NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Ciena 5400 Series Packet Optical Platform

Certificate Date:  2016.02.02

Validation Report Number:  CCEVS-VR-VID10678-2016

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for Network Devices Version 1.1

CC Testing Lab:  Booz Allen Hamilton Common Criteria Testing Laboratory

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

The Ciena 5400 Series Packet Optical Platform is a family of hardware devices that provides OSI Layer 2 network traffic management services. It is a packet-optical switching platform that enables users to direct traffic to designated ports, giving them control of network availability for specific services. The system features an agnostic switch fabric that is capable of switching SONET/SDH, OTN, and Ethernet/MPLS networks.

Evaluated Configuration

The Target of Evaluation (TOE) is the Ciena 5400 Series Packet Optical Platform, which is a packet-optical switching platform. It is also known as the Ciena 5400 Series. The 5400 Series contains two models: the Ciena 5430 and Ciena 5410. Each of these devices runs Linux kernel version 3.4.36 and provides identical security functionality to one another. 

The following table lists components and applications in the environment that the TOE relies upon in order to function properly:

  • Syslog Server: A general-purpose computer that is running a syslog server, which is used to store audit data generated by the TOE. The server must support TLS connectivity.
  • Management Workstation: Any general-purpose computer that is used by an administrator to manage the TOE. The TOE can be managed remotely, in which case the management workstation requires an SSH client, or locally, in which case the management workstation must be physically connected to the TOE using the serial port and must use a terminal emulator that is compatible with serial communications.
  • NTP Server: A system that provides an authoritative and reliable source of time using network time protocol (NTP).
  • Update Server: A server running the secure file transfer protocol (SFTP) that is used as a location for storing product updates that can be transferred to the TOE.

Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. Ciena 5400 Series Packet Optical Platform was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 4. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 4. The product, when installed and configured per the instructions provided in the preparative guidance, satisfies all of the security functional requirements stated in the Ciena 5400 Series Packet Optical Platform Security Target Version 1.0. The evaluation underwent CCEVS Validator review. The evaluation was completed in January 2016. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-VID10678-2016, dated 2/19/2016) prepared by CCEVS.

Environmental Strengths

Security Audit 

The TOE provides extensive auditing capabilities. The security log includes detailed records of all user activity including events related to authentication, management, and session termination. Establishment, termination, and failure to establish trusted communications is also audited. The TOE generates audit logs using syslog, and the collected audit data can be transmitted securely to a remote server in the Operational Environment.

The TOE records, for each audited event, the date and time of the event, the type of event, the subject’s claimed identity, and the outcome (success or failure) of that event. Depending on the specific type of event, additional data may be included in the audit record. 

Cryptographic Support

The TOE provides cryptography in support of SSH and TLS trusted communications for remote administration, remote storage of audit data, and secure download of TOE updates. Asymmetric keys used by the TSF are generated in accordance with NIST SP 800-56. The TOE uses CAVP-validated cryptographic algorithms (certificates AES #3753, RSA #1930, SHS #3124, HMAC #2456, DRBG #1029) to ensure that appropriately strong cryptographic algorithms are used for these trusted communications. 

The TOE collects entropy from a third-party hardware source contained within the device to ensure sufficient randomness for secure key generation.

User Data Protection 

The TOE ensures that packets transmitted from the TOE do not contain residual information from previous packets. Any data that terminates before the minimum packet size is reached is padded with zeroes.

Identification and Authentication 

All users must be identified and authenticated to the TOE via locally-defined username and password or username and SSH public key before being allowed to perform any actions on the TOE, except viewing a banner. The TOE provides complexity rules that ensure that user-defined passwords will meet a minimum security strength through the set of supported characters and configurable minimum password length. As part of connecting to the TOE locally using the management workstation, password data will be obfuscated as it is being input.

Security Management 

The product maintains several pre-defined roles for the TL1 administrative interface. Of these, the Account Administrator (AA) is the only administrative role that has the ability to manage the TSF, so it is the only TL1 role that is within the scope of the TOE. The TOE also provides a separate superuser role that is used exclusively for managing the TSF using the MCLI. The superuser and AA roles are analogous to the role of Security Administrator as defined by the NDPP. The remaining roles perform network management related functionality that is not considered to be part of the TSF.

Protection of the TSF 

The TOE is expected to ensure the security and integrity of all data that is stored locally and accessed remotely. The TOE stores passwords in an obfuscated format. The cryptographic module prevents the unauthorized disclosure of secret cryptographic data, and administrative passwords are hashed using SHA-256. The TOE maintains system time with either its local hardware clock or optionally with an NTP server synchronization. TOE software updates are acquired using SFTP and initiated using the MCLI. Software updates are digitally signed to ensure their integrity. The TSF also validates its correctness through the use of self-tests for both cryptographic functionality and integrity of the system software.

TOE Access 

The TOE can terminate inactive sessions after an administrator-configurable time period. The TOE also allows users to terminate their own interactive session. Once a session has been terminated the TOE requires the user to re-authenticate to establish a new session.

The TOE can also display a configurable banner on both the MCLI and TL1 interfaces that is displayed prior to use any other TSF.

Trusted Path/Channels

The TOE establishes a trusted path to the TOE using SSH for MCLI and TL1 administration. The TOE also establishes trusted channels for sending audit data to a remote syslog server using TLS for downloading software updates and manually transferring audit records using SFTP (FTP over SSH).

Vendor Information

Ciena Corporation
Kevin Meagher
Site Map              Contact Us              Home