Compliant Product - Extreme Networks ExtremeSwitching Series (x440-G2, x460-G2, x465, x435, x695) and 5520 Series Switches running EXOS 31.3.100
Certificate Date: 2022.10.28CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11301-2022
Product Type: Network Device
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Network Devices Version 2.2e
CC Testing Lab: Gossamer Security Solutions
The TOE is the Extreme Networks ExtremeSwitching Series (x440-G2, x460-G2, x465, x435, x695) and 5520 Series Switches running EXOS 31.3.100. The TOE provides high density layer 2/3 switching with low latency cut-through switching and IPv4 and IPv6 unicast and multicast routing to enable enterprise aggregation and core backbone deployments. The TOE consists of a hardware appliance with embedded software components.
The TOE consists of the following series of appliances all running EXOS software version 31.3.100:
· ExtremeSwitching Series x440-G2
· ExtremeSwitching Series x460-G2
· ExtremeSwitching Series x435
· ExtremeSwitching Series x465
· ExtremeSwitching Series x695
· 5520 Series
Each hardware profile provides a defined set of performance characteristics - switching bandwidth, latency, and port density while offering the same level of security features.
Security Evaluation Summary
The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017. The product, when delivered and configured as identified in the Extreme Networks ExtremeXOS Common Criteria Configuration Guide 31.3.100, Version 9037401-00, Rev AA, October 2022 document, satisfies all security functional requirements stated in the Extreme Networks ExtremeSwitching Series (x440-G2, x460-G2, x465, x435, x695) and 5520 Series Switches running EXOS 31.3.100 Security Target, Version 1.0, 10/25/2022. The project underwent CCEVS Validator review. The evaluation was completed in October 2022. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11301-2022) prepared by CCEVS.
The logical boundaries of the TOE are realized in the security functions that it implements. Each of these security functions is summarized below.
The TOE generates audit records for all security-relevant events. For each audited events, the TOE records the date and time, the type of event, the subject identity, and the outcome of the event. The resulting records are stored locally and can be sent securely to a designated audit server for archiving. Security Administrators, using the appropriate CLI commands, can also view audit records locally. The TOE provides a reliable timestamp relying on the appliance’s built-in clock or using an NTP server.
The TOE performs the following cryptographic functionality:
· Encryption, decryption, hashing, keyed-hash message authentication, random number generation, signature generation and verification utilizing a dedicated cryptographic library
· Cryptographic functionality is utilized to implement secure channels
o TLS v1.2
· Entropy is collected and used to support seeding with full entropy
· Critical Security Parameters (CSPs) internally stored and cleared when no longer in use
· X509 Certificate authentication integrated with TLS protocol.
The TOE uses a dedicated cryptographic module to manage CSPs and implements deletion procedures to mitigate the possibility of disclosure or modification of CSPs. Additionally, the TOE provides commands to on-demand clear CSPs (e.g. host RSA keys), that can be invoked by a Security Administrator with appropriate permissions.
Identification and authentication:
The TOE supports Role-Based Access Control (RBAC) managed by an Authentication, Authorization, and Accounting (AAA) module that stores and manages permissions of all users and their roles. The TOE requires users to provide their assigned unique username and password before any administrative access to the system is granted. Each authorized user is associated with an assigned role and role-specific permissions that determine their access to TOE features. The AAA module stores the assigned role of each user along with all other information required for that user to access the TOE.
The TOE supports X509v3 certificate validation during negotiation of TLS protected syslog. Certificates are validated as part of the authentication process when they are presented to the TOE and when they are loaded into the TOE.
The TOE allows remote administration using an SSHv2 session, and local administration using a console. Both remote and local administration are conducted over a Command Line Interface (CLI) terminal that facilitates access to all of the management functions used to administer the TOE.
There are two types of administrative users within the system: Security Administrator and User. All of the management functions are restricted to Security Administrators, including managing user accounts and roles, rebooting and applying software updates, administering the system configuration, and reviewing audit records. The term “Security Administrator” is used to refer to any administrative user with the appropriate role to perform the relevant functions
Protection of the TSF:
The TOE implements a number of measures to protect the integrity of its security features.
· The TOE protects CSPs, including stored passwords and cryptographic keys, so they are not directly viewable or accessible in plaintext.
· The TOE ensures that reliable time information is available for both log accountability and synchronization with the operating environment.
· The TOE performs self-tests to detect internal failures and protect itself from malicious updates.
The TOE will display a customizable banner when an administrator initiates an interactive local or remote session. The TOE also enforces an administrator-defined inactivity timeout after which any inactive session is automatically terminated. Once a session (local or remote) has been terminated, the TOE requires the user to re-authenticate.
The TOE protects remote sessions by establishing a trusted path secured using SSH between itself and the administrator. The TOE prevents disclosure or modification of audit records by establishing a trusted channel using TLS between itself and the audit server. Mutual authentication using client-side x.509v3 certificates is supported by the TOE’s TLS client for syslog over TLS.
Extreme Networks, Inc.