NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Ciena Carrier Ethernet Solutions (CES) 3900 series and 5100 series with SAOS

Certificate Date:  2016.01.26

Validation Report Number:  CCEVS-VR-VID10679-2016

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for Network Devices Version 1.1

CC Testing Lab:  Booz Allen Hamilton Common Criteria Testing Laboratory

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

Ciena Carrier Ethernet Solutions 3900/5100 Series is a network switch that receives data from an external source and forwards that data to one or many ports. The TOE is deployed as a Carrier Ethernet device. Carrier Ethernet provides a way to deliver Ethernet services across many networks while providing bandwidth management. CES operates on quality-of-service (QoS) capabilities and virtual switching functions to deliver different amounts of data to various ports. CES also contains next-generation Ethernet features that transport different Ethernet services through fiber or copper connections

Evaluated Configuration

The TOE is the Ciena Carrier Ethernet Solutions 3900/5100 Series standalone network hardware appliances that run the Ciena Service Aware Operating System (SAOS) 6.14, with uniform security functionality between each of the hardware appliances. SAOS is itself an extension of Linux kernel version 3.10.

The TOE requires the ‘advanced security’ license in its evaluated configuration, to allow the TOE to operate as an SSH server for secure remote administration. 

The following table lists components and applications in the environment that the TOE relies upon in order to function properly:

  • Audit Server: A file server running the secure file transfer protocol (SFTP) that is used by the TOE to securely transmit audit data to a remote storage location.
  • Management Workstation: Any general-purpose computer that is used by an administrator to manage the TOE. The TOE can be managed remotely, in which case the management workstation requires an SSH client, or locally, in which case the management workstation must be physically connected to the TOE using the serial port and must use a terminal emulator that is compatible with serial communications.
  • NTP Server: A system that provides an authoritative and reliable source of time using network time protocol (NTP).

Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. Ciena CES 3900/5100 Series was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 4. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 4. The product, when installed and configured per the instructions provided in the preparative guidance, satisfies all of the security functional requirements stated in the Ciena Carrier Ethernet Solutions 3900/5100 Series Security Target Version 1.0. The evaluation underwent CCEVS Validator review. The evaluation was completed in January 2016. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-VID10679-2015, dated January 26, 2016) prepared by CCEVS.

Environmental Strengths

Security Audit

The TOE contains mechanisms to generate audit data to record predefined events on the TOE. Each audit record contains the user information, time stamp, message briefly describing what actions were performed, outcome of the event, and severity. All audit record information is associated with the user of the TOE that caused the event where applicable. Locally-stored audit data is read-only for administrators. Administrators can securely transmit stored audit data to a remote storage location using SFTP. 

Cryptographic Support

The TOE provides cryptography in support of SSH trusted communications. Asymmetric keys that used by the TSF are generated in accordance with NIST SP 800-56A. The TOE uses FIPS-validated cryptographic algorithms (certificates AES #3522, RSA #1808, SHS #2904, HMAC #2250, DRBG #881) to provide cryptographic services. Ciena’s implementation of these has been validated to ensure that the algorithms are appropriately strong for use in trusted communications. The TOE collects entropy from a source contained within the device to ensure sufficient randomness for secure key generation. 

User Data Protection

The TOE ensures that administrative traffic is isolated from data plane traffic through the use of VLANs. The TOE also ensures that packets transmitted from the TOE do not contain residual information from previous packets. Any data that terminates before the minimum packet size is reached is padded with zeroes. 

Identification and Authentication

Users authenticate to the TOE as administrators either via the local console or remotely using SSH for management of the TSF. All users must be identified and authenticated to the TOE before being allowed to perform any actions on the TOE. Users are authenticated either through a locally-defined username/password combination or through SSH public key-based authentication, depending on the configuration of the TSF and the method used to access the TOE. The TOE provides complexity rules that ensure that user-defined passwords will meet a minimum security strength. As part of connecting to the TOE locally using the management workstation, password data will be obfuscated as it is being input. 

Security Management

The TOE maintains distinct roles for user accounts: Limited, Admin, and Super. These roles define the management functions for each user on the TOE. The Limited user is a read-only user, so any commands the user performs on the TOE will only allow the user to view different attributes and settings. The next level role is the Admin user who can perform all system configurations with the exception of managing users. Following the Admin role is the Super role. Super users can perform all system configurations including user management, including creating and deleting users on the TOE. All administration of the TOE can be performed locally using a management workstation with a terminal client, or remotely using an SSH remote terminal application. 

Protection of the TSF

The TOE is expected to ensure the security and integrity of all data that is stored locally and accessed remotely. The TOE stores passwords in an obfuscated format. The cryptographic module prevents the unauthorized disclosure of secret cryptographic data, and administrative passwords are hashed using SHA-512. The TOE maintains system time with either its local hardware clock or optionally with an NTP server synchronization. TOE software updates are acquired using SFTP and initiated using the CLI. The TOE software version is administratively verifiable and software updates are signed to provide assurance of their integrity. The TSF also validates its correctness through the use of self-tests for both cryptographic functionality and integrity of the system software. 

TOE Access

The TOE can terminate inactive sessions after an administrator-configurable time period. The TOE also allows users to terminate their own interactive session. Once a session has been terminated the TOE requires the user to re-authenticate to establish a new session. The TOE displays a configurable warning banner prior to use of the TSF. 

Trusted Path/Channels

The TOE establishes a trusted path to the TOE using SSH for remote administration. The TOE also establishes trusted channels for sending audit data to a remote server and for downloading software updates using SFTP (FTP over SSH). 

Vendor Information

Ciena Corporation
Kevin Meagher
Site Map              Contact Us              Home