The Target of Evaluation (TOE) is the Brocade Directors and Switches. The following models were evaluated running the FabricOS version 7.0.0b1 software:
\r\nNote that models FS8-18 and BES switch appliance support the user data encryption function.
\r\nAll appliance models comprising the TOE provide the same security functionality. They differ only in the number and speed of their network connections and their processing capacity (in terms of memory and processor speeds).
\r\nThe Target of Evaluation (TOE) is the Brocade Directors and Switches hardware appliances running FabricOS version 7.0.0b1. Brocade Directors and Switches are hardware appliances that implement what is called a “Storage Area Network” or “SAN”. SANs provide physical connections between machines in the environment containing a type of network card called a Host Bus Adapter (HBA) that are located in the environment and storage devices such as disk storage systems and tape libraries that are also located in the environment. The network connection between the storage devices in the environment, the TOE, and HBAs in the environment use high-speed network hardware. SANs are optimized to transfer large blocks of data between HBAs and storage devices. SANs can be used to replace or supplement server-attached storage solutions, for example. HBAs communicate with the TOE using Fibre Channel (FC) or FC over IP (FCIP) protocols. Storage devices in turn are physically connected to the TOE using FC/FCIP interfaces. When more than one instance of the TOE is interconnected (i.e. installed and configured to work together), they are referred to collectively as a “SAN fabric”. A zone is a specified group of fabric-connected devices (called zone members) that have access to one another.
","evaluation_configuration":"","security_evaluation_summary":"The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Brocade Directors and Switches TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 2. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 2. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 4 augmented with ALC_FLR.2. The product, when delivered configured as identified in the Brocade Fabric OS v7.0.0b1 Release Notes v1.0 document, satisfies all of the security functional requirements stated in the Brocade Directors and Switches Security Target (Version 2.8). The project underwent one Validation Oversight Panel (VOR) panel review. The evaluation was completed in March 2012. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-10376-2012, dated March 2012) prepared by CCEVS.
","environmental_strengths":"The logical boundaries of Brocade Directors and Switches TOE are realized in the security functions that it implements. Each of these security functions is summarized below.
\r\n\r\n
Security audit – The TOE generates audit events for numerous activities including policy enforcement, system management and authentication. A syslog server in the environment is relied on to store audit records generated by the TOE. The TOE generates a complete audit record including the IP address of the TOE, the event details, and the time the event occurred. The time stamp is provided by the TOE appliance hardware. When the syslog server writes the audit record to the audit trail, it applies its own time stamp, placing the entire TOE-generated syslog protocol message MSG contents into an encapsulating syslog record.
\r\nUser data protection – Host bus adapters can only access storage devices that are members of the same zone. The TOE enforces an access control policy called the SAN Fabric SFP to accomplish this. The SAN Fabric SFP is implemented using hardware-enforced zoning (also called “hard zoning” or simply “zoning”) that prevents a host bus adapter from accessing a device the host bus adapter is not authorized to access. A zone is a region within the fabric where a specified group of fabric-connected devices (called zone members) have access to one another. Zone members do not have access to any devices outside the zone and devices outside the zone do not have access to devices inside the zone.
\r\nSome models of the TOE support encryption of user data for specified storage devices. A storage device configured to host encrypted data receives only encrypted data from the TOE and the TOE decrypts data received from the storage device. The encryption of the data exchanged between the TOE and an encrypted storage device is called “user data encryption”. A CryptoTarget container is a configuration of “virtual devices” that is created for each storage device hosted on the TOE. A LUN is simply a number assigned to an addressable logical unit within a storage device. A CryptoTarget container identifies individual LUNs within a storage device as either encrypted or cleartext.
\r\nIdentification and authentication – The TOE authenticates administrative users. In order for an administrative user to access the TOE, a user account including a user name and password must be created for the user, and an administrative role must be assigned. Either the TOE performs the validation of the login credentials or the information is passed to a RADIUS or LDAP Server to perform the validation and the TOE enforces the decision. The administrator can configure the order in which the external authentication provider and the local credentials are checked.
\r\n\r\n
Security management – The TOE provides both serial terminal- and Ethernet network-based management interfaces. Each of the three types of interfaces provides equivalent management functionality. The TOE provides administrative interfaces to configure hard zoning, as well as to set and reset administrator passwords. By default, host bus adapters do not have access to storage devices.
\r\nProtection of the TSF – Protection of the TSF is provided primarily by virtue of the fact that the TOE is a hardware appliance that is physically protected in the environment. On most models, the TOE does not encrypt data written to or read from storage devices by host bus adapters. Encryption of this data is called “user data encryption” and is available only on a subset of the models of the TOE being evaluated (see 6.1.2.1 for more details). The TOE relies instead on the environment to physically protect the network between the HBA and the TOE, and between the TOE and the storage device. Separate appliance ports are relied on to physically separate connected HBAs. The appliance’s physical location between HBAs and storage devices is relied on to ensure TOE interfaces cannot be bypassed. The TOE encrypts commands sent from terminal applications by administrators using SSH or HTTPS. Further, TOE requires administrators to login after a SSH or HTTPS connection has been established. The TOE provides a reliable time stamp for audit records.
\r\nTOE Access – The TOE provides an IP Filter policy that is a set of rules applied to the IP management interfaces. These rules provide the ability to control how and to whom the TOE exposes the management services hosted on a switch. They cannot affect the management traffic that is initiated from a switch.
\r\nThe TOE limits the number of concurrent login sessions for users, such that the number of simultaneous login sessions for each role is limited.
\r\nTrusted Path - The TOE enforces a trusted path between the TOE administrators and the TOE using SSH and HTTPS connections for Ethernet connections from the Administrator terminal to the TOE. The TOE encrypts commands sent from terminal applications by administrators using SSH for the command line interface and HTTPS for the Advanced Web Tools GUI interface.
","features":[]}