NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Cisco Wireless LAN Version 8.5

Certificate Date:  2019.03.15

Validation Report Number:  CCEVS-VR-VID10931-2019

Product Type:    Wireless LAN
   Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Network Devices Version 2.0 + Errata 20180314
  Extended Package for Wireless LAN Access System

CC Testing Lab:  Acumen Security


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]


Product Description

Cisco WLAN 8.5 provides authorized clients wireless network connectivity to resources on an organization's wired network.

The TOE is comprised of two distinct components:

1.      The Access Point (herein after referred to as AP) operates at the edge of an organization’s network.   The AP contains 2.4 and 5 GHz wireless radios and implements functions from the IEEE 802.11 standard to communicate over-the-air directly to wireless client radios.  This communication includes advertising its presence (known as beacons), responding to requests for available networks (probes), performing 802.11 authentication, association, encryption/decryption, and session management.

2.      The Wireless LAN Controller (herein after referred to as WLC) is responsible for ensuring wireless clients are authenticated and keys are derived in accordance to the IEEE 802.11 standard. 

The TOE uses IEEE 802.1X to ensure Supplicants are authenticated prior to allowing wireless client traffic onto the organization’s wired network.  Encryption keys for wireless sessions are derived using AES-CCMP for encryption and message integrity with cryptographic key size of 128 bits in accordance with the IEEE 802.11-2012 standard.  AES-CCMP-128 bit encryption as specified in 802.11-2012 is more commonly known by its Wi-Fi Alliance certification name, WPA2-Enterprise.  

Additionally, the TOE derives wireless encryption keys using AES-CCMP with cryptographic key size of 256 bits and AES-GCMP, with cryptographic key size of 128 and 256 bits in accordance with the IEEE 802.11ac specification.

The WLC is responsible for all management of the APs.  Once an AP has registered with the WLC, an inter-trusted channel is formed for the purposes of centralized management and configuration of the APs.  No local administration is available directly on the APs.  The inter-trusted channel also protects the distribution of IEEE keys between the WLC and AP.

For connections to the RADIUS authentication server and Syslog audit server, the WLC authenticates those devices with X.509v3 certificates and protects communication channels with the IPsec protocol.  Secure remote administration is protected with HTTPS and SSH which is implemented with authentication failure handling.

The evaluated configuration consists of the following devices:

Wireless LAN Controllers

Access Points

Cisco 3504

Cisco Aironet 1562e, 1562i, 1562d

Cisco 5520

Cisco Aironet 2802e and 2802i

Cisco 8540

Cisco Aironet 3802e, 3802i, and 3802p


Evaluated Configuration

Communication

The TOE provides a secure inter-component channel, under control of the Security Administrator, for Access Points to register and join the WLC to form a distributed TOE.

Cryptographic Support

The TOE provides cryptographic functions in order to implement HTTPS, DTLS, SSH, IPsec, WPA2, and IEEE 802.11ac-2013 protocols.  The cryptographic algorithm implementation has been validated for CAVP conformance.  This includes key generation and random bit generation, key establishment methods, key destruction, and the various types of cryptographic operations to provide AES encryption/decryption, signature verification, hash generation, and keyed hash generation.  In addition, the IEEE 802.11 implementation has been validated by the Wi-Fi Alliance for WPA2 certification.  Refer to section 6.3 for certification information.

Identification and Authentication

The TOE facilitates authentication of wireless clients by performing the role of Authenticator in an 802.1X authentication exchange. 

During the 802.1X authentication exchange, the wireless client software responsible for authentication (hereafter referred to as a Supplicant) is relayed through the WLC.  The 802.1X frames carry EAP authentication packets which are passed through to the RADIUS Authentication Server.  The TOE creates a virtual port for each wireless client that is attempting access and blocks access until the RADIUS server returns an authentication success message and 802.11 wireless encryption keys are derived and installed on both the Supplicant and AP.  After that point 802.11 wireless data frames from the wireless client are allowed to pass as 802.3 Ethernet frames on the network. 

The TOE provides two types of authentication to provide a trusted means for Security Administrators and remote endpoints to interact with a WLAN Access System: X.509v3 certificate-based authentication for remote devices and password-based authentication for Security Administrators.  Device-level authentication allows the TOE to establish a secure communication channel with remote endpoints.  

Security Administrators have the ability to compose strong passwords (15 characters or greater), which are stored in an obscured form.  Additionally, the TOE detects and tracks successive unsuccessful remote authentication attempts and will prevent the offending attempts from authenticating when a Security Administrator defined threshold is reached.

Security Management

The TOE provides secure remote administrative interface and local interface to perform security management functions.  This includes ability to configure cryptographic functionality; an access banner containing an advisory notice and consent warning message; a session inactivity timer before session termination or locking as well as an ability to update TOE software.

The APs are managed via the WLC.  Direct local administration of the APs is not supported.

The TOE provides a Security Administrator role and only the Security Administrator can perform the above security management functions.  The TOE prevents attempts to perform remote administration from a wireless client.

Protection of the TSF

The TOE protects critical security data including keys and passwords against tampering by untrusted subjects. The TOE provides reliable timestamps to support monitoring local and remote interactive administrative sessions for inactivity, validating X.509 certificates (to determine if a certificate has expired), denying session establishment of wireless clients (based on time), and to support accurate audit records.

The TOE provides self-tests to ensure it is operating correctly, including the ability to detect software integrity failures.  Additionally, the TOE provides an ability to perform software updates and to verify those software updates are from Cisco Systems, Inc.  

TOE Access

The TOE monitors both local and remote admin sessions for inactivity and terminates when a threshold time period is reached.  Once a session has been terminated the TOE requires the user to re-authenticate. 

The TOE is capable of denying session establishment of wireless clients based on time, day, and WLAN SSID.

The TOE also displays a Security Administrator specified advisory notice and consent warning message prior to initiating identification and authentication for each administrative user.

Trusted path/Channels

The TOE provides encryption (protection from disclosure and detection of modification) for communication paths between itself and remote endpoints.

In addition, the TOE provides two-way authentication of each endpoint in a cryptographically secure manner, meaning that even if there was a malicious attacker between the two endpoints, any attempt to represent themselves to either endpoint of the communications path as the other communicating party would be detected.


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Cisco Wireless LAN Version 8.5 evaluation is described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5.  Acumen Security determined that the evaluation assurance level (EAL) for the product is EAL 1.  The product, when delivered configured as identified in the Cisco Wireless LAN Version 8.5 CC Configuration Guide, satisfies all the security functional requirements stated in the Cisco Wireless LAN Version 8.5 Security Target. The project underwent CCEVS Validator review.  The evaluation was completed in March 2019.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.


Environmental Strengths

Security Audit

Auditing allows Security Administrators to discover intentional and unintentional issues with the TOE’s configuration and/or operation.  Auditing of administrative activities provides information that may be used to hasten corrective action should the system be configured incorrectly.  Security audit data can also provide an indication of failure of critical portions of the TOE (e.g. a communication channel failure or anomalous activity (e.g. establishment of an administrative session at a suspicious time, repeated failures to establish sessions or authenticate to the TOE) of a suspicious nature.

The TOE provides extensive capabilities to generate audit data targeted at detecting such activity.  The TOE generates an audit record for each auditable event.  Each security relevant audit event has the date, timestamp, event description, and subject identity.  The TOE provides circular audit trail.  Audit logs are transmitted to an external audit server over a trusted channel protected with IPsec.


Vendor Information


Cisco Systems, Inc.
Marty Loy
410-309-4862
certteam@cisco.com

www.cisco.com
Site Map              Contact Us              Home