The TOE is Juniper Networks J-Series Family of Service Routers running JUNOS 7.3R2.14, model numbers J2300, J4300, J6300. The TOE is a highly scalable and flexible router. Juniper Networks J-Series Family of Service Routers running JUNOS 7.3R2.14 route IP traffic over any type of network, with increasing scalability of the traffic volume with each router model. All packets on the monitored network are scanned and then compared against a set of rules to determine where the traffic should be routed, and then passes it to the appropriate destination.
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Juniper Networks J-Series Family of Service Routers running JUNOS 7.3R2.14 TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.2 and International Interpretations effective on 10 May 2005. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.2. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL2 family of assurance requirements. The product, when configured as specified in the J-series™ Services Router Getting Started Guide, Release 7.3 and J-series™ Services Router Configuration Guide, Release 7.3, satisfies all of the security functional requirements stated in the Juniper Networks J-Series Family of Service Routers running JUNOS 7.3R2.14 Security Target, version 1.0. One Validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in March 2006. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-06-0019, dated 20 April 2006) prepared by CCEVS.
","environmental_strengths":"The TOE platforms are designed as hardware devices, which perform all routing functions internally to the device. All TOE platforms are powered by JUNOS software, which provides both management functions as well as all IP routing functions.
\r\nThe TOE supports numerous routing standards, allowing it to be flexible as well as scalable. These functions can all be managed through the JUNOS software, either from a connected terminal console or via a network connection. Network management can be secured using ssl, SNMP v3, and ssh protocols. All management, whether from an administrator connecting to a terminal or from the network, requires successful authentication. Juniper Networks J-Series Family of Service Routers running JUNOS 7.3R2.14 supports the following four security functions:
\r\nUser Data Protection
\r\nThe TOE is designed to forward network packets (i.e., information flows) from source network entities to destination network entities based on available routing information. This information is either provided directly by TOE administrators or indirectly from other network entities (outside the TOE) configured by the TOE administrators.
\r\nIdentification and Authentication
\r\nThe TOE requires users to provide unique identification and authentication data before any administrative access to the system is granted. The TOE provides the ability to define levels of authority for users, providing administrative flexibility. Full administrators have the ability to define groups and their authority and they have complete control over the TOE.
\r\nThe TOE also requires that applications exchanging information with the TOE successfully authenticate prior to any exchange. This covers all services used to exchange information, including telnet, ssh, ssl, and ftp.
\r\nAuthentication services can be handled either internally (fixed passwords) or through an authentication server in the IT environment, such as a RADIUS or TACACS+ server (the external authentication server is considered outside the scope of the TOE). Public Key Authentication such as RSA can be used for the validation of the user credentials, but the user identity and privileges are still handled internally.
\r\nSecurity Management
\r\nThe TOE is managed through a Command Line Interface (CLI), or optionally using XML (Junoscript) or HTTPS (J-Web) interfaces which provide equivalent management functionality. Through these interfaces all management can be performed, including user management and the configuration of the router functions. The CLI interface is accessible through ssh and telnet sessions, as well as a local terminal console.
\r\nProtection of Security Functions
\r\nThe TOE provides protection mechanisms for its security functions. One of the protection mechanisms is that users must authenticate before any administrative operations can be performed on the system, whether those functions are related to the management of user accounts or the configuration of routes. Another protection mechanism is that all functions of the TOE are confined to the device itself. The TOE is completely self-contained, and are therefore maintains its own execution domain.
\r\n","features":[]}