Compliant Product - Cisco Wide Area Application Services Version 4.2.1, Wide Area Application Engine (WAE) 512, 612, 674, 7341, 7371 and WAE Network Module [NME-WAE] NME-WAE-502 and NME-WAE-522
Certificate Date: 31 August 2010
Validation Report Number: CCEVS-VR-10314-2010
Product Type: Miscellaneous
Conformance Claim: EAL4 Augmented with ALC_FLR.1
PP Identifiers: None
CC Testing Lab: SAIC Common Criteria Testing Laboratory
The Cisco WAAS (TOE) is a network application delivery solution for Wide Area Networks (WANs) – geared for branch and mobile employee deployments. By deploying WAAS, IT organizations can consolidate costly branch-office servers and storage in centrally managed data centers, and to deploy new applications directly from the data center, while offering LAN-like application performance for remote users. The WAAS defined in this ST covers multiple hardware appliance products loaded with the WAAS 4.2.1 software package, which comprises the solution.
The TOE consists of hardware and software used to provide application services acceleration between client machines (workstation) and the application servers (e.g., Web servers, file servers). The TOE is the WAAS solution running software v4.2.1.
SECURITY EVALUATION SUMMARY
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Cisco WAAS TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 2. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 3. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 4 augmented with ALC_FLR.1. The product, when delivered configured as identified in Cisco Wide Area Application Services (WAAS)Common Criteria EAL4+ Administrator Guide, Version 4.0, April 2010 document, satisfies all of the security functional requirements stated in the Cisco Wide Area Application Services Security Target (Version 20.0). The project underwent one Validation Oversight Panel (VOR) panel review. The evaluation was completed in July 2010. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-10314-2010, dated July 2010) prepared by CCEVS.
The logical boundaries of WAAS are realized in the security functions that it implements. These security functions are realized at the WAAS interfaces that service clients and via the administrator commands. Each of these security functions is summarized below.
Security Management – The WAAS Security Management functionality provides management support functionality that enables a human user to manage and configure the product securely. The Security Management functionality guarantees that management actions can only be performed after an authorized user has been authenticated. An authorized user is one who has been successfully identified and authenticated. WAAS manages user roles to ensure restricted access to the security functions, acceleration services, and data of the product to only those users that are authorized for a specific service. WAAS can be managed locally or remotely by the administrator.
Access Control – WAAS provides the ability to control traffic flow through itself. An IP ACL (permit/deny) policy is an administratively configured access control list that is applied to traffic destined for its management interfaces. IP ACLs can filter traffic (permit or deny traffic flow) based on the following: Source IP address, Destination IP address, Protocol, Source Port, and Destination Port.
Audit - WAAS supports audit record generation, storage, and audit review by authorized users. Audit records are stored in a combination of syslog and errlog files on the hard drive of the devices. The appliance (WAE/WAVE) and module (NME-WAE) devices maintain time to generate a reliable timestamp which is applied to each audit event record. The solution can optionally be configured to receive initial time from the IT environment (i.e., NTP Server).
CIFS File Cache - The goal of this security function is to provide accelerated access to copies of the files cached within WAAS. Whenever a user attempts to access a file cached, the product passes the user request to the originating file server. The originating file server then compares the requesting file user’s permissions against the minimum file permissions associated with the original file resident on the file server. The file returns an allow or deny access decision to WAAS. WAAS then consequently either allow or deny access to the cached file based on the decision returned by the file server. Additionally, the File Cache Security Function also protects user data by using encrypted storage (encrypted file system) for the cached files.
Identification & Authentication – This functionality requires administrators that manage and configure WAAS to successfully authenticate before they are allowed to carry out any other actions that are mediated. Proper and successful authentication is required for all user interfaces. WAAS supports local and remote administration. Remote administration is only allowed using SSH or HTTPS protected communications. By default, the product uses the local authentication database to verify user credentials. The product can optionally be configured to use an external authentication server instead of the local authentication database. To support external authentication, the administrator must explicitly configure the product to support additional authentication methods. The TOE administrator can configure the types of authentication supported and order in which the authentication methods is applied.
TOE Protection - The evaluated solution includes multiple hardware components containing non-modifiable software, in which, all operations in the evaluated product’s scope of control are protected from interference and tampering by untrusted subjects. All administration and configuration operations are performed within the physical boundary of WAAS. WAAS has been designed so that System data, User data, and Security Attributes within the its scope of control can only be manipulated via the CLI and GUI interfaces which mediate all actions through these interfaces.
Communications between the evaluated components (branch, data center, and CM) are protected by Transport Layer Security (TLS). The evaluated WAAS protects remote management and configuration sessions with SSH version 2 and HTTPS.