DOCSLIB.ORG

Security Target Novell Identity Manager 4.0.2

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Security Target Novell Identity Manager 4.0.2 Security Target: Novell Identity Manager 4.0.2 Security Target Novell Identity Manager 4.0.2 Document Version 1.3 March 8, 2013 Document Version 1.3 © NetIQ Page 1 of 36 Security Target: Novell Identity Manager 4.0.2 Prepared For: Prepared By: NetIQ, Inc.1 Apex Assurance Group, LLC 1233 West Loop South 530 Lytton Avenue, Ste. 200 Suite 810 Palo Alto, CA 94301 Houston, TX 77027 www.netiQ.com www.apexassurance.com Abstract This document provides the basis for an evaluation of a specific Target of Evaluation (TOE), Identity Manager 4.0.2. This Security Target (ST) defines a set of assumptions about the aspects of the environment, a list of threats that the product intends to counter, a set of security objectives, a set of security reQuirements and the IT security functions provided by the TOE which meet the set of reQuirements. 1 Due to the acQuisition of Novell by the Attachmate Group, the Novell name on this product has been changed to NetIQ. Document Version 1.3 © NetIQ Page 2 of 36 Security Target: Novell Identity Manager 4.0.2 Table of Contents 1 Introduction .................................................................................................................................................. 6 1.1 ST Reference ................................................................................................................................................... 6 1.2 TOE Reference ................................................................................................................................................. 6 1.3 Document Organization .................................................................................................................................. 6 1.4 Document Conventions ................................................................................................................................... 7 1.5 Document Terminology ................................................................................................................................... 7 1.6 TOE Overview .................................................................................................................................................. 8 1.7 TOE Description ............................................................................................................................................. 10 1.7.1 Virtual Machines ................................................................................................................................... 12 1.7.2 Hardware and Software Supplied by the IT Environment ..................................................................... 14 1.7.3 Logical Boundary ................................................................................................................................... 15 1.7.4 TOE Security Functional Policies ............................................................................................................ 15 1.7.5 TOE Vendor Documentation ................................................................................................................. 16 2 Conformance Claims .................................................................................................................................... 17 2.1 CC Conformance Claim .................................................................................................................................. 17 2.2 PP Claim ........................................................................................................................................................ 17 2.3 Package Claim ............................................................................................................................................... 17 2.4 Conformance Rationale ................................................................................................................................ 17 3 Security Problem Definition ......................................................................................................................... 18 3.1 Threats .......................................................................................................................................................... 18 3.2 Organizational Security Policies .................................................................................................................... 18 3.3 Assumptions .................................................................................................................................................. 19 4 Security Objectives ...................................................................................................................................... 20 4.1 Security Objectives for tHe TOE ..................................................................................................................... 20 4.2 Security Objectives for tHe Operational Environment ................................................................................... 20 4.3 Security Objectives Rationale ........................................................................................................................ 20 5 Extended Components Definition ................................................................................................................ 23 6 Security Requirements ................................................................................................................................. 24 6.1 Security Functional Requirements ................................................................................................................ 24 6.1.1 Security Audit (FAU) .............................................................................................................................. 24 6.1.2 Information Flow Control (FDP) ............................................................................................................ 25 6.1.3 Identification and Authentication (FIA) ................................................................................................. 26 6.1.4 Protection of the TSF (FPT) .................................................................................................................... 27 6.2 Security Assurance Requirements ................................................................................................................. 28 6.3 Security Requirements Rationale .................................................................................................................. 28 6.3.1 Security Functional Requirements ........................................................................................................ 28 6.3.2 Dependency Rationale .......................................................................................................................... 28 6.3.3 Sufficiency of Security Requirements .................................................................................................... 29 6.3.4 Security Assurance Requirements ......................................................................................................... 31 6.3.5 Security Assurance Requirements Rationale ......................................................................................... 31 6.3.6 Security Assurance Requirements Evidence ......................................................................................... 31 Document Version 1.3 © NetIQ Page 3 of 36 Security Target: Novell Identity Manager 4.0.2 7 TOE Summary Specification ......................................................................................................................... 34 7.1 TOE Security Functions .................................................................................................................................. 34 7.2 Security Audit ................................................................................................................................................ 34 7.3 Identification and AutHentication ................................................................................................................. 34 7.4 User Data Protection .................................................................................................................................... 35 7.5 Security Management ................................................................................................................................... 36 Document Version 1.3 © NetIQ Page 4 of 36 Security Target: Novell Identity Manager 4.0.2 List of Tables Table 1 – ST Organization and Section Descriptions ..................................................................................................... 6 Table 2 – Acronyms Used in Security Target ................................................................................................................. 7 Table 3 - Virtual Machine Environment ReQuirements ............................................................................................... 13 Table 4 - IT Environment Component ReQuirements ................................................................................................. 15 Table 5 – Logical Boundary Descriptions .................................................................................................................... 15 Table 6 – Threats Addressed by the TOE .................................................................................................................... 18 Table 7 – Organizational Security Policies .................................................................................................................
Load more

Recommended publications
  • 2013 GGP Fact Sheets.Indb
    PROVO TOWNE CENTRE PROVO, UTAH 110 NORTH WACKER DRIVE CHICAGO, IL 60606 312 960 5000 PROPERTY HIGHLIGHTS MALL INFORMATION • Provo Towne Centre serves as the gateway into Northern LOCATION: I-15 and University Avenue cross streets Utah, conveniently located off the I-15 interstate and MARKET: Salt Lake City-Orem/Provo, Utah University Avenue. This artery receives an impressive average of 124,000 car counts daily. DESCRIPTION: Two-level, enclosed, regional center • Top performing categories include home furnishings and ANCHORS: Dillard’s, jcpenney, Sears, Cinemark Theatres accessories, health and beauty, jewelry and casual dining. OTHER FEATURES: 16-screen stadium-style theater, children’s soft • jcpenney underwent a key renovation in 2010, adding play area, 8-unit food court with children’s seating, and 1,900 square feet, including a Sephora department. fl oor-to-ceiling panoramic windows • Prompted by the changes in the Utah County retail TOTAL RETAIL SQUARE FOOTAGE: 801,601 landscape, Dillard’s now carries 30+ high-end brands new PARKING SPACES: 3,959 to the trade area. OPENED: 1998 • No state can match the consistent performance of Utah. It is the only state that ranks among Forbes’ top 15 states in each of six main categories: business costs, labor supply, TRADE AREA PROFILE regulatory environment, economic climate, growth prospect 2013 POPULATION 530,431 and quality of Life. (Forbes, November 2011) 2018 PROJECTED POPULATION 577,685 ALL ABOUT FAMILY 2013 HOUSEHOLDS 145,014 2018 PROJECTED HOUSEHOLDS 158,155 • Provo Towne Centre boasts over 70 family-inspired community events annually, including Provo City’s 15,000+ 2013 MEDIAN AGE 25.1 attendance New Year’s Eve event.
    [Show full text]
  • Current Status of OFED in SUSE Linux Enterprise Server
    Current Status of OFED in SUSE Linux Enterprise Server John Jolly Senior Software Engineer SUSE Agenda 2 λAbout SUSE λAbout SUSE Linux Enterprise Server λOFED Integration into SLES λFuture Direction of OFED in SLES SUSE and the Attachmate Group λSUSE , headquartered in Nürnberg / Germany, λis an independently operating business unit of λThe Attachmate Group, Inc. λThe Attachmate Group is a privately held λ1 billion+ $ revenue software company λwith four brands: •Cloud Infrastructure •Enterprise Computing •Integrated Systems SUSE® Linux Enterprise How We Build It Online Repository Source Package Image OBS OBS user submits source to OBS and gets a product SUSE® Linux Enterprise Server 12 Lifecyle Model •13-year lifecycle (10 years general support, 3 years extended support) •5-year lifecycle per Service Pack (2 years general + 3 years extended support) •Long Term Service Pack Support (LTSS) available for all versions, including GA http://www.suse.com/lifecycle/ Unique Tools Included λAppArmor Security Framework -Application confinement λFree High Availability Extension -Cluster Framework, Cluster FS, DRBD, GEO-cluster* λYaST2 systems management -Install, deploy, and configure every aspect of the server λSubscription Management Tool -Subscription and patch management, proxy/mirroring/staging λStarter System for System z -A pre-built installation server, deployable with z/VM tools Features of SLES 12 λLinux Kernel 3.12 λOnly 64-bit kernel -Support of 32-bit application through execution environment λYaST modules written in Ruby λOFED 3.12 -Significant
    [Show full text]
  • Provo City, Utah
    Popular Annual Financial Report for the year ended June 30, 2018 2018 PAFR PROVO CITY, UTAH Table of Contents To the Citizens of Provo City ............................................................................................................ 1 Provo at a Glance ............................................................................................................................. 2 Meet the Elected Officials ................................................................................................................. 3 Key Services of Provo City................................................................................................................ 4 Significant Events of Provo City ........................................................................................................ 5 Statement of Net Position ................................................................................................................. 6 Statement of Activities ....................................................................................................................... 7 Where General Fund Money Comes From ....................................................................................... 8 Where General Fund Money Goes ................................................................................................... 9 General Fund, Fund Balance .......................................................................................................... 10 Library Fund ...................................................................................................................................
    [Show full text]
  • Novell Management Tools
    04 0789729849_ch03.qxd 11/10/03 12:43 PM Page 91 CHAPTER 3 Novell Management Tools Using ConsoleOne ConsoleOne is a Java-based tool for managing your network and its resources. It can be launched by running CONSOLEONE.EXE from where it was installed (default: SYS:PUBLIC\MGMT\CONSOLEONE\1.2\BIN). By default, it lets you manage Novell eDirectory objects, schema, parti- tions, and replicas and NetWare server resources. If you install other Novell products, the appropriate management capabil- ities are automatically snapped into the version of ConsoleOne installed on that server. ConsoleOne is installed during the NetWare 6.5 installation, but can also be re-installed or installed locally from the Novell client’s CD. ConsoleOne also supports remote server console access through a Java applet called RConsoleJ. To access the NetWare 6.5 server console remotely, launch ConsoleOne and browse to the desired server. Select Tools, and then Remote Console. Accessing Web Manager Web Manager is a Web-based “home page” for accessing most of the NetWare 6.5 Web-based tools and services. To access Web Manager, open your Web browser and enter your Web server’s domain name or IP address, followed by a colon and the Web Manager port, which by default is 2200. For example: 04 0789729849_ch03.qxd 11/10/03 12:43 PM Page 92 92 PART I Getting Started https://www.quills.com:2200 or https://137.65.192.1:2200 Accessing iManager iManager provides role-based management of your NetWare network, together with a nearly comprehensive set of administrative tools.
    [Show full text]
  • Novell® Platespin® Recon 3.7.4 User Guide 5.6.4 Printing and Exporting Reports
    www.novell.com/documentation User Guide Novell® PlateSpin® Recon 3.7.4 September 2012 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. Further, Novell, Inc., makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes. Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the Novell International Trade Services Web page (http://www.novell.com/info/exports/) for more information on exporting Novell software.
    [Show full text]
  • John Doe 526 N 625 W ƒ Provo, UT 84601 (555) 555-5555 ƒ [email protected]
    John Doe 526 N 625 W Provo, UT 84601 (555) 555-5555 [email protected] E DU C A T I O N Brigham Young University Provo, UT Graduating April 2011 Master of Science, Accounting; Bachelor of Science, Accounting Apr 2012 GPA: 3.81/4.00 ACT: 28/36 (90th percentile) CFA Level 1 candidate Invited to the Golden Key International Honour Society (top 15% of class) Member: Collegiate Entrepreneurs Organization, Management Consulting Club, Triathlon Club Scholarships: CFA Institute (chosen by CFA faculty), Brigham Young (merit-based), Lewis Kingsley (merit-based) B Y U Jerusalem Center for Near Eastern Studies Jerusalem, Israel Graduating April 2011 Studied politics, Arabic, Near Eastern history, and religion Apr 2009 Four-month study abroad program in Israel, Jordan, and Egypt E XPE RI E N C E J.P. Morgan Provo, UT Alternative Investments Analyst Sept 2010-Present Selected as team lead for group of five in the most competitive on-campus finance internship at BYU Led and directed team meetings and liaised with Head of Alternative Investments in Asia on a weekly basis Presented 16-page PIB to JPM Singapore office on private equity and hedge fund opportunities in the Middle East Worked closely with team to create 60-page pitch book on PE and HF investing in the BRICs and the Middle East The Capital G roup Companies Los Angeles, CA Private Equity Analyst May 2010-Aug 2010 Valued 14 investments using discounted cash flows, comparables, and multiples methods for quarterly report sent to LPs Determined value of $79 million put option used
    [Show full text]
  • Vivint Solar
    Deutsche Bank Markets Research Rating Company Date 26 October 2014 Buy Vivint Solar Initiation of Coverage North America United States Reuters Bloomberg Exchange Ticker Price at 23 Oct 2014 13.07 Industrials VSLR.N VSLR US NYS VSLR Price target 20.00 Clean Technology 52-week range 16.01 - 10.47 Initiating Coverage with a BUY Vishal Shah Research Analyst (+1) 212 250-0028 [email protected] Initiating Coverage with BUY rating, $20 PT VSLR is one of the top residential solar installers in the country and is poised to Jerimiah Booream-Phelps benefit from accelerating growth of retail customers switching to solar as an Research Associate increasing number of states reach grid parity across the US. We expect the (+1) 212 250-3037 company’s differentiated sales model and flexible supply chain will enable [email protected] 100% YoY growth of installations through 2016. Vivint’s door-to-door sales model should enable lower customer acquisition costs and we expect the introduction of additional innovative financing structures to act as catalysts to Price/price relative help lower the cost of capital and drive additional growth. 17 Asset Light, Differentiated Sales Model 15 Vivint differentiates itself from peers through differentiated sales model, 10- 14 20% lower customer acquisition costs, and asset-light sourcing strategy. The 12 company is well positioned to continue gaining share as industry consolidation 11 continues into 2017+, and remains technology agnostic with no manufacturing 9 base existing or planned. Door to door sales techniques help the company 10/14 efficiently utilize resources to install efficiently, generate leads, and achieve Vivint Solar S&P 500 INDEX (Rebased) high penetration rates in targeted neighborhoods.
    [Show full text]
  • Information Technology in Utah Read
    EDCUTAH INDUSTRY PROFILE | FY 18-19 INFORMATION TECHNOLOGY IN UTAH MAJOR UNIVERSITIES AND COLLEGES MAJOR EMPLOYERS ON THE COVER 1 Utah State University 4 Westminster College 6 Utah Valley University 8 Southern Utah University 1 Inovar The Overstock Peace Coliseum 2 Weber State University 5 Salt Lake 7 Brigham Young University 9 Dixie State University 2 Control4 Community College Overstock.com’s Peace Coliseum global headquarters, located 3 University of Utah 3 Health Catalyst in Midvale, Utah, was completed in the Summer of 2016. The 4 Microsoft 231,000 square-foot facility was designed to be an open, A 5 SalesForce welcoming space that sparks creativity and innovation. 6 Symantec 7 Workday 8 Instructure LOGAN 9 Jet.com 1 1 1 B 10 MasterControl 11 SanDisk 12 SoFi 13 Overstock 14 inContact OGDEN 15 AdvancedMD 2 2 16 HireVue C 17 Ivanti (Formerly LANDESK) SALT LAKE CITY 18 Lucid 3 4 5 3 A Software B 19 eBay 13 4 20 Pluralsight C 14 19 20 21 22 21 Proofpoint 5 D 22 Thumbtack 35 6 36 37 23 Adobe PROVO 24 Ancestry 7 E 25 DigiCert 26 Entrata 27 IM Flash Welcome to Silicon Slopes Technologies 28 MaritzCX D 29 Microsoft Industry • In 2015, Utah’s post-performance tax incentives 30 Oracle • Utah is proud to be home to companies like Adobe, facilitated nearly 25,000 new jobs and more than 31 Podium Ancestry, Domo, IM Flash Technologies, Qualtrics, $65M in new state revenue. 32 Solutionreach and many others. Utah is one of the top states in the 33 Workfront 34 Xactware nation for information technology employment, with an • In 2018, the Tax Foundation ranked Utah’s Total Tax Climate as the 8th best in the nation.
    [Show full text]
  • Bytes Technology Group
    This document comprises a prospectus (the "Prospectus") for the purposes of Regulation (EU) 2017/1129, as amended (the "Prospectus Regulation") relating to Bytes Technology Group plc (the "Company") prepared in accordance with the Prospectus Regulation Rules of the Financial Conduct Authority (the "FCA") made under section 73A of the Financial Services and Markets Act 2000 (the "FSMA") and a pre-listing statement prepared in accordance with the applicable JSE Listings Requirements. A copy of this Prospectus has been filed with, and approved by, the FCA and the JSE and has been made available to the public in accordance with the Prospectus Regulation Rules. The FCA only approves this Prospectus as meeting the standards of completeness, comprehensibility and consistency imposed by the Prospectus Regulation. Such approval should not be considered as an endorsement of the Company that is, or the quality of the securities that are, the subject of this Prospectus. Investors should make their own assessment as to the suitability of investing in the ordinary shares in the capital of the Company (the "Shares"). Application will be made to the FCA for all of the Shares, issued and to be issued in connection with the Offer to be admitted to the premium listing segment of the Official List of the FCA and to London Stock Exchange plc (the "London Stock Exchange") for all of the Shares to be admitted to trading on the London Stock Exchange's main market for listed securities (the "Main Market") (together, "Admission"). Conditional dealings in the Shares are expected to commence on the Main Market at 8.00 a.m.
    [Show full text]
  • Brigham Young University V. Tremco Consultants, Inc., Softsolutions : Reply Brief Utah Supreme Court
    Brigham Young University Law School BYU Law Digital Commons Utah Supreme Court Briefs 2002 Brigham Young University v. Tremco Consultants, Inc., Softsolutions : Reply Brief Utah Supreme Court Follow this and additional works at: https://digitalcommons.law.byu.edu/byu_sc2 Part of the Law Commons Original Brief Submitted to the Utah Supreme Court; digitized by the Howard W. Hunter Law Library, J. Reuben Clark Law School, Brigham Young University, Provo, Utah; machine-generated OCR, may contain errors. Eric K. Schnibbe; Van Cott, Bagley, Cornwall and McCarthy; attorneys for appellant. Steven W. Call, Michael D. Mayfield, Benjamin J. Kotter; Ray, Quinney and Nebeker; attorneys for appellee. Recommended Citation Reply Brief, Brigham Young University v. Softsolutions, No. 20020540.00 (Utah Supreme Court, 2002). https://digitalcommons.law.byu.edu/byu_sc2/2212 This Reply Brief is brought to you for free and open access by BYU Law Digital Commons. It has been accepted for inclusion in Utah Supreme Court Briefs by an authorized administrator of BYU Law Digital Commons. Policies regarding these Utah briefs are available at http://digitalcommons.law.byu.edu/utah_court_briefs/policies.html. Please contact the Repository Manager at [email protected] with questions or feedback. IN THE UTAH SUPREME COURT BRIGHAM YOUNG UNIVERSITY, Plaintiff and Appellee, No. 20020540-SC vs. Subject to Assignment to TREMCO CONSULTANTS, INC., a/k/a the Utah Court of Appeals TREMCO LEGAL SOLUTIONS, INC., and JOHN DOES 1-10, Defendants and Appellant. SOFTSOLUTIONS, INC. Plaintiff and Appellant. Reply Brief of Appellant Tremco Legal Solutions, Inc. Appeal from the Fourth District Court, Utah County, Judge Fred D. Howard Steven W.
    [Show full text]
  • PERSONAL Grant Mcqueen William Edwards Professor of Finance Marriott School of Management Brigham Young University
    PERSONAL Grant McQueen William Edwards Professor of Finance Marriott School of Management Brigham Young University Born: August 13, 1958 Marital Status: Married, four children Citizenship: United States of America ADDRESS Marriott School of Management 616 Tanner Building Brigham Young University Provo, UT 84602 Voice: (801) 422-3017 FAX: (801) 422-0108 E-mail: [email protected] Homepage: http://marriottschool.byu.edu/emp/grm/grm.htm REFEREED McQueen, Grant and Steven Thorley, “Are Stock Returns Predictable? A Test JOURNAL Using Markov Chains,” Journal of Finance Vol. 46, No. 1, March 1991, pp. 239-263. ARTICLES -Summarized in The CFA Digest, Winter 1993, Vol. 23, No. 1. McQueen, Grant, “Long Horizon Mean Reverting Stock Prices Revisited,” Journal of Financial and Quantitative Analysis Vol. 27, No. 1, March 1992, pp. 1-18. -Lead article. Chang, Eric, Grant McQueen, and J. Michael Pinegar, “Tests of the Nominal Contracting Hypothesis Using Stocks and Bonds of the Same Firms,” The Journal of Banking and Finance Vol. 16, June 1992, pp. 477-496. -Lead article. McQueen, Grant and Steven Thorley, “Asymmetric Business Cycle Turning Points,” Journal of Monetary Economics Vol. 31, No. 3, June 1993, pp. 341-362. McQueen, Grant and V. Vance Roley, “Stock Prices, News, and Business Conditions,” The Review of Financial Studies Vol. 6, No. 3, 1993, pp. 683-707. -Formerly NBER Working Paper No. w3520. McQueen, Grant and Steven Thorley, “Bubbles, Stock Returns, and Duration Dependence,” Journal of Financial and Quantitative Analysis Vol. 29, No. 3, September 1994, pp. 379-401. Larson, Alan and Grant McQueen, “REITs, Real Estate, and Inflation: Lessons from the Gold Market,” The Journal of Real Estate Finance and Economics Vol.
    [Show full text]
  • Directors' Remuneration Policy
    Overview Compliance statement This Directors’ Remuneration report has been prepared on DIRECTORS’ REMUNERATION POLICY behalf of the board by the committee and complies with the provisions of the Companies Act 2006 and Schedule 8 of The This section of the report sets out the proposed new report Strategic Large and Medium-sized Companies and Groups (Accounts and Remuneration Policy for directors. A binding shareholder Reports) Regulations 2008, as amended (the UK Regulations). resolution to approve the Remuneration Policy will be proposed The report has been prepared in line with the applicable UK at the 2020 Annual General Meeting (“AGM”) on 25 March 2020 Corporate Governance Code and the UK Listing Rules. and, subject to shareholder approval, will be effective from the conclusion of the AGM for a period of three years. Subject to The Corporate Governance Code issued in June 2018 (the 2018 approval of the proposed new policy, the 2020 annual bonus Code) and the provisions of the Companies (Miscellaneous plan and the 2020 LTIP grants will be operated under the new Reporting) Regulations 2018 (the 2018 Reporting Regulations) policy. The key changes from the previous Remuneration Policy which relate to annual remuneration reports (as opposed to (which was first published on pages 72 to 82 of the 2017 Annual Report and Accounts and which was approved by shareholders remuneration policy reports) do not apply to this Directors’ governance Corporate Remuneration report, as, in both cases, they apply to reporting at the September 2017 AGM) and the rationale for the changes years commencing on or after 1 January 2019.
    [Show full text]