Compliant Product - Extreme Networks Virtual Services Platform (VSP) Series Switches v8.3.100
Certificate Date: 2022.12.19CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11312-2022
Product Type: Network Device
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Network Devices Version 2.2e
CC Testing Lab: Gossamer Security Solutions
The Target of Evaluation (TOE) is the Extreme Networks Virtual Services Platform (VSP) Series Switches v8.3.100. The TOE is a standalone network device that facilitates Data Link Layer data transfer between network nodes connected to its physical ports. TOE consists of a hardware appliance with embedded firmware.
The TOE consists of the following models of appliances all running VSP Operating System Software (VOSS) version 8.3.100:
· VSP 4900-48P
· VSP7400 -32C
Each model provides a defined set of performance characteristics - switching bandwidth, latency, and port density while offering the same level of security features.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017. The product, when delivered and configured as identified in the Extreme VOSS Common Criteria Configuration Guide 8.3.100, December 2022 document, satisfies all of the security functional requirements stated in the Extreme Networks Virtual Services Platform (VSP) Series Switches v8.3.100 Security Target, Version 0.7, December 16, 2022. The project underwent CCEVS Validator review. The evaluation was completed in December 2022. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11312-2022) prepared by CCEVS.
The logical boundaries of the TOE are realized in the security functions that it implements. Each of these security functions is summarized below.
The Network Appliances provide extensive auditing capabilities. The TOE generates a comprehensive set of audit logs that identify specific TOE operations. For each event, the TOE records the date and time of each event, the type of event, the subject identity, and the outcome of the event. Auditable events include: failure on invoking cryptographic functionality such as establishment, termination and failure of a TLS session; establishment, termination and failure of an SSH session; all use of the user identification mechanisms; any use of the authentication mechanism; any change in the configuration of the TOE, changes to time, initiation of TOE update, indication of completion of TSF self-test, termination of a remote session; and initiation and termination of a trusted channel.
The TOE is configured to transmit its audit messages to an external syslog server. Communication with the syslog server is protected using TLS. The logs for all appliances can be viewed from the CLI. The records include the date/time the event occurred, the event/type of event, the user ID associated with the event, and additional information of the event and its success and/or failure.
The TOE utilizes CAVP-tested cryptographic implementations to provide key management, random bit generation, encryption/decryption, digital signature and secure hashing and key-hashing features in support of higher-level cryptographic protocols. This cryptography is used to support the following features:
· TLS client in support of secure channel with remote syslog server,
· SSH server in support of secure CLI remote management interface,
· X.509 certificate validation and
· NTP support.
Identification and authentication:
The TOE provides authentication services for administrative users to connect to the TOEs administrator interfaces (local CLI, and remote CLI). The TOE requires Administrators to authenticate prior to being granted access to any of the management functionality. In the Common Criteria evaluated configuration, the TOE requires a minimum password length be configured between 8 and 32 characters, as well as a minimum RSA key length of 2048 bits. The TOE provides administrator authentication against a local user database.
The TOE provides secure administrative services for management of general TOE configuration and the security functionality provided by the TOE. Management can take place over a variety of interfaces including:
· Local console command line administration;
· Remote command line administration via SSHv2;
The TOE provides multiple interfaces to perform administration. While in the CLI command mode, the administrator has access to six distinct modes, or privileges, that provide access to a specific set of commands. Depending on RBAC configuration, not every administrative account would have access to all modes. The CLI modes are as follows:
· User EXEC Mode: Initial mode of access.
· Privileged EXEC Mode: User mode and password combination determines access level.
· Global Configuration Mode: Use this mode to make changes to the running configuration.
· Interface Configuration Mode: Use this mode to modify or configure logical interface, VLAN or a physical interface.
· Router Configuration Mode: Use this mode to modify protocol settings.
· Application Configuration Mode: Use this mode to access the applications.
The system allows administrators to view audit records in EXEC mode.
All administrative functionality is accessed via the CLI. The TOE audits all administrative access. The TOE displays login banners and inactivity timeouts to terminate idle administrative sessions after a set period of inactivity
Protection of the TSF:
The TOE protects against interference and tampering by untrusted subjects by implementing identification, authentication, and access controls restrictions to management and configuration functionality to Administrators. The TOE prevents reading of private keys and plaintext passwords by any user. The TOE internally maintains the date and time. This date and time are used as a timestamp that is part of each audit record generated by the TOE. Administrators can update the TOE’s clock manually or can configure the TOE to synchronize with an external time source. The TOE performs testing to verify correct operation of the security appliances themselves. The TOE verifies all software updates via digital signature (2048-bit RSA/SHA-256) and requires administrative intervention prior to the software updates being installed on the TOE to avoid the installation of unauthorized firmware.
The TOE can terminate inactive sessions after configurable period. Once a session has been terminated, the TOE requires the user to re-authenticate to establish a new session. The TOE can also display specified banner on the local and remote CLI interfaces prior to allowing any administrative access to the TOE. The TOE allows users to manually terminate an established management session with the TOE.
The TOE supports several types of secure communications:
· Trusted paths with remote administrators over SSH,
· Trusted channels with remote IT environment audit (syslog) servers over TLS.
Extreme Networks, Inc.
Craig J Flick