The Target of Evaluation (TOE) is Alcatel-Lucent Enterprise OmniSwitch series 6465, 6560, 6860, 6865, 6900, 9900 with AOS 8.6.R11.
\r\nThe TOE is a network switch comprised of hardware and firmware. The firmware is Alcatel-Lucent Operating System (AOS) with the single purpose operating system that operates the management functions of all the Alcatel-Lucent Enterprise OmniSwitch switches.
\r\nThe TOE provides Layer-2 switching, Layer-3 routing, and traffic filtering. Layer-2 switching analyzes incoming frames and makes forwarding decisions based on information contained in the frames. Layer-3 routing determines the next network point to which a packet should be forwarded toward its destination. Filtering controls network traffic by controlling whether packets are forwarded or blocked at the TOE’s interfaces.
","evaluation_configuration":"The TOE hardware and firmware consists of the following families/series.
\r\nTOE Hardware Configurations Covered by the Evaluation
\r\n| \r\n Family / Series \r\n | \r\n\r\n AOS Version \r\n | \r\n\r\n Main Processor \r\n | \r\n
| \r\n OmniSwitch6465 (OS6465) \r\n | \r\n\r\n AOS 8.6.9.R11 \r\n\r\n | \r\n\r\n ARM Cortex-A9 \r\n\r\n | \r\n
| \r\n OmniSwitch 6560 (OS6560 \r\n | \r\n\r\n AOS 8.6.9.R11 \r\n | \r\n\r\n ARM Cortex-A9 \r\n\r\n | \r\n
| \r\n OmniSwitch 6860 (OS6860) \r\n | \r\n\r\n AOS 8.6.9.R11 \r\n | \r\n\r\n ARM Cortex-A9 \r\n\r\n | \r\n
| \r\n OmniSwitch 6865 (OS6865 \r\n | \r\n\r\n AOS 8.6.9.R11 \r\n | \r\n\r\n ARM Cortex-A9 \r\n\r\n | \r\n
| \r\n OmniSwitch 6900 (OS6900) \r\n | \r\n\r\n AOS 8.6.9.R11 \r\n\r\n | \r\n\r\n NXP MPC8572 \r\n | \r\n
| \r\n NXP QorIQ P2040 \r\n | \r\n||
| \r\n Intel Atom C2538 \r\n | \r\n||
| \r\n OmniSwitch9900 (OS9900) \r\n\r\n | \r\n\r\n AOS 8.6.9.R11 \r\n\r\n | \r\n\r\n Intel Atom C2518 \r\n\r\n | \r\n
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 R5. The evaluation methodology used by the evaluation team to conduct the evaluation was the Common Methodology for Information Technology Security Evaluation, Version 3.1, R5. The product, when delivered and configured as identified in the Preparation and Operations of Common Criteria Evaluated OmniSwitch Products (NDcPP), meets the requirements of the collaborative Protection Profile for Network Devices Version 2.1.
\r\nPreparation and Operations of Common Criteria Evaluated OmniSwitch Products (NDcPP) document satisfies all of the security functional requirements stated in the Alcatel-Lucent Enterprise OmniSwitch series 6465, 6560, 6860, 6865, 6900, 9900 with AOS 8.6.R11 Security Target, version 3.1. The evaluation was subject to CCEVS Validator review. The evaluation was completed in April 2021. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report number CCEVS-VR-VID11069-2021, prepared by CCEVS.
","environmental_strengths":"The TOE generates audit records for events required by NDcPP. The audit records can be displayed on the serial console. The TOE writes audit records to a set of circular files stored in the systems flash memory. The TOE also provides the ability to send the audit records to an external syslog server using a secure channel.
\r\nThe TOE performs identification and authentication of TOE administrators as follows:
\r\n· TOE administrators accessing (either locally or remotely) the CLI via a serial console or an SSH session.
\r\n· TOE administrators accessing TOE storage using SFTP via an SSH session.
\r\n· A SNMP Management Station accessing the TOE through the SNMP management interface.
\r\nThe TOE provides the ability to lock out the administrators after a configurable number of unsuccessful attempts and terminate the logon session after a configurable period of inactivity.
\r\nThe TOE supports the following identification and authentication mechanisms:
\r\n· Identification and authentication performed by the TOE using credentials stored in the local file system.
\r\n· Identification and authentication performed by the TOE using credentials stored in an LDAP server.
\r\n· Identification and authentication performed by the external authentication server RADIUS.
\r\nThe security functions listed in the Security Target can be managed by authorized administrators through the management interfaces serial console, CLI, and SNMPv3.
\r\nThe TOE protects itself by requiring administrators to identify and authenticate themselves prior to performing any actions and by defining the access allowed by each administrator.
\r\nThe TOE uses the filesystem access control to protect access to sensitive data like cryptographic keys and credentials.
\r\nThe TOE ensures that the TOE firmware updates are trusted by verifying the integrity of the updates.
\r\nThe TOE implements self-tests to ensure the correct operation of cryptographic services.
\r\nThe TOE provides a reliable date and time that is used for audit record timestamps, certificate verification and session timing.
\r\nThe TOE provides cryptographic services for secure communication channels, encryption of stored passwords, and verification of the integrity of the TOE firmware.
\r\nThe TOE implements several cryptographic protocols that can be used to establish trusted channels to other IT entities.
\r\nThe TOE provides cryptographic services via the following cryptographic modules.
\r\n· OpenSSL
\r\n· OpenSSH
\r\nThe TOE displays an administrator-configurable banner before the administrator successfully logs onto the TOE (either serial console, SSH, or SFTP).
\r\nTrusted Path/Channels
\r\nThe TOE supports the use of the following cryptographic protocols that define a trusted channel between itself and external IT entities.
\r\n· TLS (v1.1 and v1.2)
\r\n· SSHv2
","features":[]}