Compliant Product - Ruckus SmartZone WLAN Controllers and Access Points, R220.127.116.11
Certificate Date: 2020.04.25CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11038-2020
Product Type: Wireless LAN
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Network Devices Version 2.1
Extended Package for Wireless LAN Access System
CC Testing Lab: Gossamer Security Solutions
The Ruckus SmartZone controllers and Access points Solution is a Wireless LAN access system (WLAN). The Ruckus Wireless Controller has been designed to eliminate the difficulties administrators experience with building and managing large-scale WLAN networks, to support several Wi-Fi access points and many concurrent Wi-Fi clients. Ruckus Wireless Controllers can support tens of thousands of Ruckus Smart Wi-Fi APs and hundreds of thousands of concurrent Wi-Fi subscribers. The Ruckus carrier-class management system provides feature-rich management of access points, such as RF management, load balancing, adaptive meshing and backhaul optimization and secure connectivity to all wireless clients.
The Ruckus SmartZone controllers and Access points Solution is a Wireless LAN access system (WLAN). The Wireless LAN access system is composed of multiple products operating together to provide secure wireless access to a wired and wireless network. The TOE provides end-to end wireless encryption, centralized WLAN management, authentication, authorization, and accounting (AAA) policy enforcement. The evaluated configuration consists of the following Access Point components: R610, R710, R720, T610 and T710. The evaluated configuration also consists of the following Wireless Controllers: SmartZone 100 (SZ-104 and SZ-124), SmartZone 300 (SZ 300), virtual SmartZone (vSZ-E and vSZ-H hosted on VMware ESXi), and virtual SmartZone – Data plane (vSZ-D hosted on VMware ESXi).
Security Evaluation Summary
The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017. The product, when delivered and configured as identified in the Ruckus FIPS and Common Criteria Configuration Guide for SmartZone and APs,18.104.22.168, Part Number: 800-72111-001 Rev D, April 2020 satisfies all of the security functional requirements stated in the Ruckus SmartZone WLAN Controllers & Access Points, R22.214.171.124 (NDcPP21/WLANASEP10) Security Target, Version 1.0, 4/24/2020. The project underwent CCEVS Validator review. The evaluation was completed in April, 2020. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
The logical boundaries of the TOE are realized in the security functions that it implements. Each of these security functions is summarized below.
The TOE provides auditing capabilities to provide a secure and reliable way to trace all changes to the system. Any configuration changes, administrative activities and other auditable events are audited both internally and externally over a secure communication channel to an audit server. All audited events have the necessary details like timestamp, event log, event code, and identity of the party involved to provide a comprehensive audit trail.
The distributed TOE offers secure internal TSF communication. Access Points and vSZ-Ds register to the WLAN controller over a dedicated channel and must be approved by the administrator to communicate with each other as parts of the distributed TOE.
The distributed TOE provides cryptographic functions for secure administration access via HTTPS and SSH; for communication between the distributed parts of the TOE via SSH and IPSec; for wireless communication via WPA2 and for communication to external systems such as audit log servers via IPSec and RADIUS via TLS. Functions include key generation, key establishment, key distribution, key destruction, cryptographic operations.
Identification and Authentication:
The distributed TOE provides secure connectivity to the network for wireless clients via 802.1X authentication. Certificate-based authentication is supported via external RADIUS server and password-based authentication is supported via the local authentication mechanism. The distributed TOE provides secure password-based authentication for remote administrators and X.509 certificate-based authentication for TOE components. The distributed TOE also provides strong password requirements that can be configured by the administrator including length, session timeout and password complexity. Consecutive unsuccessful attempts beyond a certain limit will result in locking out the user for a specified duration of time.
TOE administrators manage the security functions of the TOE’s distributed components from the SmartZone Controller, including software updates, via secure HTTPS connection over a web interface. Optionally SSH and the local console can also be used as a method to configure the system via the SmartZone controller. Administration cannot be performed from a wireless client. The TOE also provides the ability to configure the session activity timeout of an administrator and to configure the access banner on the controller.
Protection of the TSF:
The TOE provides image integrity verification to validate the authenticity of the images before loading them. Upon every boot up, power on self-tests are conducted to validate the integrity of the software components. If power up self-tests fail, a quarantine state is entered. All the components of the distributed TOE use X.509 certificates to authenticate and establish a secure connectivity amongst them. The TOE also allows configuration of timestamps via an NTP server. The TOE protects cryptographic keys and passwords from unauthorized access.
A login banner is offered which provides the ability to have a custom warning/access policy message as per the organization needs. The TOE is capable of restricting wireless access based on TOE interface, time and day. The TOE provides the ability to configure an inactivity timeout which terminates the session beyond the inactivity period configured. An administrator can also terminate their own session.
The TOE communicates to external components in a secure manner. The following secure channels are used to communicate externally – TLS for RADIUS, HTTPS for WebUI administration, SSH for CLI administration, IPsec for audit servers, and WPA2 for wireless clients. The registration and joining of TOE components is performed over a dedicated channel. After registration, SSH is used for all management of the distributed TOE components (AP and vSZ-D) by the SmartZone Controller and IPSec is used for the data tunnel.
Ruckus Wireless, Inc