The Target of Evaluation (TOE) is the Hewlett-Packard Company A-Series Routers with Comware version 5.20. The following models were evaluated:
\r\n| \r\n Product Series \r\n | \r\n\r\n Specific Devices \r\n | \r\n
| \r\n HP A6600 Series with \r\n
| \r\n\r\n HP A6616 Router Chassis \r\n | \r\n
| \r\n HP A6608 Router Chassis \r\n | \r\n|
| \r\n HP A6604 Router Chassis \r\n | \r\n|
| \r\n HP A8800 Series with \r\n
| \r\n\r\n HP A8805 Router Chassis \r\n | \r\n
| \r\n HP A8808 Router Chassis \r\n | \r\n|
| \r\n HP A8812 Router Chassis \r\n | \r\n|
| \r\n HP A?MSR30 Series \r\n | \r\n\r\n HP A?MSR30?20 Multi?service Router \r\n | \r\n
| \r\n HP A?MSR30?40 Multi?service Router \r\n | \r\n|
| \r\n HP A?MSR30?60 Multi?service Router \r\n | \r\n|
| \r\n HP A?MSR30?20 PoE Multi?service Router \r\n | \r\n|
| \r\n HP A?MSR30?40 PoE Multi?service Router \r\n | \r\n|
| \r\n HP A?MSR30?60 PoE Multi?service Router \r\n | \r\n|
| \r\n HP A?MSR30?10 Router \r\n | \r\n|
| \r\n HP A?MSR50 Series \r\n | \r\n\r\n HP A?MSR50?40 Multi?service Router \r\n | \r\n
| \r\n HP A?MSR50?60 Multi?service Router \r\n | \r\n|
| \r\n HP A?MSR50?40 DC Multi?service Router \r\n | \r\n|
| \r\n HP A?MSR50?60 DC Multi?Service Router \r\n | \r\n
\r\n
The A-Series routers in the evaluated configuration include the A6600, A8800, A?MSR30 and A?MSR50 series. Each series of this family consists of a set of distinct devices which vary primarily according to power delivery, performance, and port density.
\r\nWhile most of the A-Series routers have fixed ports, they all support plug-in modules (or blades) that provide additional functionality (e.g., various numbers and types of network connection ports). While pluggable security blades are required in the evaluated configuration, all of the available plug-in modules are included and can optionally be used in the evaluated configuration. While built into the A-MSR30 and A-MSR50 series routers, security blades for the A6600 and A8800 series devices offer additional advanced (e.g., firewall) security functions that are claimed in this evaluation and hence are required..
\r\nThe TOE can be deployed as a single A-Series device or alternately as a group of A-Series devices connected using the HP Intelligent Resilient Framework (IRF) technology to effectively form a logical switch device. The IRF technology requires that A-Series device be directly connected to one another using an IRF stack utilizing one or more dedicated Ethernet connections that are used to coordinate the overall logical switch configuration and also to forward applicable network traffic as necessary between attached devices.
","evaluation_configuration":"","security_evaluation_summary":"The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which Hewlett-Packard Company A-Series Routers TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 3. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 3. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 2 augmented with ALC_FLR.2. The product, when delivered configured as identified in Preparative Procedures for CC EAL2 Evaluated Hewllet-Packard A-Series Family document, satisfies all of the security functional requirements stated in the Hewlett-Packard Company A-Series Routers Security Target (Version 1.0). The project underwent one Validation Oversight Panel (VOR) panel review. The evaluation was completed in September 2012. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-VID10470-2013, dated March 2013) prepared by CCEVS.
","environmental_strengths":"The logical boundaries of Hewlett-Packard Company A-Series Routers TOE are realized in the security functions that it implements. These security functions are realized at the network interfaces that service clients and via the administrator commands. Each of these security functions is summarized below.
\r\nSecurity audit - The TOE is designed to be able to generate logs for a wide range of security relevant events. The TOE can be configured to store the logs locally so they can be accessed by an administrator or alternately to send the logs to a designated log server. Locally stored audit records can be reviewed and otherwise managed by an administrator.
\r\nCryptographic support - The TOE includes a FIPS 140-2 certified cryptographic module (Certificate #1911, #1913 and #1914) that provides key management, random bit generation, encryption/decryption, digital signature and secure hashing and key-hashing features in support of higher level cryptographic protocols including IPSec, SSH, HTTPS, and SNMP.
\r\nUser data protection - The TOE performs a wide variety of network switching and routing functions, passing network traffic among its various physical and logical (e.g., VLAN) network connections. While implementing applicable network protocols associated with network traffic forwarding, the TOE is carefully designed to ensure that it doesn’t inadvertently reuse data found in network traffic. The TOE implements stateful packet filtering and IPSec VPNs services. These services can be configured and monitored by an administrator.
\r\nIdentification and authentication - The TOE requires users (i.e., administrators) to be successfully identified and authenticated before they can access any security management functions available in the TOE. The TOE offers both a locally connected console as well as network accessible interfaces (SSHv2 and HTTPS) for interactive administrator sessions. An SNMPv3 interface, which also requires proper user credentials, is also available non-interactive MIB based management of the TOE.
\r\nThe TOE supports the local (i.e., on device) definition of administrators with usernames and passwords. Additionally, the TOE can be configured to utilize the services of trusted RADIUS and TACACS servers in the operational environment to support, for example, centralized user administration.
\r\nSecurity management - The TOE provides Command Line (CLI) commands, a Web-based Graphical User Interface (Web GUI), and Management Interface Block (MIB) SNMPv3 interface to access the wide range of security management functions. Security management commands are limited to administrators only after they have provided acceptable user identification and authentication data to the TOE.
\r\nProtection of the TSF - The TOE implements a number of features design to protect itself to ensure the reliability and integrity of its security features. It protects particularly sensitive data such as stored passwords and cryptographic keys so that they are not accessible even by an administrator. It also provides its own timing mechanism to ensure that reliable time information is available (e.g., for log accountability).
\r\nFrom a communication perspective it employs both dedicated communication channels (based on physically separate networks and VLAN technology) and also cryptographic means (e.g., SSH can detect and hence prevent replay attacks) to protect communication between distributed TOE components as well as between TOE and other components in the operation environment (e.g., administrator workstations). Note that IRF communication is not considered communication between distributed TOE components, but rather is communication among collocated components that logically form an instance of the TOE. As such, since the IRF communication channels are not protected using mechanisms such as encryption, they need to be as protected as the TOE devices themselves.
\r\nThe TOE includes functions to perform self-tests at startup so that it might detect when it is failing. It also includes mechanisms so that the TOE itself can be updated while ensuring that the updates will not introduce malicious or other unexpected changes in the TOE.
\r\nResource utilization - The TOE can limit network connections in order to ensure that administrators will be able to connect when they need to perform security management operations on the TOE.
\r\nTOE access - The TOE can be configured to display an informative banner when an administrator establishes an interactive session and subsequently will enforce an administrator-defined inactivity timeout value after which the inactive session will be terminated.
\r\nTrusted path/channels - The TOE protects interactive communication with administrators using SSHv2 for CLI access or HTTPS for Web GUI access. Access to the non-interactive MIB interface is protected using SNMPv3. In each case, both integrity and disclosure protection is ensured. The TOE protects communication with network peers, such as a log server, using an IPSec VPNs.
","features":[]}