The TOE is a distributed system, comprised of the Air Defense Services Platform (ADSP) software and one or more AP-7131N Wireless Access Point devices simultaneously operating as wireless access points and Wireless Intrusion Detection System (WIDS) sensors. The TOE is a system that manages inbound and outbound traffic on an 802.11a/b/g/n wireless network and analyzes the wireless environment for potential security threats.
\r\nThe Air Defense Services Platform 9.0 (ADSP 9.0) portion of the TOE is a wireless networking security, assurance and management solution, designed to monitor and analyze the 802.11a/b/g/n metadata received from the attached AP-7131N devices. By analyzing this metadata, the ADSP system can detect violations of site-specific wireless security policies.
\r\nThe AP-7131N Access Point (AP) portion of the TOE is a hardware device that operates both as an Access Point and a wireless IDS sensor. As an AP, the AP-7131N manages inbound and outbound traffic on an 802.11a/b/g/n wireless network providing secure Wireless Local Area Network (WLAN) connectivity to a set of wireless client devices. As a sensor, the AP-7131N monitors network traffic and forwards information to the ADSP server for analysis. The module protects data exchanged with wireless client devices using IEEE 802.11i wireless security protocol. The TOE has one (1) physical LAN port supporting two (2) unique LAN interfaces, one (1) physical WAN port, one (1) serial port, six (6) LEDs, one (1) reset button and six (6) antennas.
\r\nThe Motorola Solutions ADSP Version 9.0 software runs on a pre-configured version of Community Enterprise Operating System (CENTOS) version 6.2; CENTOS runs only the required communications services with all unused ports and functions closed and/or turned off. The required services include SNMPv3, TLS 1.0, SSHv2, NTPv4, SCP, and HTTPS. The ADSP CENTOS is a guest OS that runs on a virtualization engine in the IT environment.
\r\nThe following Security Functions are supported by the TOE:
\r\nThe evaluation covers ADSP Version 9.0.0-83 and two models of the AP-7131N, the AP-7131N-66040-FGR Rev. D and the AP-7131N-66040-FWW Rev. F; both are shipped with identical software, version 4.0.4.0-045GRN. The two models are identical except that the radio frequency bands of the FGR are preconfigured for use in the USA only; the radio frequency bands of the FWW are configurable for all supported countries except the USA. The differences between the two models are limited to the frequency bands supported and the menu used to select the country of use; all security functions are identical. The software detects the model on startup.
\r\nThe AP-7131N portion of the TOE supports the following LAN, WAN, and WLAN interfaces:
\r\nEnvironment Dependencies
\r\nThe AP-7131N portion of the TOE requires the following support from the IT environment:
\r\nThe ADSP portion of the TOE requires the following support from the IT environment:
\r\nThe evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that Motorola Solutions ADSP virtual server and AP-7131N device meets the security requirements contained in the Security Target. The criteria against which ADSP and AP-7131N were assessed are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 3 and National and International Interpretations effective 2 November 2012. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 3. InfoGard Laboratories determined that ADSP and AP-7131N Access Point provides the security assurance required by Evaluation Assurance Level 2 (EAL2) and ALC_FLR.2.
\r\nThe TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target. Validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by InfoGard Laboratories, Inc. The evaluation was completed in March of 2014.
","environmental_strengths":"The Motorola Solutions AP-7131N is a commercial wireless LAN (WLAN) access point. It utilizes National Institute of Standards and Technology (NIST) Cryptographic Algorithm Validation Program (CAVP) validated cryptographic algorithms to provide secure management and secure wireless networking functions.
\r\nThe Motorola Solutions ADSP is a Wireless IDS system. It utilizes NIST Cryptographic Module Validation Program (CMVP) validated cryptographic modules which implement CAVP validated cryptograph algorithms. These algorithms provide secure management.
\r\nBoth ADSP and AP-7131N require remote administrative users to be authenticated over a trusted path prior to performing any administrative functions. ADSP locks out a user’s account after an administrator configured number of failed authentication attempts, while the AP locks out a remote interface type (i.e., HTTPS or SSH) if that interface type receives 3 consecutive failed login attempts.
\r\nThe AP-7131N utilizes trusted channels to protect communications with trusted IT entities (i.e., authentication server, NTP server, Syslog server, SFTP server, SNMPv3 Manager).
\r\nThe AP-7131N audits both wireless user and administrator actions to an external syslog server to aid in detecting suspicious behavior.
","features":[]}