NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Aruba, a Hewlett Packard Enterprise company Virtual Intranet Access (VIA) Client Version 3.0

Certificate Date:  2018.05.08

Validation Report Number:  CCEVS-VR-VID10871-2018

Product Type:    Virtual Private Network

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for IPsec Virtual Private Network (VPN) Clients Version 1.4

CC Testing Lab:  Gossamer Security Solutions


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]


Product Description

The TOE is a hybrid Internet Protocol Security (IPsec)/Secure Sockets Layer (SSL) VPN client available for multiple client operating systems.  IPsec is the sole means of securing network traffic; SSL functionality involves encapsulation of IPsec inside HTTPS-formatted packets in order to traverse firewalls and proxies where required. SSL functionality is not included in this evaluation.

VIA can be downloaded directly from an Aruba Mobility Controller, pushed out using enterprise management tools, installed manually, or installed from the Google Play Store. An Aruba Mobility Controller is required to terminate connections from a VIA client – VIA is not a general-purpose VPN client that works with third-party VPN gateways.


Evaluated Configuration

The TOE is the Aruba Virtual Intranet Access (VIA) client version 3.0 running on the following platforms:

·         Samsung Galaxy S7, Samsung Galaxy S8, Samsung Note 8 with Android 7.1 – CC evaluated. Security Target for the evaluation can be found at https://www.niap-ccevs.org/Product/Compliant.cfm?PID=10849

·         Microsoft Windows 10. - CC evaluated. Security Target for the evaluation can be found at https://www.niap-ccevs.org/Product/CompliantCC.cfm?CCID=2017.1007

·         Linux (Red Hat Enterprise Linux 6.9 and CentOS Linux 6.9 with kernel version 2.6) – No CC evaluation or Security Target exists.  See https://wiki.centos.org/Documentation or https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/ for associated documentation.

During evaluation testing, VIA was tested using the following platforms:

·         Samsung Galaxy S8 with Android 7.1, Windows 10 Professional, and Centos 6.9

An Aruba Mobility Controller is required to be in the IT environment to communicate with the VIA Client. VIA is supported on an Aruba Mobility Controller running one of the following ArubaOS versions:

·         ArubaOS 6.4

·         ArubaOS 6.5

·         ArubaOS 8.2

An ArubaOS Advanced Cryptography (ACR) license must also be installed on the Aruba Mobility Controller in order for the Suite B algorithms claimed in this ST to be available and to enable client termination using these algorithms.


Security Evaluation Summary

The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target.  The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 4, September 2012. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 4, July 2012.  Gossamer Security Solutions determined that the evaluation assurance level (EAL) for the TOE is EAL 1.  The product, when delivered and configured as identified in the Aruba Common Criteria Configuration Guidance VPN Client Protection Profile, Version 2.0, March 2018 and the Aruba VIA 3.0.0 User Guide documents, satisfies all of the security functional requirements stated in the Aruba, a Hewlett Packard Enterprise Company Virtual Intranet Access (VIA) Client Version (IVPNCPP14) Security Target, Version 1.5, May 03, 2018.  The project underwent CCEVS Validator review.  The evaluation was completed in April 2018.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID10871-2018) prepared by CCEVS.


Environmental Strengths

The logical boundaries of the Aruba Virtual Intranet Access (VIA) Client Version are realized in the security functions that it implements. Each of these security functions is summarized below.

Cryptographic support:

The IPsec implementation is the primary function of the TOE. IPSec is used by the TOE to protect communication between itself and an Aruba Mobility Controller over an unprotected network.

User data protection:

The TOE ensures that residual information is protected from potential reuse in accessible objects such as network packets.

Identification and authentication:

The TOE provides the ability to use, store, and protect X.509 certificates that are used for IPsec Virtual Private Network (VPN) connections.  In some cases, the storage and protection of X.509 certificates and keys is provided by the underlying operating system.

Security management:

The TOE and its IPsec VPN are fully configurable by a combination of functions provided directly by the TOE and those available to the associated VPN gateway.

Protection of the TSF:

The TOE performs self-tests that cover the TOE as well as the functions necessary to securely update the TOE.

Trusted path/channels:

The TOE acts as a VPN client using IPsec to established secure channels to corresponding VPN gateways.


Vendor Information

Logo
Aruba, a Hewlett Packard Enterprise company
Steve Weingart
5123192480
5123192480
steve.weingart@hpe.com

arubanetworks.com
Site Map              Contact Us              Home