CC Certificate 

Security Target 

Validation Report 

Assurance Activity 

Administrative Guide 

The Target of Evaluation (TOE) is the Alcatel-Lucent Enterprise OmniSwitch series 6360, 6465, 6560, 6860, 6865, 6900, and 9900 with AOS 8.9 R11. The firmware is named Alcatel-Lucent Operating System (AOS) which is the single purpose operating system that operates the management functions of all of the Alcatel-Lucent Enterprise OmniSwitch switches.

The TOE provides Layer-2 switching, Layer-3 routing, and traffic filtering. Layer-2 switching analyzes incoming frames and makes forwarding decisions based on information contained in the frames. Layer-3 routing determines the next network point to which a packet should be forwarded toward its destination. These devices may create or maintain a table of the available routes and their conditions and use this information along with distance and cost algorithms to determine the best route for a given packet. Routing protocols include Border Gateway Protocol (BGP), Routing Information Protocol (RIP) v.2, and Open Shortest Path First (OSPF).  Filtering controls network traffic by controlling whether packets are forwarded or blocked at the TOE’s interfaces. Each packet is examined to determine whether to forward or drop the packet, on the basis of the criteria specified within the access lists. Access list criteria could be the source address of the traffic, the destination address of the traffic, the upper-layer protocol, or other information.

All series perform the same security functions with respect to this evaluation. The differences between the models are in speed and physical characteristics.

The intended TOE environment is a secure data center that protects the TOE from unauthorized physical access. Only security administrators are to have access to connect to the serial console, or gain physical access to the hardware. Appropriate administrator security policy and security procedure guidance must be in place to govern operational management of the TOE within its operational environment.

The TOE is not intended for use as a general purpose computer and only executes the services needed to perform its intended function.

The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance.  The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target.  The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017.  The product, when delivered and configured as identified in the Preparation and Operation of Common Criteria Evaluated OmniSwitch Products (NDcPP), AOS Release 8.9.R11, July 2023 document, satisfies all of the security functional requirements stated in the Alcatel-Lucent Enterprise OmniSwitch series 6360, 6465, 6560, 6860, 6865, 6900, 9900 with AOS 8.9 R11 Security Target, Version 0.7, October 9, 2023.  The project underwent CCEVS Validator review.  The evaluation was completed in October 2023.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11404-2023) prepared by CCEVS.

The logical boundaries of the Alcatel-Lucent Enterprise OmniSwitch series 6360, 6465, 6560, 6860, 6865, 6900, 9900 with AOS 8.9.R001 are realized in the security functions that it implements. Each of these security functions is summarized below.

Security audit:

The TOE generates audit records. The audit records can be displayed on the serial console as they are generated in a scrolling format.

The TOE writes audit records to a set of circular files stored in the systems flash memory for permanent storage. These entries are tagged with the AOS application ID of the TOE subsystem that triggers the audit records to be generated. The TOE also provides the ability to send the audit records to an external syslog server using a secure channel.

The TOE provides to security administrators the ability to modify the maximum size allowed for the audit files. Once the files are full the oldest entries are overwritten.

Cryptographic support:

The TOE requires cryptography for supporting the following functionality.

·       Establishment of secure channels using the SSHv2  and TLSv1.2 protocols

·       X.509 certificate generation and validation

·       Storage of passwords

·       Self-tests of the cryptographic algorithms

·       Verification of the integrity of the TOE firmware

The TOE provides cryptographic support using the OpenSSL and OpenSSH software packages, which are bundled in the TOE.

Identification and authentication:

The TOE requires identification and authentication of administrators of the TOE prior to access any of the management functionality in all possible scenarios, which are as follows.

·       TOE administrators accessing (either locally or remotely) the Command Line Interface (CLI) via a serial console or a Secure Shell (SSH) session

The TOE displays to the administrator a configurable banner before the administrator successfully logs onto the TOE (either serial console or SSH). The TOE also provides the ability to lock the administrator after a configurable number of unsuccessful attempts, and terminate the logon session after a configurable period of inactivity.

The TOE provides administrator configurable password settings to enforce password complexity when a password is created or modified.

The TOE provides support for the following Identification and Authentication mechanisms.

·       Identification and Authentication made by the TOE using credentials stored in the local file system

·       Communication with SSH clients is protected with the Secure Shell (SSH) protocol.

Security management:

The TOE provides a Command-Line Interface (CLI) for security management. TOE administrators connect to the TOE via either a serial console or a remote session using Secure Shell (SSHv2). In either case, administrators are required to identify and authenticate against the TOE before getting access to the CLI.

Protection of the TSF:

The TOE protects itself by requiring administrators to identify and authenticate themselves prior to performing any actions and by defining the access allowed by each administrator. The TOE uses the filesystem access control to protect access to sensitive data like cryptographic keys and credentials.

The TOE ensures that manual updates of the TOE firmware are done using trusted updates by verifying the integrity of the new version of the TOE firmware.

The TOE also implements self-tests to ensure the correct operation of cryptographic services.

The TOE also provides a reliable date and time that is used for audit record timestamps, certificate verification and session timing.

TOE access:

The TOE can be configured to display a login banner when an administrator establishes an interactive session and subsequently will enforce an administrator-defined inactivity timeout value after which the inactive session (local or remote) will be terminated.

Trusted path/channels:

The TOE provides the following secure channels to ensure the integrity and confidentiality of the information exchanged between the TOE and external IT entities in the operational environment.

·       Transport Layer Security (TLS) versions 1.2 is used to protect communication with external audit servers (syslog).

·       Secure Shell version 2 (SSHv2) is used to protect communication with SSH clients.

Vendor Information