Validated Product - Cisco ASA 5505, 5510, 5520, 5540, and 5550 (Release 7.2(4)), Cisco VPN Client Release 5.0.03.0560Certificate Date: 13 April 2009 Validation Report Number: CCEVS-VR-VID10313-2009 Product Type: VPN Conformance Claim: EAL4 Augmented with ALC_FLR.1 PP Identifiers: None CC Testing Lab: SAIC Common Criteria Testing Laboratory
Maintenance Release: PRODUCT DESCRIPTION
The Adaptive Security Appliance (ASA) evaluation included the ASA-5505, ASA-5510, ASA-5520, ASA-5540 and ASA-5550 models. There are no security relevant differences among the models. The ASA 5500 Series provides a complete remote-access VPN solution that supports numerous connectivity options, including Cisco VPN Client for IP Security (IPSec), WebVPN, and network-aware site-to-site VPN connectivity. The evaluation addressed two types of physical configurations: Remote access configurations – consisting of one ASA component which establishes and controls VPN connections and allows the flow of IP traffic between external and internal network interfaces, and a VPN Client Component executing on a physically secure, properly configured windows-based platforms. LAN-to-LAN (Also referred to as Site-to-Site) configurations – consisting of a VPN tunnel between two ASA instances connecting networks in different geographic locations. ASA offers both IPSec and SSL-based VPN services on a single platform. For IPSec VPN, users (on the outside) can access virtually any application as if they were actually attached to the inside network. The IPSec service requires the Cisco VPN client executing on a physically secure and properly configured windows-based PC to establish an IPSec VPN connection. ASA will authenticate the VPN client using pre-shared keys or digital certificates (RSA). If successful authentication is achieved, a secure channel is established by using triple DES and AES ciphers to provide confidentiality and MD5 and SHA-1 algorithms for integrity and authenticity protection. ASA provides one connectivity option for SSL-based VPN services: WebVPN. WebVPN requires an SSL-capable web browser to establish an SSL-based VPN connection. WebVPN will only allow the web browser to access web resources and web-enabled applications behind ASA until after the user has been authenticated. Authentication is achieved by digital certificates, username/password, or validating an authentication cookie. The WebVPN implements the SSLv3 and TLS protocols with strengths up to 168 bit for Triple DES, and 128, 192, and 256 bit for AES. In general, the SSL protocol takes the application message (e.g., HTML) to be transmitted, fragments the data into manageable blocks, compresses the data, applies a message authentication code (MAC), encrypts, adds a header, and transmits the resulting unit as a TCP segment. Received data is decrypted, verified, decompressed, and reassembled and then delivered to the appropriate application. An access control policy can be applied to VPN traffic, so individuals and groups of users have access to the applications, network services, and resources to which they are entitled. ASA provides an authorized administrator the capability to define a single policy that incorporates both security and connectivity for remote users. The vendor only ran its entire suite of security tests on the 5510 platform. Additionally, the vendor randomly sampled tests on the 5505, 5520, and 5550 platforms. This was acceptable because the binary code and consequently the security features among the platforms are equivalent. The only difference between the models is the number of processor, memory, and/or network cards. SECURITY EVALUATION SUMMARY
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Cisco ASA TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.3. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.3. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 4 augmented with ALC_FLR.1. The product, when delivered configured as identified in Cisco Adaptive Security Appliances (ASA) 5505, 5510, 5520, 5540 and 5550 Common Criteria EAL4+ Administrator Guide For Virtual Private Networks (VPN)s, Version 8.0, November 12, 2008 document, satisfies all of the security functional requirements stated in the Cisco Adaptive Security Appliances (ASA) 5505, 5510, 5520, 5540 and 5550 Virtual Private Network (VPN) Platform Security Target (Version 1.0). The project underwent one Validation Oversight Panel (VOR) panel review. The evaluation was completed in March 2009. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-10313-2009, dated April 2009) prepared by CCEVS. ENVIRONMENTAL STRENGTHS
The logical boundaries of ASA are realized in the security functions that it implements. These security functions are realized at the ASA interfaces that service client and via the administrator commands. Each of these security functions is summarized below.
Security Management – ASA’s security management functions provides security capabilities that guarantees all administrators are required to identify and authenticate to it before any administrative or monitoring actions can be performed. ASA only allows administration to occur from the console port or from a network console via SSH. ASA’s Management Security Capability provides administrator support functionality that enables a human user to manage and configure the product.
Security Audit – ASA’s security function supports audit record generation and review. The administrator can read audit records locally. ASA provides date and time information that is used in audit timestamps.
IPSec VPN - ASA implements the IETF IPSec protocols (RFCs 2401-2410) to provide confidentiality, authenticity, and integrity for packets flows transmitted from and received by ASA.
SSL VPN - ASA implements the SSLv3 and TLS protocol to provide SSL-based VPN connectivity
Identification & Authentication – ASA’s Identification and Authentication security function provides I&A support of all client hosts (VPN Client Components and SSL-capable web browser) requesting a VPN session along with providing I&A support to make sure all administrator are properly identified and authenticated.
TOE Protection - ASA provides for non-bypassability and domain separation of functions within the its scope of control. To enable itself to be “self defending” the inbound filtering functions of the ASA are included. This allows (for example) IP packets that are not IPSec or SSL to be ignored by ASA, which is particularly important as ASA will typically operate with one interface facing a public network. The ASA controls actions carried out by a user by controlling a user’s VPN session and the actions carried out during that session. By maintaining and controlling a VPN session a user has with it, ASA ensures that no security functions are bypassed and that there is a separate domain for itself to prevent tampering and interference. Clock - ASA uses an internal clock to provide a source of date and time information used to produced a reliable time stamp for audit record generation. |
![[X]](/assets/images/button_close.gif){kind=small}
![[PDF]](http://www.niap-ccevs.org:80/assets/images/icon_pdf.gif){kind=icon}
