CC Certificate 

Security Target 

Validation Report 

Assurance Activity 

Administrative Guide 

The TOE is the Klas Voyager running KlasOS. The TOE is a Network Device that also provides Virtual Private Network Gateway services. The TOE provides the ability to securely encrypt data over WAN links using IPsec and FIPS Approved algorithms. A real-time clock is present on all KlasOS devices, and NTP server and client is also a feature of the firmware. Authentication can be provided locally or over a trusted channel using IPsec or SSH, and all logs can be securely sent to a syslog server. Access Control Lists (ACLs) can filter all types of IP, TCP, and UDP traffic. KlasOS provides a Command Line Interface (CLI) for device configuration.

The Klas Voyager range of products provide expandable, enterprise-grade rugged mobility solutions. The Klas Voyager embedded module is used in a variety of these Klas Voyager products and provides the ability to establish highly secure IPSec tunnels using FIPS Approved algorithms.

The TOE is operating in the CC Evaluated configuration when it is configured as specified in the Common Criteria Operational User Guidance document.

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. The Klas Voyager TOE was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 4, the collaborative Protection Profile for Network Devices, Version 1.0, Feb. 27, 2015, and the Network Device Collaborative Protection Profile (NDcPP)/Stateful Traffic Filter Firewall Collaborative Protection Profile (FWcPP) Extended Package VPN Gateway, Version 2.1, March 8, 2017. The product, when installed and configured per the instructions provided in the guidance, satisfies all of the security functional requirements stated in the Security Target. The evaluation was completed in August 2017. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (CCEVS-VR-VID10767-2017, dated 19 September 2017) prepared by CCEVS and the Assurance Activities Report (AAR) 17-3277-R-0029 V1.0.

Audit

The TOE generates audit logs for the events specified in FAU_GEN.1 and associates the identity of the user (if applicable) and the time of the event with each audit record.

Cryptographic Support

The TSF performs the following cryptographic operations:

·         DH Group 14

·         ECDH P-256 and P-384

·         AES-CBC-128, AES-CBC-256, AES-GCM-128 and AES-GCM-256

·         ECDSA P-256 and P-384

·         RSA 2048 and 3072

·         HMAC SHA1, HMAC-SHA2-256, or HMAC-SHA2-512

·         CTR_DRBG(AES-256)

·         IPsec: IKEv1, IKEv2, and ESP

·         SSHv2

The TSF zeroizes all plaintext secret and private cryptographic keys and CSPs once they are no longer required. 

Identification and Authentication

The TOE identifies administrators using a username and password. For authentication over SSH, SSH public-key authentication can be used in lieu of a password.

The TOE supports the use of X.509 certificates for IKE authentication. 

Security Management

The TOE provides secure administrative services for management of general TOE configuration and the security functionality provided by the TOE. All TOE administration occurs via a local console connection. The TOE provides the ability to securely manage:

·         All TOE administrative users

·         All identification and authentication

·         All audit functionality of the TOE

·         All TOE cryptographic functionality

·         Timestamps maintained by the TOE

·         Update to the TOE

·         TOE configuration files

Administrators can create configurable login banners to be displayed at time of login and can also define an inactivity timeout to terminate sessions after a set period of inactivity.

Protection of the TSF

The TOE prevents the reading of secret and private keys. The TOE provides reliable time stamps for itself and synchronizes its time with an NTP server. The TOE runs a suite of self-tests during the initial start-up to demonstrate the correction operation of the TSF. The TOE verifies firmware updates using a digital signature prior to installing those updates. 

Packet Filtering

The TOE filters packets received on the VLAN interfaces. The TOE can be configured to allow or deny the packet based on IP source address, IP destination address, TCP or UDP source port, TCP or UDP destination port.

TOE Access

The TOE terminates local and remote administrative sessions after a configurable period of inactivity.

Prior to establishing an administrative session, the TOE displays a configurable warning banner. 

Trusted Path/Channel

The TOE uses SSH to provide a trusted path for communication with remote administrators. The TOE uses IPsec to provide a trusted channel for communication with trusted IT entities and remote VPN peers.

Vendor Information