Microsoft Windows Common Criteria Evaluation Security Target

Total Page:16

File Type:pdf, Size:1020Kb

Microsoft Windows Common Criteria Evaluation Security Target Microsoft Common Criteria Security Target Microsoft Windows Common Criteria Evaluation Microsoft Windows 10 version 1809 (October 2018 Update) Microsoft Windows Server 2019 (October 2018 Update) Security Target Document Information Version Number 0.05 Updated On June 18, 2019 Microsoft © 2019 Page 1 of 126 Microsoft Common Criteria Security Target Version History Version Date Summary of changes 0.01 June 27, 2018 Initial draft 0.02 December 21, 2018 Updates from security target evaluation 0.03 February 21, 2019 Updates from evaluation 0.04 May 6, 2019 Updates from GPOS PP v4.2.1 0.05 June 18, 2019 Public version Microsoft © 2019 Page 2 of 126 Microsoft Common Criteria Security Target This is a preliminary document and may be changed substantially prior to final commercial release of the software described herein. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. This work is licensed under the Creative Commons Attribution-NoDerivs- NonCommercial License (which allows redistribution of the work). To view a copy of this license, visit http://creativecommons.org/licenses/by-nd-nc/1.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred. © 2019 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, Visual Basic, Visual Studio, Windows, the Windows logo, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Microsoft © 2019 Page 3 of 126 Microsoft Common Criteria Security Target TABLE OF CONTENTS SECURITY TARGET .........................................................................................................................1 VERSION HISTORY ..............................................................................................................................2 TABLE OF CONTENTS ........................................................................................................................4 LIST OF TABLES .................................................................................................................................8 1 SECURITY TARGET INTRODUCTION .................................................................................... 10 1.1 ST REFERENCE ...................................................................................................................... 10 1.2 TOE REFERENCE.................................................................................................................... 10 1.3 TOE OVERVIEW .................................................................................................................... 10 1.3.1 TOE TYPES ..................................................................................................................................... 10 1.3.2 TOE USAGE .................................................................................................................................... 11 1.3.3 TOE SECURITY SERVICES ................................................................................................................... 11 1.3.4 NON-TOE HARDWARE, SOFTWARE, FIRMWARE IN THE EVALUATION ....................................................... 13 1.4 TOE DESCRIPTION ................................................................................................................. 13 1.4.1 EVALUATED CONFIGURATIONS ........................................................................................................... 13 1.4.2 SECURITY ENVIRONMENT AND TOE BOUNDARY ................................................................................... 13 1.4.2.1 Logical Boundaries ...................................................................................................................... 14 1.4.2.2 Physical Boundaries .................................................................................................................... 14 1.5 PRODUCT DESCRIPTION .......................................................................................................... 15 1.6 CONVENTIONS, TERMINOLOGY, ACRONYMS ................................................................................ 16 1.6.1 CONVENTIONS ................................................................................................................................ 16 1.6.2 TERMINOLOGY ................................................................................................................................ 16 1.6.3 ACRONYMS..................................................................................................................................... 19 1.7 ST OVERVIEW AND ORGANIZATION ........................................................................................... 19 2 CC CONFORMANCE CLAIMS ............................................................................................... 21 3 SECURITY PROBLEM DEFINITION ........................................................................................ 22 3.1 THREATS TO SECURITY ............................................................................................................ 22 3.2 ORGANIZATIONAL SECURITY POLICIES ......................................................................................... 23 3.3 SECURE USAGE ASSUMPTIONS .................................................................................................. 23 4 SECURITY OBJECTIVES ....................................................................................................... 25 Microsoft © 2019 Page 4 of 126 Microsoft Common Criteria Security Target 4.1 TOE SECURITY OBJECTIVES ...................................................................................................... 25 4.2 SECURITY OBJECTIVES FOR THE OPERATIONAL ENVIRONMENT .......................................................... 26 4.3 SECURITY OBJECTIVES RATIONALE ............................................................................................. 27 5 SECURITY REQUIREMENTS ................................................................................................. 32 5.1 TOE SECURITY FUNCTIONAL REQUIREMENTS ............................................................................... 32 5.1.1 SECURITY AUDIT (FAU) .................................................................................................................... 34 5.1.1.1 Audit Data Generation (FAU_GEN.1) and FAU_GEN.1(WLAN) ................................................... 34 5.1.2 CRYPTOGRAPHIC SUPPORT (FCS) ....................................................................................................... 35 5.1.2.1 Cryptographic Key Generation (FCS_CKM.1) .............................................................................. 35 5.1.2.2 Cryptographic Key Generation for WPA2 Connections (FCS_CKM.1(WLAN)) ............................ 35 5.1.2.3 Cryptographic Key Establishment (FCS_CKM.2) ......................................................................... 36 5.1.2.4 Cryptographic Key Distribution for GTK (FCS_CKM.2(WLAN)).................................................... 36 5.1.2.5 Cryptographic Key Destruction (FCS_CKM_EXT.4) ..................................................................... 36 5.1.2.6 Cryptographic Operation for Encryption / Decryption (FCS_COP.1(SYM)) ................................. 36 5.1.2.7 Cryptographic Operation for Hashing (FCS_COP.1(HASH)) ........................................................ 37 5.1.2.8 Cryptographic Operation for Signing (FCS_COP.1(SIGN)) ........................................................... 37 5.1.2.9 Cryptographic Operation for Keyed Hash Algorithms (FCS_COP.1(HMAC)) ............................... 37 5.1.2.10 Random Bit Generation (FCS_RBG_EXT.1).............................................................................. 37 5.1.2.11 Storage of Sensitive Data (FCS_STO_EXT.1) ............................................................................ 38 5.1.2.12 TLS Client Protocol (FCS_TLSC_EXT.1) ..................................................................................... 38 5.1.2.13 Extended: Extensible Authentication Protocol-Transport Layer Security (FCS_TLSC_EXT.1(WLAN)) ..........................................................................................................................
Recommended publications
  • Windows® 10 Iot Enterprise Nel Dettaglio
    Windows 10 IoT Enterprise | Il nuovo S.O. Microsoft per applicazioni industriali Windows 10 IoT Enterprise Il nuovo S.O. Microsoft per applicazioni industriali Windows 10 IoT Enterprise Il nuovo S.O. Microsoft per applicazioni industriali Indice PAG 2 White_Paper | Windows 10 IoT © 2019 FEC Italia Windows 10 IoT Enterprise | Il nuovo S.O. Microsoft per applicazioni industriali Introduzione Windows 10 è una piattaforma composta da diversi sistemi operativi suddivisi in due categorie: Windows 10 per applicazioni consumer e office automation e Windows 10 IoT per applicazioni industriali. Windows 10 Windows 10 IoT — Enterprise — Enterprise — Education — Mobile Enterprise — Pro — Core — Home Un unico sistema operativo, molti vantaggi Windows 10 IoT Enterprise è stato progettato per applicazioni industriali moderne e sicure e fornisce tutte le usuali funzionalità di Windows 10 con in aggiunta le funzionalità avanzate di sicurezza incluse nelle versioni precedentemente denominate Embedded (Safety&Locking). Sistemi operativi precedenti Windows 10 IoT Enterprise Standard fully featured PRO Language packs (MUI) Standard&Industrial fully featured Industrial Safety&Locking Safety&Locking Language packs (MUI) Language packs (MUI) Embedded PAG 3 White_Paper | Windows 10 IoT © 2019 FEC Italia Windows 10 IoT Enterprise | Il nuovo S.O. Microsoft per applicazioni industriali Sicurezza e Funzionalità Lockdown Ecco solo alcune delle features che Windows IoT Enterprise offre in termini di sicurezza: » Le ultime tecnologie e funzionalità rivolte alla sicurezza e protezione dei dati azien- dali e delle credenziali di accesso ai dispositivi, con alta resistenza a malware di ultima generazione » Accesso solo a dispositivi autorizzati » Esecuzione solo di applicazioni autorizzate » Lockdown features (UWF, USB filters, AppLocker..) — UWF Unified Write Filter di tasti, quale ad esempio lo swipe da destra Questo filtroprotegge il disco da cambia- che attiva l’Action Center onde evitare accessi menti indesiderati.
    [Show full text]
  • Active @ UNDELETE Users Guide | TOC | 2
    Active @ UNDELETE Users Guide | TOC | 2 Contents Legal Statement..................................................................................................4 Active@ UNDELETE Overview............................................................................. 5 Getting Started with Active@ UNDELETE........................................................... 6 Active@ UNDELETE Views And Windows......................................................................................6 Recovery Explorer View.................................................................................................... 7 Logical Drive Scan Result View.......................................................................................... 7 Physical Device Scan View................................................................................................ 8 Search Results View........................................................................................................10 Application Log...............................................................................................................11 Welcome View................................................................................................................11 Using Active@ UNDELETE Overview................................................................. 13 Recover deleted Files and Folders.............................................................................................. 14 Scan a Volume (Logical Drive) for deleted files..................................................................15
    [Show full text]
  • Cygwin User's Guide
    Cygwin User’s Guide Cygwin User’s Guide ii Copyright © Cygwin authors Permission is granted to make and distribute verbatim copies of this documentation provided the copyright notice and this per- mission notice are preserved on all copies. Permission is granted to copy and distribute modified versions of this documentation under the conditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. Permission is granted to copy and distribute translations of this documentation into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by the Free Software Foundation. Cygwin User’s Guide iii Contents 1 Cygwin Overview 1 1.1 What is it? . .1 1.2 Quick Start Guide for those more experienced with Windows . .1 1.3 Quick Start Guide for those more experienced with UNIX . .1 1.4 Are the Cygwin tools free software? . .2 1.5 A brief history of the Cygwin project . .2 1.6 Highlights of Cygwin Functionality . .3 1.6.1 Introduction . .3 1.6.2 Permissions and Security . .3 1.6.3 File Access . .3 1.6.4 Text Mode vs. Binary Mode . .4 1.6.5 ANSI C Library . .4 1.6.6 Process Creation . .5 1.6.6.1 Problems with process creation . .5 1.6.7 Signals . .6 1.6.8 Sockets . .6 1.6.9 Select . .7 1.7 What’s new and what changed in Cygwin . .7 1.7.1 What’s new and what changed in 3.2 .
    [Show full text]
  • Solve Errors Caused by Corrupt System Files
    System File Corruption Errors Solved S 12/1 Repair Errors Caused by Missing or Corrupt System Files With the information in this article you can: • Find out whether corrupt system files could be causing all your PC problems • Manually replace missing system files using your Windows installation CD • Use System File Checker to repair broken Windows system files • Boost the memory available to Windows File Protection for complete system file protection Missing or corrupt system files can cause many problems when using your PC, from cryptic error messages to mysterious system crashes. If one of the key files needed by Windows has gone missing or become corrupt, you may think that the only way to rectify the situation is to re-install Windows. Fortunately, nothing that drastic is required, as Microsoft have included several tools with Windows that allow you to replace corrupt or missing files with new, fresh copies directly from your Windows installation CD. Now, whenever you find that an important .DLL file has been deleted or copied over, you won’t have to go to the trouble of completely re-installing your system – simply replace the offending file with a new copy. Stefan Johnson: “One missing file can lead to your system becoming unstable and frequently crashing. You may think that the only way to fix the problem is to re-install Windows, but you can easily replace the offending file with a fresh copy from your Windows installation CD.” • Solve errors caused by corrupt system files ................... S 12/2 • How to repair your missing system file errors ..............
    [Show full text]
  • Security Target
    Acronis SCS Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 Security Target Document Version: 0.14 Prepared for: Prepared by: Acronis SCS Corsec Security, Inc. 6370 E. Thomas Road, Suite 250 13921 Park Center Road, Suite 460 Scottsdale, AZ 85251 Herndon, VA 20171 United States of America United States of America Phone: +1 781 782 9000 Phone: +1 703 267 6050 www.acronisscs.com www.corsec.com Security Target, Version 0.14 August 19, 2020 Table of Contents 1. Introduction .......................................................................................................................................................4 1.1 Purpose .....................................................................................................................................................4 1.2 Security Target and TOE References .........................................................................................................4 1.3 Product Overview ......................................................................................................................................5 1.3.1 Product Components........................................................................................................................5 1.4 TOE Overview ............................................................................................................................................6 1.4.1 TOE Environment..............................................................................................................................7 1.5
    [Show full text]
  • IIS Security and Programming Countermeasures
    IIS Security and Programming Countermeasures By Jason Coombs ([email protected]) Introduction This is a book about how to secure Microsoft Internet Information Services for administrators and programmers whose work includes a requirement for information security, a computer industry specialty field commonly referred to as infosec. In this book the terms information security and infosec are used interchangeably with the more friendly term data security. This is not a book about hacking, cracking, and the tools and techniques of the bad guys, the so-called black hat hackers. This book teaches computer professionals and infosec specialists how to build secure solutions using IIS. It is your duty to secure and defend networked information systems for the benefit of the good guys who are your end users, clients, or less technical coworkers. There is nothing you can do that will transform a programmable computer running Microsoft Windows from its vulnerable condition to an invulnerable one. Every general purpose programmable computer is inherently vulnerable because it is controlled by software and is designed to allow new software to be installed or executed arbitrarily. Network computing based on programmable general purpose computers will never be safe from an information security perspective. Eliminating the feature of general purpose programmability from a networked computer and replacing its software with firmware reduces but does not eliminate vulnerabilities. These are immutable realities of present day computing and, as always, reality represents your biggest challenge. Microsoft is in business to get as much of your money as possible using whatever means will work at a given moment and in this respect they know virtually no equal in the software business.
    [Show full text]
  • Microsoft Patches Were Evaluated up to and Including CVE-2020-1587
    Honeywell Commercial Security 2700 Blankenbaker Pkwy, Suite 150 Louisville, KY 40299 Phone: 1-502-297-5700 Phone: 1-800-323-4576 Fax: 1-502-666-7021 https://www.security.honeywell.com The purpose of this document is to identify the patches that have been delivered by Microsoft® which have been tested against Pro-Watch. All the below listed patches have been tested against the current shipping version of Pro-Watch with no adverse effects being observed. Microsoft Patches were evaluated up to and including CVE-2020-1587. Patches not listed below are not applicable to a Pro-Watch system. 2020 – Microsoft® Patches Tested with Pro-Watch CVE-2020-1587 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2020-1584 Windows dnsrslvr.dll Elevation of Privilege Vulnerability CVE-2020-1579 Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability CVE-2020-1578 Windows Kernel Information Disclosure Vulnerability CVE-2020-1577 DirectWrite Information Disclosure Vulnerability CVE-2020-1570 Scripting Engine Memory Corruption Vulnerability CVE-2020-1569 Microsoft Edge Memory Corruption Vulnerability CVE-2020-1568 Microsoft Edge PDF Remote Code Execution Vulnerability CVE-2020-1567 MSHTML Engine Remote Code Execution Vulnerability CVE-2020-1566 Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1565 Windows Elevation of Privilege Vulnerability CVE-2020-1564 Jet Database Engine Remote Code Execution Vulnerability CVE-2020-1562 Microsoft Graphics Components Remote Code Execution Vulnerability
    [Show full text]
  • WAF/CDP V3.7.1 User Guide
    WAFS/CDP v3.7.1 User Guide GlobalSCAPE, Inc. (GSB) 4500 Lockhill-Selma Road, Suite 150 Address: San Antonio, TX (USA) 78249 Sales: (210) 308-8267 Sales (Toll Free): (800) 290-5054 Technical Support: (210) 366-3993 Web Support: http://www.globalscape.com/support/ © 2004-2010 GlobalSCAPE, Inc. All Rights Reserved July 21, 2010 Table of Contents GlobalSCAPE Replication Software ............................................................................................................. 7 What's New? .............................................................................................................................................. 7 For the Best WAFS/CDP Experience .................................................................................................... 8 Getting Started .............................................................................................................................................. 9 WAFS Quick Start ..................................................................................................................................... 9 CDP Quick Start ...................................................................................................................................... 11 Quick Reference ...................................................................................................................................... 13 File-Naming Conventions ........................................................................................................................ 13 WAFS/CDP
    [Show full text]
  • Download Win 10 Version 1809
    download win 10 version 1809 How to Manually Install Windows 10 1809 October 2018 Update (Updated) Microsoft released Windows 10 October 2018 Update version 1809 and if you don’t want to get it via Windows Update you can manually install it. Microsoft recently announced that the latest Windows 10 feature update, Windows 10 October 2018 update Version 1809, is now available. In addition to security and performance improvements, this version also includes several new features. In addition, there are improvements to the UI, including Dark Mode for File Explorer, the new Your Phone app, a new screenshot tool, and a lot more. Just like previous feature updates, this one will roll out over Windows Update in staggered phases depending on the system you’re running it on. But some of you might want to install it or do a clean install manually. Manually Install Windows 10 1809. An easy way to manually install the new feature update is to use Microsoft’s own utility. To get started, head to the Windows 10 Download page and click the Update now button to download the Update Assistant tool. From this point on, the process of upgrading is straightforward. Launch the tool, and it will check your system for compatibility and download the update. Note that doing it this way, your current files, apps, and settings will be kept. It’s also worth mentioning that you can cancel the update by clicking in mind you can cancel the update while it’s running if you have second thoughts while it’s running.
    [Show full text]
  • Windows 10 Insider Preview Build 17763 the Final!
    Windows 10 Insider Preview Build 17763 The Final! 1 / 5 Windows 10 Insider Preview Build 17763 The Final! 2 / 5 3 / 5 Windows 10 Insider Preview Build 17763 ... that Microsoft is “beginning the phase of checking in final code to prepare for the final release,” in Microsoft's words. Windows 10 Insider Preview Build 17763 will be RTM version ... the final release of Windows Server 2019, Version 1809, #LTSC and #SAC .... on announcement of insider 18298, I installed it. ... Insiders in the Slow ring running older builds need to update to Build 17763 (the final build for the ... -windows-10-insider-preview-build-18290/#JXQz3xoIzbTegKMH.97 ... Build 17763 is released version of Win 10 and you can download ISO from here.. and i roll back to 16232. Windows 10 Insider Preview 16251.0 (rs3_release) (2) error Last failed install attempt on ‎7/‎28/‎2017 - 0x80070643.. Windows 10 October 2018 Update: Could build 17763 be the final ... The latest Windows 10 Insider Preview for version 1809 or Redstone 5 is .... Microsoft will reportedly give Windows 10 preview 17763 to OEMs as the final build ... in conjunction with Windows 10 Insider Preview (Build 17763 or greater). Assassin’s Creed 3 PC Games Download Yet another preview of Windows 10 October 2018 Update (build 17763) outs to Insiders with more fixes to stabilize the final version. Avatar for ... Bullies Children Acting Out: The Rebellion of Attention Seeking Disorder CSS – a guide for the unglued Nero Burning ROM 2018 19.0.00800 Full Crack Serial Number Download Another week, another Insider Preview build for those in the Fast ring! Today's build is 17763, and is one of the last builds Insiders are going to ..
    [Show full text]
  • Microsoft Windows Vista and Windows Server 2008 EAL1 Security Target
    Microsoft Windows Vista and Windows Server 2008 EAL1 Security Target Version 1.0 August 14, 2008 Prepared For: Microsoft Corporation Corporate Headquarters One Microsoft Way Redmond, WA 98052-6399 Prepared By: Science Applications International Corporation Common Criteria Testing Laboratory 7125 Gateway Drive Columbia, MD 21046-2554 Version 1.0, 8/14/2008 This is a preliminary document and may be changed substantially prior to final commercial release of the software described herein. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. This work is licensed under the Creative Commons Attribution-NoDerivs-NonCommercial License (which allows redistribution of the work). To view a copy of this license, visit http://creativecommons.org/licenses/by-nd- nc/1.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
    [Show full text]
  • Microsoft Store Strategic Audit
    University of Nebraska - Lincoln DigitalCommons@University of Nebraska - Lincoln Honors Theses, University of Nebraska-Lincoln Honors Program Spring 4-29-2019 Microsoft Store Strategic Audit James Onnen University of Nebraska - Lincoln Follow this and additional works at: https://digitalcommons.unl.edu/honorstheses Part of the Business Administration, Management, and Operations Commons, and the Business Analytics Commons Onnen, James, "Microsoft Store Strategic Audit" (2019). Honors Theses, University of Nebraska-Lincoln. 168. https://digitalcommons.unl.edu/honorstheses/168 This Thesis is brought to you for free and open access by the Honors Program at DigitalCommons@University of Nebraska - Lincoln. It has been accepted for inclusion in Honors Theses, University of Nebraska-Lincoln by an authorized administrator of DigitalCommons@University of Nebraska - Lincoln. Microsoft Store Strategic Audit James Onnen April 2019 This paper looks at Microsoft's Universal Store's digital distribution strategies for apps and games and potential strategies Microsoft can use to leverage its store to create value for itself and its users. This paper looks at specific uncaptured markets in gaming that Microsoft could capture. Contents 1 Background 1 2 Situational Analysis 2 2.1 Internal Situational Analysis . 3 2.2 External Situational Analysis . 4 2.2.1 Apps and services . 5 2.2.2 Digital games and Xbox . 5 2.2.3 Threat analysis . 5 2.3 Leadership structure . 7 3 Strategic alternatives 7 3.1 Capture the PC gaming market . 7 3.2 Capture gaming-as-a-service market with cross-platform support . 8 3.3 Convert developers to the Microsoft Store through PWA . 9 4 Strategic Recommendation 10 4.1 Strategic justification .
    [Show full text]