The Target of Evaluation (TOE) is Juniper Networks Security Appliances, a line of integrated security network devices combining firewall, virtual private networking (VPN), and traffic management functions. The TOE consists of one or more of the following security appliances running the specified ScreenOS firmware version:
\r\n| \r\n Product \r\n | \r\n\r\n Part Numbers \r\n | \r\n\r\n Firmware Version \r\n | \r\n
| \r\n Juniper Networks NetScreen ISG 1000 \r\n | \r\n\r\n NS-ISG-1000, \r\nNS-ISG-1000-DC, \r\nNS-ISG-1000B, \r\nNS-ISG-1000B-DC \r\n | \r\n\r\n 6.2.0r3a \r\n | \r\n
| \r\n Juniper Networks NetScreen ISG 2000 \r\n | \r\n\r\n NS-ISG-2000, \r\nNS-ISG-2000-DC, \r\nNS-ISG-2000B, \r\nNS-ISG-2000B-DC \r\n | \r\n\r\n 6.2.0r3a \r\n | \r\n
| \r\n Juniper Networks NetScreen 5200 \r\n | \r\n\r\n NS-5200, \r\nNS-5200-DC \r\n | \r\n\r\n 6.2.0r3a \r\n | \r\n
| \r\n Juniper Networks NetScreen 5400 \r\n | \r\n\r\n NS-5400, \r\nNS-5400-DC \r\n | \r\n\r\n 6.2.0r3a \r\n | \r\n
| \r\n Juniper Networks SSG5 Secure Services Gateway \r\n | \r\n\r\n SSG-5-SB, \r\nSSG-5-SH \r\n | \r\n\r\n 6.2.0r3 \r\n | \r\n
| \r\n Juniper Networks SSG20 Secure Services Gateway \r\n | \r\n\r\n SSG-20-SB, \r\nSSG-20-SH \r\n | \r\n\r\n 6.2.0r3 \r\n | \r\n
| \r\n Juniper Networks SSG140 Secure Services Gateway \r\n | \r\n\r\n SSG-140-SB, SSG-140-SH \r\n | \r\n\r\n 6.2.0r3 \r\n | \r\n
| \r\n Juniper Networks SSG320M Secure Services Gateway \r\n | \r\n\r\n SSG-320M-SH, \r\nSSG-320M-SH-N-TAA, \r\nSSG-320M-SH-DC-N-TAA \r\n | \r\n\r\n 6.2.0r3 \r\n | \r\n
| \r\n Juniper Networks SSG350M Secure Services Gateway \r\n | \r\n\r\n SSG-350M-SH, \r\nSSG-350M-SH-N-TAA, \r\nSSG-350M-SH-DC-N-TAA \r\n | \r\n\r\n 6.2.0r3 \r\n | \r\n
| \r\n Juniper Networks SSG520M Secure Services Gateway \r\n | \r\n\r\n SSG-520M-SH, \r\nSSG-520M-SH-N-TAA, \r\nSSG-520M-SH-DC-N-TAA \r\n | \r\n\r\n 6.2.0r3 \r\n | \r\n
| \r\n Juniper Networks SSG550M Secure Services Gateway \r\n | \r\n\r\n SSG-550M-SH, \r\nSSG-550M-SH-N-TAA, \r\nSSG-550M-SH-DC-N-TAA \r\n | \r\n\r\n 6.2.0r3 \r\n | \r\n
The TOE is administered via a command line interface (CLI). During normal operation, the CLI is accessed remotely over a Secure Shell (SSH) connection. For initial configuration, a device that can emulate a VT-100 terminal is connected directly to the appliance as a local console. Once initial configuration is completed and the TOE is in FIPS mode, the local console remains connected to the TOE only to monitor alarms generated by the TOE. It is not to be used for entering commands. This is described clearly in the administrative guidance documentation provided as part of the TOE.
\r\nVID10301 – Met the functional requirements of the following PP’s:
\r\n\r\n
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process. The criteria against which the Juniper Networks Security Appliances TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 2. The evaluation methodology used by the Evaluation Team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1, Revision 2. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is the EAL4 assurance requirements package, augmented with ADV_FSP.5, ADV_INT.3, ADV_TDS.4, ALC_FLR.2 and ATE_DPT.3. The product satisfies all of the security functional requirements stated in the Juniper Networks Security Appliances Security Target, when configured as specified in the Juniper Networks ScreenOS 6.2 Evaluated Configuration for Common Criteria, EAL4.
\r\nA validation team on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in March 2010. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID10301-2010), prepared by CCEVS.
","environmental_strengths":"Juniper Networks Security Appliances provide a moderate to high level of independently assured security in a conventional TOE and are suitable for generalized environments with a low to medium level of risk to the applicable assets.
\r\nJuniper Networks Security Appliances support the following security functions:
\r\nAudit data is stored in memory and is separated into three types of logs: events; traffic logs; and self logs. Events are system-level notifications and alarms which are generated by the system to indicate events such as configuration changes, network attacks detected, or administrators logging in or out of the device. Traffic logs are directly driven by policies that allow traffic to go through the device. Self logs store information on traffic that is dropped and traffic that is sent to the device. Logs are protected and a searching/sorting mechanism of these logs is offered to administrators.
\r\nThe TOE monitors events and can apply rules to those monitored events to identify potential security violations. If the TOE detects a potential security violation, it displays an alarm at the local console, at remote administrator sessions that currently exist, and at remote administrator sessions that are initiated before the alarm has been acknowledged. Alarms can be configured to be audible.
\r\nEach of the appliances comprising the TOE has completed FIPS 140-2 SL 2 validation, with SL 3 for the following security requirements: Cryptographic Module Specification; Cryptographic Module Ports and Interfaces; Roles, Services, and Authentication; Cryptographic Key Management; and Design Assurance.
\r\nThe TOE enforces information flow control policies based on the concept of zones. Security policies are applied to the flow of information from network nodes in one zone to network nodes in other zones. These policies control interzone and intrazone information flows.
\r\nA zone is a logical abstraction on which the TOE provides services that are typically configurable by the administrator. A zone can be a segment of network space to which security measures are applied (a security zone), a logical segment to which a VPN tunnel interface is bound (a tunnel zone), or either a physical or logical entity that performs a specific function (a function zone).
\r\nThe TOE provides an authentication mechanism for administrative users through an internal authentication database. Administrative login is supported at the local console for initial configuration, and remotely via an SSH protected communication channel. FIPS 140-2 SL 3 operator authentication requirements preclude the use of external authentication servers. Thus, to operate the TOE in a FIPS certified manner, only local administrator authentication is permitted in the evaluated configuration.
\r\nA known administrator user id and its corresponding authentication data must be entered correctly in order for the administrator to successfully logon and thereafter gain access to administrative functions. For local authentication, all administrator user name and password pairs are managed in a database internal to the TOE. Excessive failed login attempts while initiating a remote administration session can cause the session being created to be closed.
\r\nAfter initial configuration, administrators manage the TOE remotely using a CLI communicating over the SSH protocol. The TOE also implements a web interface, but this is not part of the evaluated configuration.
\r\nTo execute the CLI, the administrator can establish a trusted SSH connection to the TOE and utilize the CLI offered through the SSH connection. Regardless of the interface, the authorized administrator must be successfully identified and authenticated before they are permitted to perform any security management functions on the TOE.
\r\nThe TOE supports three distinct administrative roles: Audit Administrator; Cryptographic Administrator; and Security Administrator. In addition to these administrative roles, an administrator may be given a read-write or read-only attribute that affects that administrator’s ability to change the device’s configuration data.
\r\nThe TOE is a hardware and firmware device that protects itself largely by offering only a minimal logical interface to the network and attached nodes. ScreenOS is a special purpose OS that provides no general purpose programming capability. All network traffic from one network zone to another or between two networks within the same network zone passes through the TOE; however, no protocol services are provided for user communication with the TOE itself. The TOE also preserves its configuration for trusted recovery in the event that the configuration has been modified and not saved or if the TOE has been ungracefully shutdown.
\r\nThe TOE provides a recovery and self testing mechanism. The recovery mechanism allows administrators to return the TOE to a secure state, while the self test mechanism allows administrators to verify the integrity of the TOE and its cryptographic functions.
\r\nThe TOE provides features to protect itself from Denial of Service attacks. These features limit TCP connections and offer administrators the ability to limit the number of resources a particular address or set of addresses can use over a specified time period.
\r\nThe TOE provides the ability to restrict the establishment of an administrative session based on a schedule or based upon the originating source IP address (or subnet). The TOE also provides inactivity timeouts and logon banners that can be configured by administrators.
\r\nRemote administration of the TOE can be accomplished using SSH to protect the communication of a remote administrator and the TOE. SSH provides for the protection of remote administration activity from both disclosure and modification. An IPSEC tunnel is used to provide encryption and integrity for trusted channels to external servers (e.g., an NTP server).
","features":[]}