Microsoft Windows 2003/XP and XP Embedded TOE is a preemptive multitasking, multiprocessor, and multi-user operating system. In general, operating systems provide users with a convenient interface to manage underlying hardware. They control the allocation and manage computing resources such as processors, memory, and Input/Output (I/O) devices. The TOE expands these basic OS capabilities to controlling the allocation and managing higher level IT resources such as security principals like user or machine accounts, files, printing objects, services, window stations, desktops, cryptographic keys, network ports/traffics, directory objects, and web contents. Multi-user operating systems, such as the TOE, keep track of which user is using which resource, grant resource requests, account for resource usage, and mediate conflicting requests from different programs and users.
\r\nThe evaluated TOE is composed of software and the following hardware:
\r\nMicrosoft Windows 2003/XP and XP Embedded is an operating system that supports both workstation and server installations. The TOE includes five product variants of Windows 2003/XP: XP Embedded, XP Professional, Server 2003 Standard Server, Server 2003 Enterprise Server, and Server 2003 Data Center. The server products additionally provide Domain Controller (DC) features including the Active Directory (AD) and Kerberos Key Distribution Center (KDC). The server products in the TOE also provide Active Directory Federation Services, Windows Server Update Services, content indexing and searching, RPC over HTTP proxies, Simple Service Discovery Protocol (SSDP) service, Distributed Transaction Coordinator (DTC), Certificate Server, File Replication, Directory Replication, Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), Distributed File System (DFS) service, Removable Storage Manager, and Virtual Disk Service.
\r\nThe primary difference between the variants is the number of users and types of services they are intended to support.
\r\nMicrosoft Windows XP Professional is suited for business desktops and notebook computers (note that only desktops are included in the evaluated configuration); it is the workstation product. Designed for departmental and standard workloads, Windows Server 2003 Standard Server delivers intelligent file and printer sharing; connectivity based on Internet technologies, and centralized desktop policy management. Windows Server 2003 Enterprise Server differs from Windows Server 2003 Standard Server primarily in its support for high-performance servers for greater load handling. These capabilities provide reliability that helps ensure systems remain available. Windows Server 2003 Datacenter provides the necessary scalable and reliable foundation to support mission-critical solutions for databases, enterprise resource planning software, high-volume, real-time transaction processing, and server consolidation. Windows XP Embedded is the embedded OS that delivers the power of Windows in componentized form for rapidly building reliable and advanced embedded devices.
\r\nMicrosoft Windows 2003/XP and XP Embedded provide an interactive User Interface (UI), as well as a network interface. The TOE includes a homogenous set of Microsoft Windows 2003/XP and XP Embedded systems that can be connected via their network interfaces and may be organized into domains. A domain is a logical collection of Microsoft Windows 2003/XP and XP Embedded systems that allows the administration and application of a common security policy and the use of a common accounts database. Microsoft Windows 2003/XP and XP Embedded supports single and multiple domain configurations. In a multi-domain configuration, the TOE supports implicit and explicit trust relationships between domains. Domains use established trust relationships to share account information and validate the rights and permissions of users. A user with an account in one domain can be granted access to resources on any server or workstation on the network. Domains can have one-way or two-way trust relationships. Each domain must include at least one designated server known as a Domain Controller (DC) to manage the domain. The TOE allows for multiple DCs that replicate TOE Data among themselves to provide for higher availability.
\r\nEach Microsoft Windows 2003/XP/XP Embedded system, whether it is a DC server, non-DC server, or workstation, is part of the TOE and provides a subset of the TSFs. The TSF for the TOE can consist of the security functions from a single system (in the case of a stand-alone system) or the collection of security functions from an entire network of systems (in the case of domain configurations).
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Microsoft Windows 2003/XP and XP Embedded TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.3. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 1.0. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 4 with the additional augmentation of the CC Flaw Remediation (ALC_FLR) family of assurance requirements. The product, when configured as specified in either the Windows Server 2003 Security Configuration Guide (version 3.0) or Windows XP Security Configuration Guide (version 3.0), satisfies all of the security functional requirements stated in the Microsoft Windows 2003/XP and XP Embedded Security Target (Version 3.0) and is conformant to the CAPP. Three validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in December 2007. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, report number CCEVS-VID10184-2008, prepared by CCEVS. The guidance documentation can be downloaded from http://www.microsoft.com/downloads website.
","environmental_strengths":"The logical boundaries of Microsoft Windows 2003/XP and XP Embedded can be characterized as the set of security functions available at its physical interfaces. Each of these security functions is summarized below.
\r\nSecurity Audit – The TOE has the ability to collect audit data, review audit logs, protect audit logs from overflow, and restrict access to audit logs. Audit information generated by the system includes date and time of the event, user who caused the event to be generated, computer where the event occurred, and other event specific data. Authorized administrators can review audit logs. In addition to audit data, the Windows Server Update Services creates extensive logging information. This information is stored and protected in the TOE filesystem.
\r\nIdentification and Authentication – Windows 2003/XP requires each user to be identified and authenticated (using password or smart card) prior to performing any functions. An interactive user invokes a trusted path in order to protect his I&A information. Windows 2003/XP maintains a database of accounts including their identities, authentication information, group associations, and privilege and logon rights associations. Windows 2003/XP includes a set of account policy functions that include the ability to define minimum password length, number of failed logon attempts, duration of lockout, and password age.
\r\nSecurity Management – Windows 2003/XP includes a number of functions to manage policy implementation. Policy management is controlled through a combination of access control, membership in administrator groups, and privileges.
\r\nUser Data Protection – Windows 2003/XP protects user data by enforcing several access control policies (DAC, WEBUSER, web content provider access control, and Indexing Service access control) and several information flow policies (IPSec filter information flow control, Connection Firewall, UPnP filtering, and RPC over HTTP); and, object and subject residual information protection. Windows 2003/XP uses access control methods to allow or deny access to objects, such as files, directory entries, printers, and web content. Windows 2003/XP uses information flow control methods to control the flow of IP traffic, UPnP traffic, and RPC over HTTP traffic. It authorizes access to these resources through the use of security descriptors (which are sets of information identifying users and their specific access to resources), web permissions, IP filters, and port mapping rules. Windows 2003/XP also protects user data by ensuring that resources provided to user-mode processes do not have any residual information.
\r\nCryptographic Protection - Windows 2003/XP provides additional protection of data through the use of data encryption mechanisms. These mechanisms only allow authorized users to decrypt encrypted data.
\r\nProtection of TOE Security Functions – Windows 2003/XP provides a number of features to ensure the protection of TOE security functions. Windows 2003/XP protects against unauthorized data disclosure and modification by using a suite of Internet standard protocols including IPSec and ISAKMP. The XP portion of the TSF provides the ability to restore previously archived TSF data. Windows 2003/XP provides a Windows Server Update Services that allows authorized administrators the ability to manage software updates and control the propagation of updates to individual machines of the TOE. Windows 2003/XP ensures TOE self-protection and process isolation for all processes through private virtual address spaces, execution context and security context. The Windows 2003/XP data structures defining process address space, execution context, memory protection, and security context are stored in protected kernel-mode memory.
\r\nResource Utilization – Windows 2003/XP can limit the amount of disk space that can be used by an identified user or group on a specific disk volume. Each volume has a set of properties that can be changed only by a member of the administrator group. These properties allow an authorized administrator to enable quota management, specify quota thresholds, and select actions when quotas are exceeded.
\r\nTOE Access – Windows 2003/XP provides the ability for a user to lock their session immediately or after a defined interval. It constantly monitors the mouse and keyboard for activity and locks the workstation after a set period of inactivity. Windows 2003/XP allows an authorized administrator to configure the system to display a logon banner before the logon dialogue.
","features":[]}