Validated Product - Brocade Director Models: 48000 and DCX; Brocade Switch Models: 200E, 300, 4100, 4900, 5000, 5100, 5300, 7500 and 7500E; Director Blade Models: FC2-16, FC4-16, FC4-32, FC4-46, FC4-18, FC4-32, FC4-48, FR4-18I, FC8-16, FC8-32, FC8-48, CP4, CP8, CR8; Embedded Blades: 4012, 4016, 4018, 4020, and 4024Certificate Date: 31 March 2009 Validation Report Number: CCEVS-VR-VID10233-2009 Product Type: Sensitive Data Protection, System Access Control Conformance Claim: EAL3 Augmented with ALC_FLR.2 PP Identifiers: None CC Testing Lab: SAIC Common Criteria Testing Laboratory
PRODUCT DESCRIPTION
The Target of Evaluation (TOE) is the Brocade Directors and Switches hardware appliance with all TOE models running FabricOS version 6.1.1. Brocade Directors and Switches are hardware appliances that implement what is called a “Storage Area Network” or “SAN”. SANs provide physical connections between machines in the environment containing a type of network card called a Host Bus Adapter (HBA) that are located in the environment and storage devices such as disk storage systems and tape libraries that are also located in the environment. SANs are optimized to transfer large blocks of data between HBAs and storage devices. SANs can be used to replace or supplement server-attached storage solutions, for example. HBAs communicate with the TOE using Fibre Channel (FC) or FC over IP (FCIP) protocols. Storage devices in turn are physically connected to the TOE using FC/FCIP interfaces. When more than one instance of the TOE is interconnected (i.e. installed and configured to work together), they are referred to collectively as a “SAN fabric” or simply a “fabric.” A zone is a specified group of fabric-connected devices (called zone members) that have access to one another. The TOE provides the ability to centralize the location of storage devices in a network in the environment. Instead of attaching disks or tapes to individual hosts in the environment, or for example attaching a disk or tape directly to the network, storage devices can be physically attached to the TOE, which can then be physically attached to host bus adapters in the environment. Host bus adapters that are connected to the TOE can then read from and write to storage devices that are attached to the TOE according to TOE configuration. Storage devices in the environment appear to the operating system running on the machine that the host bus adapter is installed in as local (i.e. directly-attached) devices. More than one host bus adapter can share one or more storage devices that are attached to the TOE according to TOE configuration. Scalability is achieved by interconnecting multiple instances of TOE directors and switches to form a fabric that supports different numbers of host bus adapters and storage devices. The Brocade Directors and Switches hardware appliances can operate in one of two modes: a fabric switch mode or an “Access Gateway” mode. The evaluated configuration supports only interconnected TOE instances operated in a fabric switch mode, which is the default mode and user guidance specifically warns the user that Access Gateway mode is not allowed in the CC evaluated configuration. Directors and switches both can be used by host bus adapters to access storage devices using the TOE. Switch appliances provide a fixed number of physical interfaces to hosts and storage devices in the environment. Directors provide a configurable number of physical interfaces using a chassis architecture that supports the use of blades that can be installed in and removed from the director chassis according to administrator configuration. There are administrative interfaces to manage TOE services that can be accessed using an Ethernet network, as well as interfaces that can be accessed using a directly-attached console as follows: · Ethernet network-based web-based administrator console interfaces –Provides web-based administrator console interfaces called the “Brocade Advanced Web Tools.” · Ethernet network-based command-line administrator console interfaces – Provides command-line administrator console interfaces called the “FabricOS Command Line Interface.” · Serial terminal-based command-line administrator console interfaces – Provides command-line administrator console interfaces called the “FabricOS Command Line Interface.” There also exists administrative Ethernet network-based programmatic API interfaces, however these interfaces are disabled during initial installation and configuration in the evaluated configuration. Similarly, there exists a modem hardware component that is optional to the product that can be used in a similar manner as a serial console port, but it is disabled by virtue of not being physically installed during initial installation and configuration in the evaluated configuration. The Brocade Advanced Web Tools login interface distinguishes between the correct entry of a userID and password. This feedback would allow an attacker to systematically guess userIDs until a correct userID is found and then switch to guessing passwords. The vendor plans to remove this feedback in the next release. If this is a concern for the target environment, then only the Command Line Interface should be used. The OS "root" account is required for installation of the Brocade and Switches appliance, and the "root" account allows direct command line access to the Fabric OS. The Brocade Fabric OS v6.1.1 Release Notes v4.0 strongly cautions the system administrator to disable the "root" account after installation and configuration of the appliance to ensure that access to the OS is not allowed. SECURITY EVALUATION SUMMARYThe evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1. Science Application International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the TOE is EAL 3 augmented with ALC_FLR.2. The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target. The CCEVS Validation Body provided oversight of the evaluation conducted by the SAIC CCTL. The evaluation was completed in March 2009. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report Brocade Directors and Switches prepared by CCEVS. ENVIRONMENTAL STRENGTHSThe TOE protects itself from attempts to bypass its security mechanisms. The TOE performs user data protection of the data stored outside the TOE that is routed to and from users through the TOE within a defined zone. The TOE performs identification and authentication of all administrative users and provides security management functionality to manage the TOE appliances. |
![[X]](/assets/images/button_close.gif){kind=small}
![[PDF]](http://www.niap-ccevs.org:80/assets/images/icon_pdf.gif){kind=icon}
