NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Junos OS 20.1R2 for NFX250

Certificate Date:  2021.09.07

Validation Report Number:  CCEVS-VR-VID11152-2021

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Network Devices Version 2.1
  Extended Package for Intrusion Prevention Systems Version 2.11
  collaborative Protection Profile Module for Stateful Traffic Filter Firewalls v1.3
  PP-Module for Virtual Private Network (VPN) Gateways, Version 1.0

CC Testing Lab:  Acumen Security


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]


Product Description

The Target of Evaluation (TOE) is Juniper Networks, Inc. Junos OS 20.1R2 for NFX250 Network Services Platform.  The NFX250 is a network device that integrates routing, switching, and security functions on a single platform. 

The NFX250 supports the definition of, and enforces, information flow policies among network nodes, also providing for stateful inspection of every packet that traverses the network and central management to manage the network security policy. All information flow from one network node to another passes through an instance of the TOE. Information flow is controlled on the basis of network node addresses, protocol, type of access requested, and services requested. In support of the information flow security functions, the TOE ensures that security-relevant activity is audited, that their own functions are protected from potential attacks, and provides the security tools to manage all of the security functions. The TOE provides multi-site virtual private network (VPN) gateway functionality, and also implements Intrusion Prevention System functionality, capable of monitoring information flows to detect potential attacks based on pre-defined attack signature and anomaly characteristics in the traffic.


Evaluated Configuration

The deployment of the Junos OS 20.1R2 for NFX250 TOE includes a hypervisor, which runs a virtual machine (VM) on an NFX250 series hardware model:

·       NFX250-S1

·       NFX250-S1E

·       NFX250-S2

NFX250 Hardware

 The hardware model specifications are described in the table below:

 

Specification

NFX250-S1

NFX250-S1E

NFX250-S2

Dimensions

(H x W x D)

1.72 x 17.36 x 12 in.

(4.37 x 44.09 x 30.48 cm)

1.72 x 17.36 x 12 in.

(4.37 x 44.09 x 30.48 cm)

1.72 x 17.36 x 12 in.

(4.37 x 44.09 x 30.48 cm)

Rack units (U)

1 U

1 U

1 U

Weight

9.48 lb (4.3 kg)

9.48 lb (4.3 kg)

9.48 lb (4.3 kg)

Airflow

Front-to-back (AFO) forced cooling

Front-to-back (AFO) forced cooling

Front-to-back (AFO) forced cooling

Acoustics

50 dBA

50 dBA

50 dBA

Power

Fixed PSU 100-240 VAC

Fixed PSU 100-240 VAC

Fixed PSU 100-240 VAC

CPU

Intel 6 Core Xeon D-1528

Intel 6 Core Xeon D-1528

Intel 6 Core Xeon D-1528

Micro-Architecture

Broadwell

Broadwell

Broadwell

Memory

16 GB DDR4

16 GB DDR4

32 GB DDR4

Storage

100 GB[1] SSD

200 GB1 SSD

400 GB1 SSD

Software

Wind River Linux 7

Wind River Linux 7

Wind River Linux 7

Network interfaces

8 x 10/100/1000BASE-T RJ-45 LAN ports

2 x 10/100/1000BASE-T RJ-45 LAN/WAN ports

2 x 100/1000BASE-X small form-factor pluggable transceiver (SFP) WAN ports

2 x 1GbE/10GbE SFP+ WAN ports

1 x 10/100/1000BASE-T RJ-45 management port

ADSL2/VDSL2 SFP[2]

8 x 10/100/1000BASE-T RJ-45 LAN ports

2 x 10/100/1000BASE-T RJ-45 LAN/WAN ports

2 x 100/1000BASE-X small form-factor pluggable transceiver (SFP) WAN ports

2 x 1GbE/10GbE SFP+ WAN ports

1 x 10/100/1000BASE-T RJ-45 management port

ADSL2/VDSL2 SFP2

8 x 10/100/1000BASE-T RJ-45 LAN ports

2 x 10/100/1000BASE-T RJ-45 LAN/WAN ports

2 x 100/1000BASE-X SFP WAN ports

 

 

2 x 1GbE/10GbE SFP+ WAN ports

1 x 10/100/1000BASE-T RJ-45 management port

ADSL2/VDSL2 SFP2

Managed Secure Router[3]

2 Gbps

3 Gbps

4 Gbps

Managed Security3

2 Gbps

3 Gbps

4 Gbps

IPsec3

500 Mbps

750 Mbps

1.2 Gbps

Out-of-band interfaces

  • RJ-45 console port
  • Mini USB console port
  • USB 2.0 port
  • RJ-45 console port
  • Mini USB console port
  • USB 2.0 port
  • RJ-45 console port
  • Mini USB console port
  • USB 2.0 port

Maximum number of VNFs

6

6

8

 

Table 1 TOE Hardware Specifications

The JCP’s FreeBSD kernel uses the kernel-based virtual machine (KVM) as a virtualization infrastructure. KVM is part of the standard NFX250 distribution and can be used to create multiple virtual machines (VMs) and to install security and networking appliances.  The TOE uses Open vSwitch as a backplane between these VMs. However, in the TOE evaluated configuration, only a single VM is running and no security or networking appliances may be installed.  Therefore, in the evaluated configuration the KVM functions simply as a pass-through layer.

The interfaces on the NFX250 devices include of physical interfaces and virtual interfaces.

The physical interfaces represent the physical ports on the NFX250 chassis. The physical interfaces include network and management ports:

·       Network ports NFX250 chassis —

o   8 x 10/100/1000BASE-T RJ-45 LAN ports

o   2 x 10/100/1000BASE-T RJ-45 LAN/WAN ports

o   2 x 100/1000BASE-X small form-factor pluggable transceiver (SFP) WAN ports

o   2 x 1GbE/10GbE SFP+ WAN ports

o   1 x 10/100/1000BASE-T RJ-45 management port

o   ADSL2/VDSL2 SFP

·       Management port – NFX250 device has a dedicated management ports which functions as the out-of-band management interface –

o   RJ-45 console port

o   Mini USB console port

o   USB 2.0 port

Each physical network port has four virtual functions (VFs) enabled by default, where the virtual functions (VFs) of the NIC ports are used to bypass the host OS and provide direct NIC-to-VM connectivity.

The virtual interfaces on the NFX250 device include the following:

·       Virtual layer 2 interfaces – used to configure layer 2 switching of traffic for ethernet

·       Virtual layer 3 interfaces – used to configure layer 3 features such as routing protocols and QoS

·       Virtual SXE interfaces – two static interfaces connect the layer 2 dataplane to the Open vSwitch backplane

Physical ports on the front panel of the NFX250 device can be mapped to layer 2 or layer 3 interfaces or Virtualized Network Functions (VNF)s. There is a dedicated IPsec VPN interface.

NFX250 supports numerous routing standards for flexibility and scalability as well as IETF IPSec protocols. These functions can all be managed through the Junos OS software, either from a connected console on the management interface or via a network connection. Network management can be secured using IPsec, and SSH protocols. All management, whether from a user connecting to a console or from the network, requires successful authentication.  In the evaluated deployment Network management (using the CLI) is secured using the SSH protocol, which can be tunnelled over IPsec.

In the evaluated configuration the TOE is managed and configured via Command Line Interface either via a directly connected console or using SSH connections (optionally tunnelled over IPsec).



[1] Raw capacity; actual capacity will be lower due to overprovisioning.

[2] ADSL2/VDSL2 interfaces are provided by a small form-factor pluggable transceiver which can be used in any SFP port on the NFX250.

[3] Maximum throughput mode


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Junos OS 20.1R2 for NFX250 was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5.  Acumen Security determined that the evaluation assurance level (EAL) for the product is EAL 1.  The product, when delivered configured as identified in the Common Criteria Configuration Guide for NFX250 Network Services Platform, satisfies all of the security functional requirements stated in the Security Target Junos OS 20.1R2 for NFX250. The project underwent CCEVS Validator review.  The evaluation was completed in August 2021.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.


Environmental Strengths

The logical boundary of the TOE includes the following security functionality:

Security Functionality

Description

Protected Communications

The TOE provides an SSH server to support protected communications for administrators to establish secure sessions and to connect to external syslog servers.

The TOE also supports IPsec connections to provide multi-site virtual private network (VPN) gateway functionality and also as a tunnel for remote administrate SSH connections.  The TOE requires that applications exchanging information with it are successfully authenticated prior to any exchange (i.e. applications connecting over SSH and IPsec).

Telnet, File Transfer Protocol (FTP), and Secure Socket Layer (SSL) are out of scope.

The TOE includes cryptographic modules that provide the underlying cryptographic services, including key management and protection of stored keys, algorithms, random bit generation and crypto-administration.  The cryptographic modules provide confidentiality and integrity services for authentication and for protecting communications with adjacent systems. 

Administrator Authentication

Administrative users must provide unique identification and authentication data before any administrative access to the system is granted. Authentication data entered and stored on the TOE is protected. The TOE can be configured to terminate interactive user sessions and to present an access banner with warning messages prior to authentication.

Correct Operation

The TOE provides for both cryptographic and non-cryptographic self-tests and is capable of automated recovery from failure states.

Trusted Update

The administrator can initiate update of the TOE software.  The integrity of any software updates is verified prior to installation of the updated software.

Audit

TOE auditable events are stored in the syslog files in the VM filesystem and can be sent to an external log server (via Netconf over SSH). Auditable events include start-up and shutdown of the audit functions, authentication events, service requests, IPS events, as well as the events listed in Table 4 and Table 5 of ST. Audit records include the date and time, event category, event type, username, and the outcome of the event (success or failure). Local (VM) syslog storage limits are configurable and are monitored. In the event of storage limits being reached the oldest logs will be overwritten.

Management

The TOE provides a Security Administrator role that is responsible for:

·       the configuration and maintenance of cryptographic elements related to the establishment of secure connections to and from the evaluated product

·       the regular review of all audit data;

·       initiation of trusted update function;

·       administration of VPN, IPS and Firewall functionality;

·       all administrative tasks (e.g., creating the security policy).

The devices are managed through a Command Line Interface (CLI). The CLI is accessible through local (serial) console connection or remote administrative (SSH) session.

The Security Administrator role includes the capability to manage all NFX250 services.  Access to manage the device’s FreeBSD host can only be gained through the JCP.

Packet Filtering/Stateful Traffic Filtering

The TOE provides stateful network traffic filtering based on examination of network packets and the application of information flow rules.

Intrusion Prevention

The TOE can be configured to analyze IP-based network traffic forwarded to the TOE’s interfaces and detect violations of administratively-defined IPS policies. The TOE is capable of initiating a proactive response to terminate/interrupt an active potential threat, and to initiate a response in real time that would cause interruption of the suspicious traffic flow.

User Data Protection/Information Flow Control

The TOE is designed to forward network packets (i.e., information flows) from source network entities to destination network entities based on available routing information using Virtual Routers. This information is either provided directly by TOE users or indirectly from other network entities (outside the TOE) configured by the TOE users. The TOE has the capability to regulate the information flow across its interfaces; traffic filters can be set in accordance with the presumed identity of the source, the identity of the destination, the transport layer protocol, the source service identifier, and the destination service identifier (TCP or UDP port number).


Vendor Information


Juniper Networks, Inc.
Ray Tom
888-586-4737
(408) 745-2100
rtom@juniper.net

www.juniper.net
Site Map              Contact Us              Home