Compliant Product - Versa Networks Versa Secure SD-WAN Versa Operating System (VOS) 22.1 running on CSG1500, CSG2500, CSG3500, CSG5000, Dell PowerEdge R7515, and Dell VEP4600, Versa Director 22.1, and Versa Analytics 22.1
Certificate Date:
2024.04.10
CC Certificate Validation Report Number: CCEVS-VR-VID11431-2024 Product Type: Firewall Virtual Private Network Wireless Monitoring Network Device Conformance Claim: Protection Profile Compliant PP Identifier: collaborative Protection Profile for Network Devices Version 2.2e collaborative Protection Profile Module for Stateful Traffic Filter Firewalls v1.4 + Errata 20200625 PP-Module for Intrusion Prevention Systems (IPS), Version 1.0 PP-Module for Virtual Private Network (VPN) Gateways Version 1.3 CC Testing Lab: Gossamer Security Solutions ![[PDF]](/assets/images/icon_pdf.gif){kind=icon}
Security Target
Validation Report
Assurance Activity
Administrative Guide
Product Description
The TOE is a multitenant software platform that delivers software-defined Layer 3 to Layer 7 services with full programmability and automation. The TOE addresses SD-WAN, SD-Security, and SD-Branch use cases for the WAN edge, delivering multiple functions in a single, unified software platform. The TOE is comprised of hardware and software and is defined as a distributed TOE comprising management, or “headend” components (Versa Director, Analytics, and VOS device configured an SD-WAN controller) and one or many VOS devices operating as data plane or “Branch” devices. The TOE is a network device with stateful firewall, IDS/IPS, and VPN gateway capabilities.
Evaluated Configuration
The evaluation configuration consists of the following components: · Versa Operating SystemTM (VOSTM) device—A VOS device is the multiservice networking and security software platform that provides routing, advanced SD-WAN, and SD-Security in a single software package. A VOS device is deployed in the branch, hub, cloud, and data center. · Versa Director—Versa Director is a centralized provisioning and management application that allows you to configure, deploy, manage, and orchestrate all your Versa VOS software instances. Versa Director integrates with third-party operations and business systems and with cloud management systems by using open and widely available protocols and API formats. · Versa Analytics—Versa Analytics is a near real-time analytics engine that provides historical insights into contextual policy-to-event correlation and visibility based on application, user, device, and location.
Security Evaluation Summary
The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017. The product, when delivered and configured as identified in Configure for NIAP Common Criteria, Version 1.0, March 29, 2024, satisfies all of the security functional requirements stated in the Versa Networks Versa Secure SD-WAN Versa Operating System (VOS) 22.1 running on CSG1500, CSG2500, CSG3500, CSG5000, Dell PowerEdge R7515, and Dell VEP4600, Versa Director 22.1, and Versa Analytics 22.1 Security Target, Version 1.9, March 28, 2024. The project underwent CCEVS Validator review. The evaluation was completed in April 2024. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11431-2024) prepared by CCEVS.
Environmental Strengths
The logical boundaries of the Versa Secure SD-WAN Versa Operating System (VOS) 22.1 running on Versa CSG1500, CSG2500, CSG3500, CSG5000, Dell PowerEdge R7515, and Dell VEP4600, Versa Director 22.1 and Versa Analytics 22.1 are realized in the security functions that it implements. Each of these security functions is summarized below. Security audit: The TOE provides extensive auditing capabilities by generating an audit record for each auditable event, thus generating a comprehensive set audit logs that identify specific TOE operations including audit records for security relevant events. The TOE can audit events related to identification and authentication, administrative actions, and activities related to security functionality enforcement. For each event, the TOE records the date and time of each event, the type of event, the subject identity, and the outcome of the event. Audit logs are buffered locally on each component and then forwarded to Analytics for storage and analysis. Logs are also sent to an external syslog server over a protected IPsec channel. Communications: The TOE is a distributed TOE which uses IPsec for securing all internal communications. The TOE does not use a registration channel and satisfies all requirements of FTP_ITC.1 for internal trusted channels. Administrators must manually enable each component before joining the distributed TOE. Cryptographic support: The TOE provides cryptography in support of secure connections, using IPsec for data plane encryption and IPsec, TLS, SSH, and HTTPS for control plane encryption. The TOE provides key generation, key destruction and cryptographic operation functions supported by NIST approved cryptographic algorithms validated under the CAVP. User data protection: The TOE ensures residual information is not leaked into subsequent packets by freeing the contents of packet buffers prior to de-allocation. Firewall: The TOE implements a stateful firewall with support for rules covering IPv4, IPv6, TCP, UDP, and ICMP with optional logging on match, in addition to a baseline of default processing rules which ensure that the firewall properly rejects malformed packets or other anomalies. The TOE also supports processing of dynamic protocols where control and data are processed on separate ports. Identification and authentication: All TOE administrative users must be identified and authenticated. Administration may either be performed locally using the local console CLI or remotely using the web-based GUI or SSH CLI. The TOE provides two pre-configured administrative accounts. The TOE requires that users associated with these accounts be identified and authenticated before permitted access to the TOE and TOE security functions. Users may authenticate using local password authentication. The TOE ensures that a minimum password length is supported in addition to the construction of complex user passwords. Failed authentication attempts will be tracked and eventually cause the administrator to be locked out until another administrator manually unlocks the account or after a defined time period elapses. Pre-shared keys are supported for IPsec connections which may be generated externally or composed from a password. X.509 certificates are used in support of IPsec connections (during IKE negotiations). Security management: The TOE provides secure administrative services for management of general TOE configuration and the security functionality provided by the TOE. All TOE administration occurs either via a local console connection, or through a secure SSH or HTTPS session. The TOE provides the ability to manage all TOE administrators, all identification and authentication, all audit functionality of the TOE, all TOE cryptographic functionality, firewall, IDS/IPS, and VPN gateway functions. TOE administrators of different roles have different privileges, and the TOE supports pre-defined administrator roles. By default, the system supports the following administrator roles, which cannot be deleted or edited: Admin and Operator, (non-admin users will not have access to the TOE). Admin has super-user privileges and can perform all operations on the TOE. Operator can perform operations like monitor, check-status, and review configuration. Packet filtering: The TOE supports a packet filtering policy as described in Firewall above. Protection of the TSF: The TOE internally maintains the date and time. This date and time are used as the timestamp that is applied to audit records generated by the TOE. Administrators can synchronize the system time with the NTP server time via NTP protocol. Additionally, the TOE performs testing of all TSF binaries, cryptographic algorithms, and entropy sources to ensure correct operation. The TOE will shutdown its interfaces in the event of a self-test failure to prevent insecure operation. The TOE will accept software upgrades that have been digitally signed or have been manually verified by the administrator using a hash prior to installation. The TOE protects the storage of private keys, passwords and other sensitive data by restricting file permissions and does not provide any interface which allows exposure of sensitive plaintext data. TOE access: When an administrative session is initially established, the TOE displays an administrator configurable warning banner. This is used to provide any information deemed necessary by the administrator. After a configurable period of inactivity, local and remote administrative sessions will be terminated, requiring administrators to re-authenticate. Administrators may also manually terminate their own sessions. The VPN gateway will provide dynamically assigned IP addresses to endpoints, and terminate inactive VPN sessions after inactivity. Connections may be restricted based on security posture, location, and time of day. Trusted path/channels: The TOE supports establishing trusted paths between itself and remote administrators using SSH for CLI access and HTTPS for GUI access. The TOE supports use of IPsec and HTTPS/TLS for control plane connections, and IPsec for data plane connections (including distributed TOE channels between VOS Branches and the Versa Headend). The TOE supports IPsec to encrypt connections with external NTP servers and syslog servers. Intrusion Prevention: The TOE supports both in-line and promiscuous inspection modes using both anomaly and signature-based detection along with IP filtering based on denylist.
Vendor InformationVersa Networks, Inc. Ken Lasoski 1-408-385-7660 kenl@versa-networks.com www.versa-networks.com |