Datacryptor Gigabit Ethernet implements security features for data flows over an Ethernet network. The primary security function of the TOE is to provide confidentiality services for data flows over untrusted networks, and the other functions of the TOE support this primary function. The TOE is deployed at the edge of an untrusted network with the intent to provide secure communications between two trusted networks that are physically separated.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the Thales e-Security Datacryptor SONET/SDH Release 4.0 with Element Manager and Thales e-Security Datacryptor Gigabit Ethernet Release 4.0 with Element Manager meets the security requirements contained in the Security Target.

The criteria against which the Thales e-Security Datacryptor SONET/SDH Release 4.0 with Element Manager and Thales e-Security Datacryptor Gigabit Ethernet Release 4.0 with Element Manager was judged is described in the Common Criteria for Information Technology Security Evaluation, Version 2.3. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.3. The COACT, Inc. CAFE Lab determined that the evaluation assurance level (EAL) for the Thales e-Security Datacryptor SONET/SDH Release 4.0 with Element Manager and Thales e-Security Datacryptor Gigabit Ethernet Release 4.0 with Element Manager is EAL 3. The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target.

A Validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by the COACT, Inc. CAFE Lab. The evaluation was completed in August 2008. Results of the evaluation and associated validation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report.

ENVIRONMENTAL STRENGTHS

The TOE's Security Functions are:

  • Authentication

    The TOE (via Element Manager) supports authentication of an authorized administrator, who manages the TOE locally or remotely. The administrator is required to authenticate via password before configuring TOE security functions. The password is used to decrypt various parameters used to verify authentication and encrypt the link between the Element Manager subsystem and the Datacryptor subsystem.

  • Security Audit

    The TOE provides one log that reports management operations and errors. This log is stored in the Datacryptor and is viewed by an administrator via Element Manager.

  • Information Flow Control

    The TOE provides encryption for data traversing from the trusted network to a remote trusted network, and each Datacryptor allows traffic to flow between subjects (e.g., instances of the TOE connected via an untrusted network and IT Systems connected via the trusted network). The configuration for this data encryption is specified in an Information Flow Control policy.

  • Security Management

    The TOE is managed via GUI interface called Element Manager, which interfaces with the Datacryptor via the Ethernet interface. The TOE provides an administrator with the capabilities to configure, monitor and manage the TOE to fulfill the security objectives of the TOE. Security Management principles relate to Security Audit, Information Flow Control, and Cryptographic Support.

  • Protection of Security Functions

    The TOE provides various protection mechanisms for its security functions, the enforcement of the information flow control policy and authentication rules at the applicable interfaces. The TOE also ensures that the TSF is protected against interference and tampering by untrusted subjects.

Vendor Information


Thales e-Security, Inc
Juan Asenjo
954-888-6202
juan.asenjo@thalesesec.com

http://www.thalesesec.com

--->