Validated Product - Lucent Technologies Lucent VPN Firewall V7.0 (Patch 531)

PRODUCT DESCRIPTION

The purpose of the Lucent VPN Firewall is to provide controlled and audited access to specific Internet Protocol (IP) services, both from inside and outside an organization's network, by allowing, denying and/or redirecting the flow of data through the firewall. The Lucent VPN Firewall selectively routes information flows among internal and external networks according to a site's security policy rules. By default, these security policy rules deny all inbound information flows. Only an authorized administrator has the authority to change the security policy rules. The Lucent VPN Firewall has the ability to make filtering decisions based on the source IP address, destination IP address, transport layer protocol, source port, destination port, and on the interface on which the packet arrives or goes out.

The following features of the LVF were validated during the common criteria evaluation.

• Stateful Packet filtering: Every packet processed by the brick is considered part of a “session”, regardless of IP type or higher-layer protocol instead of processing each and every packet individually.
• Logging: All logging is done in real-time from the brick to its management server (LSMS). Apart from the logging events on the bricks the LSMS also logs administrative events and user authentication events.
• Policy objects: LSMS resources are divided into groups where each group contains sets of resources. Enterprises can use a single group or multiple LSMS Groups.
• Reporting: The LSMS has the ability to generate HTML-based reports and serve them via its own internal secure (HTTP or HTTPS).

The Lucent VPN Firewall architecture consists of two physically distinct components: the firewall appliance, which controls the flow of traffic between network interfaces; and the Security Management Server, which allows the System Administrator and Group Administrators to manage the firewall appliance. The firewall function is physically separated from its management server, with the firewall code running on Inferno(™), a Bell Labs-developed operating system. The evaluated Lucent Security Management Server runs on the Windows 2000/NT(™) platform. A non-evaluated version of the Security Management Server is available for the Sun Solaris operating system.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the Lucent Technologies TOE meets the security requirements contained in the Security Target. The criteria against which the Lucent Technologies TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.1. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 1.0. Cable & Wireless CCTL determined that the evaluation assurance level (EAL) for the Lucent Technologies TOE is EAL 2. The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target. Two Validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by Cable & Wireless CCTL. The evaluation was completed in October 2003. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report.

ENVIRONMENTAL STRENGTHS

The Lucent TOE provides User Authentication, Audit and Information Flow Control for traffic between protected and un-protected networks. In addition the Lucent TOE provides a separate management GUI and Audit review tools for the use of the Authorized Administrator. The Physical protection of the TSF is largely provided by the environment.