Security Gateway Appliances R77 Security Target

Security Gateway Appliances R77 Security Target

Security Gateway Appliances R77 Security Target Version 1.4 November 18, 2013 Prepared by: Metatron Security Services Metatron Security Services Ltd. Security Gateway Appliances R77 Security Target Version 1.4 2 Prologue 11/18/2013 © 2013 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. TRADEMARKS: Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks. Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list of relevant copyrights and third-party licenses. Copyright 2013, Check Point Software Technologies Ltd. All Rights Reserved. Security Gateway Appliances R77 Security Target Version 1.4 3 Prologue 11/18/2013 Document Version Control Log Version Date Author Description Version 0.1 July 13, Nir Initial draft. 2009 Naaman Version 0.5 December Nir Post-iVOR updates: removed FAU_SAA.4. Expanded 7, 2009 Naaman description of L2TP support. Added FCS_CKM.1 and FCS_CKM.4 SFRs. Removed AVA_VAN.4 claim. Version 0.9 September Nir Updated software version to R75, supporting IPSO and 7, 2011 Naaman Gaia operating systems. Version 1.0 December Nir Updated software version to R76. Removed support for 31, 2012 Naaman IPSO. Incorporated virtualization functionality. Cryptographic enhancements: Added support for SHA-256 integrity algorithm. Key generation changed from X9.31 PRNG to SP 800- 90 based hash DRBG (SHA-256). SIC now uses 128 bit AES in place of Triple DES. IPsec VPN supports both IKEv1 and IKEv2. IKE now supports HMAC-SHA-256 and HMAC- SHA-384 keyed integrity algorithms. IKE now supports Diffie-Hellman groups 19 and 20 (256 and 384-bit Random ECP). IKE/IPsec now supports AES-GCM confidentiality and integrity algorithm. Added support for ECDSA (P-256, P-384, and P-521). Added support for TLSv1.1 and TLSv1.2 in SSL VPN and HTTPS Inspection. Added description of HTTPS Inspection functionality. Removed support for SecureClient Mobile. Clarified FRU_FLT.2 mappings. Version 1.1 April 15, Nir Updated references to R76 guidance documentation. 2013 Naaman Copyright 2013, Check Point Software Technologies Ltd. All Rights Reserved. Security Gateway Appliances R77 Security Target Version 1.4 4 Prologue 11/18/2013 Version Date Author Description Version 1.2 September SAIC Updated to version R77, correcting product list, and 18, 2013 dropping all claims regarding X9.31 Version 1.3 September SAIC Updated supported platform list. 24, 2013 Version 1.4 November Leidos Added SecureXL reference. 18, 2013 (formerly SAIC) Copyright 2013, Check Point Software Technologies Ltd. All Rights Reserved. Security Gateway Appliances R77 Security Target Version 1.4 5 Prologue 11/18/2013 Table of Contents 1. ST Introduction ......................................................................................................................... 11 1.1. ST Reference ................................................................................................................... 11 1.2. TOE Reference ................................................................................................................ 11 1.3. Document Organization ................................................................................................... 12 1.4. TOE Overview ................................................................................................................. 13 1.4.1. Usage and Major Security Features of the TOE ....................................................... 13 1.4.2. TOE Type.................................................................................................................. 14 1.4.3. Non-TOE Hardware/Software/Firmware Required by the TOE .............................. 15 1.5. TOE Description .............................................................................................................. 17 1.5.1. Physical Scope of the TOE ....................................................................................... 18 1.5.2. TOE Guidance .......................................................................................................... 24 1.5.3. Logical Scope of the TOE ......................................................................................... 25 1.5.4. Check Point Services ................................................................................................ 44 2. Conformance Claims ................................................................................................................ 46 2.1. CC Conformance ............................................................................................................. 46 2.2. Assurance Package Conformance ................................................................................... 46 2.3. PP Conformance .............................................................................................................. 46 2.4. Conformance Rationale ................................................................................................... 47 2.4.1. Introduction ............................................................................................................... 47 2.4.2. Consistency of the Security Problem Definition ...................................................... 47 2.4.3. Security Objectives Conformance ............................................................................ 48 2.4.4. Security Functional Requirements Conformance ..................................................... 51 2.4.5. Security Assurance Requirements Conformance ...................................................... 58 3. Security Problem Definition ..................................................................................................... 59 3.1. Threats ............................................................................................................................. 59 3.1.1. Firewall-related Threats ............................................................................................ 59 3.1.2. IDS-related Threats ................................................................................................... 60 3.1.3. Virtualization-related Threats ................................................................................... 61 3.1.4. VPN-related Threats ................................................................................................. 61 Copyright 2013, Check Point Software Technologies Ltd. All Rights Reserved. Security Gateway Appliances R77 Security Target Version 1.4 6 Prologue 11/18/2013 3.1.5. Fault-related Threats ................................................................................................. 61 3.2. Assumptions .................................................................................................................... 61 3.3. Organizational Security Policies ..................................................................................... 62 3.3.1. Firewall PP OSPs ...................................................................................................... 62 3.3.2. IDS System PP OSPs ................................................................................................ 62 3.3.3. Virtualization OSPs .................................................................................................. 63 4. Security Objectives ................................................................................................................... 64 4.1. Security Objectives for the TOE ..................................................................................... 64 4.1.1. Firewall PP Objectives .............................................................................................. 64 4.1.2. IDS PP Objectives..................................................................................................... 65 4.1.3. VPN Objectives ........................................................................................................ 65 4.1.4. Virtualization Objectives .......................................................................................... 66 4.1.5. Fault Tolerance Objectives ....................................................................................... 66 4.2. Security Objectives for the Operational Environment .................................................... 66 4.2.1. Security Objectives for the Environment Upholding Assumptions .......................... 66 4.2.2. Authentication Security Objectives for the IT Environment .................................... 67 4.2.3. VPN Security Objectives for the IT Environment .................................................... 67 4.2.4. VLAN Security Objectives for the IT Environment ................................................. 67 4.3. Security Objectives

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    194 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us