The Target of Evaluation (TOE) is the Hewlett-Packard Company 10500 Series Chassis’ with HP 10500 Main Processing Unit (JC614A) running Comware v5.20.105, Release 1208 P08, and 5830AF Series Switches running Comware v5.20.105, Release 1118 P08.
\r\nThe 10500 Series switches in the evaluated configuration include the 10504, 10508, 10508-V, and 10512 switch chassis’, each equipped with a 10500 Main Processing Unit (JC614A), while the 5830AF Series switches in the evaluated configuration include the 5830AF-48G switch with 1 interface slot, and the 5830AF-96G switch. Each series consists of a set of distinct devices which vary primarily according to power delivery, performance, and port density.
\r\nWhile the 5830AF Series have fixed ports, the 10500 Series supports plug-in modules, which provide additional functionality (e.g., various numbers and types of network connection ports), and security blades, which offer additional advanced security functions (e.g., firewall). With the exception of pluggable security blades, all of the available plug-in modules for the 10500 series switches are included in the evaluated configuration.
\r\nThe TOE can be deployed as a single device or alternately as a group of 10500 or 5830AF Series devices connected using the HP Intelligent Resilient Framework (IRF) technology to effectively form a logical switch device. The IRF technology does not require that switches be co-located, but can be attached using standard LACP for automatic load balancing and high availability.
\r\nThe HP 10500 and 5830AF Series switches are Gigabit Ethernet switch appliances which consist of hardware and software components. While the physical form factor of each series is substantially different, the underlying hardware share a similar architecture. The software utilized is a common code base of a modular nature with only the modules applicable for the specific hardware installed.
","evaluation_configuration":"","security_evaluation_summary":"The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Hewlett-Packard HP 10500 and 5830AF Series switches were judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 3. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 3. The product, when delivered and configured as identified in the Preparative Procedures for CC NDPP Evaluated Hewlett-Packard Network Switch Series”, Version 1.07, dated June 23, 2014 document, satisfies all of the security functional requirements stated in the Hewlett-Packard Company 10500 Series and 5830AF Series Switches Security Target, Version 1.0, June 20, 2014. The project underwent CCEVS Validator review. The evaluation was completed in June 2014. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
","environmental_strengths":"Security Audit
\r\nThe TOE is designed to be able to generate logs for a wide range of security relevant events. The TOE can be configured to store the logs locally so they can be accessed by an administrator or alternately to send the logs to a designated log server.
\r\nCryptographic Support
\r\nThe TOE includes NIST-validated cryptographic algorithms that provide key management, random bit generation, encryption/decryption, digital signature and secure hashing and key-hashing features in support of higher level cryptographic protocols including IPsec, SSH, and TLS/HTTPS. Note that in order to be in the evaluated configuration, the TOE must be configured in FIPS mode, which ensures the TOE’s configuration is consistent with the FIPS 140-2 standard.
\r\nUser Data Protection
\r\nThe TOE performs network switching and routing functions, passing network traffic among its various physical and logical (e.g., VLAN) network connections. While implementing applicable network protocols associated with network traffic forwarding, the TOE is designed to ensure that it doesn’t inadvertently reuse data found in network traffic.
\r\nIdentification and Authentication
\r\nThe TOE requires users (i.e., administrators) to be successfully identified and authenticated before they can access any security management functions available in the TOE. The TOE offers both a locally connected console as well as network accessible interfaces (SSHv2 and TLSv1.0) for interactive administrator sessions.
\r\nThe TOE supports the local (i.e., on device) definition of administrators with usernames and passwords. Additionally, the TOE can be configured to utilize the services of trusted RADIUS and TACACS servers in the operational environment to support, for example, centralized user administration.
\r\nSecurity Management
\r\nThe TOE provides Command Line (CLI) commands to access the wide range of security management functions. Security management commands are limited to administrators and are available only after they have provided acceptable user identification and authentication data to the TOE.
\r\nNote that the switches also support a secure web GUI via HTTPS to access the TOE, if it is configured through the device’s console port. Configuration of this feature includes configuring the username, password, privilege level, and web service type for the web login.
\r\nProtection of the TSF
\r\nThe TOE implements a number of features designed to protect itself to ensure the reliability and integrity of its security features.
\r\nIt protects particularly sensitive data such as stored passwords and cryptographic keys so that they are not accessible even by an administrator. It also provides its own timing mechanism to ensure that reliable time information is available (e.g., for log accountability).
\r\nWhen deployed as an IRF group, all devices that are part of the IRF group are co-located, directly connected to form one instance of the TOE. IRF communication is not considered communication between distributed TOE components; rather, it is communication among collocated components that logically form an instance of the TOE. Since the IRF communication channels are not protected using mechanisms such as encryption, they need to be as protected as the TOE devices themselves.
\r\nThe TOE uses cryptographic means to protect communication with remote administrators. When the TOE is configured to use the services of a Syslog server or authentication servers in the operational environment, the communication between the TOE and the operational environment component is protected using encryption.
\r\nThe TOE includes functions to perform self-tests so that it might detect when it is failing. It also includes mechanisms so that the TOE itself can be updated while ensuring that the updates will not introduce malicious or other unexpected changes in the TOE.
\r\nTOE Access
\r\nThe TOE can be configured to display an informative banner that will appear under a variety of circumstances. Such instances for a banner include for it to be displayed when an administrator establishes an interactive session, in conjunction with the login prompts, as a message of the day before authentication is completed, or as a legal advisory prior to a user logging in, requiring the user to indicate whether he/she wants to continue with the authentication process. The TOE subsequently will enforce an administrator-defined inactivity timeout value after which the inactive session will be terminated.
\r\nTrusted Path/Channels
\r\nThe TOE protects interactive communication with administrators using SSHv2 for CLI access. Using SSHv2, both integrity and disclosure protection is ensured. Similarly, HTTPS is used to protect the communication with administrators using the Web GUI.
\r\nThe TOE protects communication with network peers, such as a log server, using IPsec connections to prevent unintended disclosure or modification of logs.
","features":[]}