The HP Wireless LAN appliances consist of hardware and software components. While the physical form factor of each distinct series in the TOE is substantially different, the underlying hardware shares a similar architecture. The software utilized is a common code base of a modular nature with only the modules applicable for the specific hardware installed. The TOE appliances include dedicated Access Controllers, Access Points, and switch appliances with Access Controller modules – all of which service wireless clients ensuring the wireless communication is secure and connecting those clients to wired networks.
","evaluation_configuration":"The WLAN products in the evaluated configuration comprise the following:
\r\nNote: The Access Point (AP) model designations in the preceding list identify different regulatory domain variants. The model designation is determined by the setting of a bit during the manufacturing process—it is not customer configurable. This bit identifies which regulatory domain the AP should operate in and restricts the available frequency of operation for the AP radios. The designations are defined as follows:
\r\nThere are two types of Access Controller in the TOE: switch module, which operates within a switch chassis; and unified appliances, which integrate switch and access controller into a single appliance.
\r\nThe APs in the TOE are IEEE 802.11a/b/g/n wireless devices that provide wireless coverage in both managed mode (i.e., managed through an Access Controller) and autonomous mode (i.e., without a controller). Only managed mode is supported in the evaluated configuration.
","security_evaluation_summary":"The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the HP WLAN Access Controllers and Access Points were evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 3. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 4. The product, when delivered and configured as identified in the Preparative Procedures for CC WLASPP Evaluated Wireless LAN Controllers and Access Points document, satisfies all of the security functional requirements stated in the Hewlett-Packard Company Wireless LAN Access Controllers and Access Points Security Target, Version 1.0, 31 October 2014. The project underwent CCEVS Validator review. The evaluation was completed in November 2014. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
","environmental_strengths":"Security Audit
\r\nThe TOE is able to generate logs of security relevant events. The TOE can be configured to be selective in the audit records logged and can store the logs locally so they can be accessed by an administrator. The TOE also has the ability to transmit generated audit records to an audit server in its operational environment.
\r\nLocally stored audit records can be reviewed by an administrator. The ability to view externally stored audit records is provided by the operational environment. All TOE audit records include a time stamp that comes from either the TOE’s internal clock or from an optional NTP server.
\r\nCryptographic Support
\r\nThe TOE includes NIST-validated cryptographic mechanisms that provide key management, random bit generation, encryption/decryption, digital signature; cryptographic hashing, and keyed hash message authentication capabilities in support of higher level cryptographic protocols, including SSH and HTTPS.
\r\nFurthermore, the underlying cryptographic support is used to ensure that wireless communications can be secured (e.g., using WPA2).
\r\nThe TOE must be configured and operated in FIPS mode.
\r\nUser Data Protection
\r\nThe TOE performs network switching and routing functions, passing network traffic among its various wireless, physical, and logical network connections. While implementing applicable network protocols associated with network traffic forwarding, the TOE is designed to ensure that it doesn’t inadvertently reuse data found in network traffic.
\r\nThe TOE implements WPA2 to encrypt and decrypt wireless network traffic as it is sent and received.
\r\nIdentification and Authentication
\r\nThe TOE requires users (i.e., administrators) to be successfully identified and authenticated before they can access any security management functions provided by the TOE. The TOE supports the local (i.e., on device) definition of administrators with usernames and passwords. Additionally, in the evaluated configuration the TOE can be configured to utilize the services of trusted RADIUS and TACACS/TACACS+ servers in the operational environment. These could be used to support, for example, centralized user administration.
\r\nThe TOE implements 802.1X to support the authentication and authorization of wireless clients prior to establishing secure wireless sessions.
\r\nSecurity Management
\r\nThe TOE provides Command Line Interface (CLI) commands and a Web-based Graphical User Interface (Web GUI) to access the security management functions. The TOE’s CLI can be accessed locally via a directly-connected console device and remotely via SSH. The GUI can be accessed remotely via HTTPS. Security management commands are limited to administrators and are available only after they have provided acceptable user identification and authentication data to the TOE.
\r\nThe TOE provides wireless clients access to manage their own credentials once connected, but otherwise security management functions are limited to administrators.
\r\nProtection of the TSF
\r\nThe TOE protects particularly sensitive data such as stored passwords and cryptographic keys so that they are not accessible even by an administrator. It also provides its own timing mechanism to ensure that reliable time information is available (e.g., for log accountability) and to ensure that information can be synchronized with a reliable time source.
\r\nThe TOE implements cryptographic protocols to protect communication between TOE components as well as between TOE and other components in the operational environment (e.g., administrator workstations).
\r\nThe TOE includes functions to perform self-tests so that it might detect when it is failing. There is also self-test functionality that verifies the integrity of the TOE’s stored executable files. This protects against corrupted executables that would cause unexpected or insecure behavior. There are also mechanisms so that the TOE itself can be updated while ensuring that the updates will not introduce malicious or other unexpected changes in the TOE.
\r\nResource Utilization
\r\nThe TOE can limit network connections in order to ensure that administrators will be able to connect when they need to perform security management operations on the TOE.
\r\nTOE Access
\r\nThe TOE can be configured to display an informative banner when an administrator establishes an interactive session and subsequently will enforce an administrator-defined inactivity timeout value after which an inactive session will be terminated.
\r\nTrusted Path/Channels
\r\nThe TOE protects interactive communication with administrators using SSHv2 for CLI access or HTTPS for Web GUI access. In each case, the cryptographic protocols protect confidentiality and integrity of communicated data. Similarly, remote wireless client communications are protected using WPA2 that involve the use of supporting cryptographic functions to ensure those wireless sessions are not subject to disclosure or modification.
\r\nThe TOE protects communication with network peers, such as a log server or time server, using IPsec via IPv4 or IPv6 connections to prevent unintended disclosure or modification of logs or time updates.
","features":[]}