Compliant Product - HP Networking E-Series Switch Models: E3500yl, E5400zl, E6200yl, E6600, E8200zl with Software Version K.15.02.0005
Certificate Date: 18 October 2011
Validation Report Number: CCEVS-VR-VID10410-2011
Product Type: Network Switch, Router
Conformance Claim: EAL2 Augmented with ALC_FLR.2
PP Identifiers: None
CC Testing Lab: CygnaCom Solutions, Inc
- HP Network Switch Models: 3500yl, 5400zl, 6200yl, 6600, 8200zl with Software Version K.15.09.0004 Models: 3800 with Software Version KA.15.09.0004
HP Networking E-Series Switches are intelligent network switches that provide a set of platform and software features that make them suited for enterprise edge, distribution/aggregation layer, and small core deployments. The TOE is the family of HP Networking Switch appliance models that run Version K.15.02.0005 of the HP Networking software. The switch models (Models: E3500yl, E5400zl, E6200yl, E6600, E8200zl) that run Software Version K.15.02.0005 have a common ASIC architecture, unified software, and a unified set of easy-to-use management tools.
The TOE provides the following security functionality: generation of audit records for security relevant events and user review of these records; user identification and authentication and user login security; cryptographic support for data operations; information flow control; role-based access controlled security management features; protection of TSF data during transit; TSF self-testing; TOE access banners; and termination of a user session after a period of inactivity.
The HP Networking E-Series Switch’s operating image base software Version K.15.02.0005 is embedded in the switch appliances. The appliance hardware, the underlying operating systems, and third-party applications installed on the appliances provide support security functions of the TOE, and are included in the TOE.
This product was previously known as HP ProCurve Switches.
The evaluated configuration includes the following components of the HP Networking E-Series Switch Models: E3500yl, E5400zl, E6200yl, E6600, E8200zl with Software Version K.15.02.0005:
- All HP Networking E-Series Appliance hardware (Models: E3500yl, E5400zl, E6200yl, E6600, and E8200zl)
- HP Networking Software installed on all appliances (Version K.15.02.0005)
- All 3rd party software installed on the appliance including:
- Operating System: Green Hills Integrity v5
- SSH software: OpenSSH_3.7.1p2
- SSL software: OpenSSL 0.9.7c
SECURITY EVALUATION SUMMARY
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. The TOE was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 R3.
The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 R3.
CygnaCom Solutions has determined that the product meets the security criteria in the Security Target, which specifies an assurance level of Evaluation Assurance Level (EAL) 2 augmented with ALC_FLR.2.
A team of validators, on behalf of the CCEVS Validation Body, monitored the evaluation. The evaluation was completed in September 2011.
The TOE provides the following security functionality:
- Security Audit
The TOE records security relevant event data in an Event Log. The audit records in the Event Log serve as a tool to isolate and troubleshoot problems. The audit trail is stored on the switch and is accessible via the protected management functional interfaces. The TOE is able to protect the Event Log from unauthorized deletion or modification. TOE users can view the audit records via the Menu Interface and the CLI.
The Security Audit Functions may optionally depend on an SNTP Server in the operational environment to provide reliable timestamps for the audit records. Event Log records and debugging messages can be optionally sent to an external Syslog Server or sent via SNMP trap as new events are generated. There is the ability to export the entire event log via TFTP and SFTP for off TOE storage and review.
- Cryptographic Support
The TOE provides cryptographic support for SSH communications; SSL data transport; SNMP messaging and authentication support; hashing of passwords; secure communications with an external authentication server. The Vendor is not claiming FIPS compliance for the cryptographic functionality. The version of SSL and SSH used in this product has not been FIPS certified. Compliance to any standards is Vendor asserted. The compliance of the encryption modules to any standard was not certified.
- User Data Protection
The TOE performs user data protection through information flow control. Only legitimate external IT entities are granted access to pass information through the TOE or to the TOE. Traffic is allowed or blocked through the use of rate limiting, ICMP throttling, protocol-based filtering, source-port filtering and dynamic ARP protection. Traffic can be blocked from unauthorized DHCP servers, configured MAC addresses, configured IP addresses and source-ports and through the use of access control lists.
- Identification and Authentication
The TOE enforces password based authentication before allowing access to the command line, menu and web-based management interfaces. The TOE also allows the use of an optional external authentication server (RADIUS or TACACS+) for TOE user identification and authentication.
The TOE enhances user login security by masking passwords during entry on user login.
- Security Management
The TOE supports role-based access to the administrative interfaces and management functions. The TOE provides the following management interfaces: a Command Line Interface (CLI), a Menu Interface, a Web-Based interface, and a physical interface available on the front panel of the switch appliance, and a SNMP interface.
The TOE provides the following management interfaces: a Command Line Interface (CLI), a Menu Interface, a Web-Based interface, and a physical interface available on the front panel of the switch appliance, and a SNMP interface.
The TOE supports management of the security attributes that are used for information flow control.
The Security Management functionality depends on the remote management console using SSH for accessing the console interfaces (CLI or Menu Interface) or a SSL enabled web browser for use of the Web interface.
Functionality is provided for the disabling/locking the Front Panel Interface and the USB interface to prevent unauthorized physical tampering.
In order to use the SNMP interface the TOE requires the use of an operational environmentally supplied Network Management Station, which is not in scope, with SNMPv3 enabled.
- TOE Access
The TOE displays a customizable banner regarding unauthorized use of the TOE before establishing a user session. The TOE will also terminate a user’s session after an administrator configured period of inactivity.
- Protection of the TSF
The TOE in conjunction with the operational environment protects TSF data from unauthorized disclosure when transmitted between itself and trusted external IT entities.
The TOE is also capable of self-testing during initial start-up and reboot to detect security failures.