The TOE, the Motorola AP-7131N Access Point, is a device that manages inbound and outbound traffic on a 802.11a/b/g/n wireless network; it is used to provide secure Wireless Local Area Network (WLAN) connectivity to a set of wireless client devices. The module protects data exchanged with wireless client devices using IEEE 802.11i wireless security protocol. The TOE has one (1) physical LAN port supporting two (2) unique LAN interfaces, one (1) physical WAN port, one (1) serial port, six (6) LEDs, one (1) reset button and six (6) antennas.
\r\nThe TOE supports two deployment options, a standalone deployment and a Mesh deployment. In the standalone deployment, all AP-7131Ns are connected directly to the LAN and/or WAN wired networks. Wireless users connect to the AP via the 802.11a/b/g/n wireless communication link.
\r\nIn a Mesh deployment, only one AP-7131N must be connected directly to the LAN and/or WAN wired network; this AP is configured as a base bridge. Another AP-7131, configured as a client bridge, can connect to the wired network through the base bridge via 802.11a/b/g/n wireless communication link. An AP-7131N can be configured as both base bridge and client bridge, allowing the AP to act as a repeater; the Mesh configuration supports as many as three repeaters connected in series. All client and base bridges are capable to serve as fully functional APs, connecting to wireless users via 802.11a/b/g/n. Each client bridge must authenticate itself to the corresponding base bridge using Pre-Shared Keys (PSK).
\r\nThe following Security Functions are supported by the TOE:
\r\nThe evaluation covers two models of the AP-7131N, the AP-7131N-66040-FGR Rev. D and the AP-7131N-66040-FWW Rev. F; both are shipped with identical software, version 4.0.4.0-045GRN. The two models are identical except that the radio frequency bands of the FGR are preconfigured for use in the USA only; the radio frequency bands of the FWW are configurable for all supported countries except the USA. The differences between the two models are limited to the frequency bands supported and the menu used to select the country of use; all security functions are identical. The software detects the model on startup.
\r\nThe TOE supports the following LAN, WAN, and WLAN interfaces:
\r\nEnvironment Dependencies
\r\nThe AP-7131N requires the following support from the IT environment:
\r\nThe evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that Motorola Solutions AP-7131N device meets the security requirements contained in the Security Target. The criteria against which the AP-7131N was assessed are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 3 and National and International Interpretations effective 2 November 2012. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 3. InfoGard Laboratories determined that the AP-7131N access point provides the security assurance required by Evaluation Assurance Level 2 (EAL2) and ALC_FLR.2.
\r\nThe TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target. Validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by InfoGard Laboratories, Inc. The evaluation was completed in March of 2014.
","environmental_strengths":"The Motorola Solutions AP-7131N is a commercial wireless LAN (WLAN) access point. It utilizes National Institute of Standards and Technology (NIST) Cryptographic Algorithm Validation Program (CAVP) validated cryptographic algorithms to provide secure management and secure wireless networking functions.
\r\nThe AP-7131N requires remote administrative users to be authenticated over a trusted path prior to performing any administrative functions. The AP locks out a remote interface type (i.e. HTTPS or SSH) if that interface type receives 3 consecutive failed login attempts.
\r\nThe AP-7131N utilizes trusted channels to protect communications with trusted IT entities (i.e. authentication server, NTP server, Syslog server, SFTP server, SNMPv3 Manager).
\r\nThe AP-7131N audits both wireless user and administrator actions to an external syslog server to aid in detecting suspicious behavior.
","features":[]}