Compliant Product - Ruckus SmartZone WLAN Controllers & Access Points with WIDS, R22.214.171.124
Certificate Date: 2023.09.19CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11382-2023
Product Type: Wireless LAN
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Network Devices Version 2.2e
PP-Module for Wireless Intrusion Detection/Prevention Systems (WIDS/WIPS) Version 1.0
PP-Module for Wireless Local Area Network (WLAN) Access System Version 1.0
CC Testing Lab: Gossamer Security Solutions
The Ruckus SmartZone controllers and Access points Solution (TOE) is a Wireless LAN access system (WLAN) and Wireless Intrusion Detection System (WIDS). The Wireless LAN access system and WIDS system is composed of multiple products operating together to provide secure wireless access to a wired and wireless network.
The TOE provides end-to-end wireless encryption, centralized WLAN management, authentication, authorization, and accounting (AAA) policy enforcement. Ruckus Wireless Controllers and Ruckus Smart Wi-Fi APs are deployed in a centralized deployment model. The NTP, Syslog, and Radius servers are part of the IT Environment. In a centralized deployment model client traffic always reaches the WLAN controller first via the AP before going to intended destination. Once authenticated as trusted nodes on the wired infrastructure, the access points provide the encryption service on the wireless network between themselves and the wireless client. The APs also communicate directly with the wireless controller for management purposes. The management traffic between Ruckus AP and Ruckus Wireless Controller is encrypted.
The TOE has the following Access Point TOE components: R650, R750, and R850. The TOE also has the following Wireless Controllers: SmartZone 144, SmartZone 300 (SZ 300), virtual SmartZone (vSZ-E and vSZ-H hosted on a physical device), and virtual SmartZone – Data plane (vSZ-D hosted on a physical device).
The specific hardware information is as follows:
The following configuration options are outside the evaluated configuration:
1) Internal captive portal
2) Soft-GRE to external gateway
3) FIPS/CC mode disabled
6) Non-Proxy Authentication, Authorization & Accounting (AP directly talk to AAA)
7) GTP tunnel
8) SSH based AP administration (in the evaluated configuration, all administration is performed via the Controller)
9) Encrypted/Ruckus GRE
Security Evaluation Summary
The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017. The product, when delivered and configured as identified in the RUCKUS Common Criteria Configuration Guide for SmartZone and AP, 126.96.36.199, Part Number: 800-72735-001 Rev D, October 2023 document, satisfies all of the security functional requirements stated in the Ruckus SmartZone WLAN Controllers & Access Points with WIDS, R188.8.131.52 Security Target, Version 0.6, September 18, 2023. The project underwent CCEVS Validator review. The evaluation was completed in September 2023. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11382-2023) prepared by CCEVS.
The logical boundaries of the Ruckus SmartZone WLAN Controllers & Access Points with WIDS, R184.108.40.206 are realized in the security functions that it implements. Each of these security functions is summarized below.
The TOE provides auditing capabilities to provide a secure and reliable way to trace all changes to the system. Any configuration changes, administrative activities and other auditable events are audited both internally and externally over a secure communication channel to an audit server. All audited events have the necessary details like timestamp, event log, event code, and identity of the party involved to provide a comprehensive audit trail. The TOE also provides a WIDS alerting capability. The WIDS alerts are generated based on signature-based attacks and are related to APs and end user devices (EUDs). All WIDS alerts contain data to identify the malicious or rogue device.
The distributed TOE offers secure internal TSF communication via SSH and TLS. Access Points and vSZ-Ds register to the WLAN controller over a dedicated channel and must be approved by the administrator to communicate with each other as parts of the distributed TOE.
The distributed TOE provides cryptographic functions for secure administration access via HTTPS and SSH; for communication between the distributed parts of the TOE via SSH and IPSec; for wireless communication via WPA3/WPA2 and for communication to external systems such as audit log servers via IPSec and RADIUS via TLS. Functions include Key generation, key establishment, key distribution, key destruction, cryptographic operations.
User data protection:
The TOE provides a security policy to monitor authorized and unauthorized APs and EUDs.
Identification and authentication:
The distributed TOE provides secure connectivity to the network for wireless clients via 802.1X authentication. Certificate based authentication is supported via external RADIUS server and password-based authentication is supported via the local authentication mechanism. The distributed TOE provides secure password-based authentication for remote administrators and X.509 certificate-based authentication for TOE components. The distributed TOE also provides strong password requirements that can be configured by the administrator including length, session timeout and password complexity. Consecutive unsuccessful attempts beyond a certain limit will result in locking of the user for a specified duration of time.
TOE administrators manage the security functions of the TOE’s distributed components from the SmartZone Controller, including software updates, via secure HTTPS connection over a web interface. Optionally SSH and the local console can also be used as a method to configure the system via the SmartZone controller. Administration cannot be performed from a wireless client. The TOE also provides the ability to configure the session activity timeout of an administrator and to configure the access banner on the controller.
Protection of the TSF:
The TOE provides image integrity verification to validate the authenticity of the images before loading them. Upon every boot up, power on self-tests are conducted to validate the integrity of the software components. If power on self-tests fail, a quarantine state is entered. All the components of the distributed TOE use X.509 certificates to authenticate and establish a secure connectivity amongst them. The TOE also allows configuration of timestamps via an NTP server. The TOE protects cryptographic keys and passwords from unauthorized access.
A login banner is offered which provides the ability to have a custom warning/access policy message as per the organization needs. The TOE can restrict wireless access based on TOE interface, time and day. The TOE provides the ability to configure an inactivity timeout which terminates the session beyond the inactivity period configured. An administrator can also terminate their own session.
The TOE communicates to external components in a secure manner. The following secure channels are used to communicate externally – TLS for RADIUS, HTTPS for WebUI administration, SSH for CLI administration, IPsec for audit servers, and WPA3/WPA2 for wireless clients. The registration and joining of TOE components are performed over a dedicated channel. After registration, SSH is used for all management of the distributed TOE components (AP and vSZ-D) by the SmartZone Controller and IPSec is used for the data tunnel.
Commscope Technologies, LLC