Zte ZXR10 M6000, ZXR10 8900E, ZXR10 T8000 Security Target

ZXR10M6000&T8000&8900E

SeriesRoutersandSwitchesRunningthe

ZXROSNGOperatingSystem

SecurityTarget

ZTECORPORATION
NO.55,Hi-techRoadSouth,ShenZhen,P .R.China
Postcode:518057
Tel:+86-755-26771900
Fax:+86-755-26770801
URL:http://ensupport.zte.com.cn
E-mail:support@zte.com.cn

Version: R1.6

LEGALINFORMATION

Copyright©2011ZTECORPORA TION.

Thecontentsofthisdocumentareprotectedbycopyrightlawsandinternationaltreaties.Anyreproductionor

distributionofthisdocumentoranyportionofthisdocument,inanyformbyanymeans,withoutthepriorwritten

consentofZTECORPORATIONisprohibited.Additionally,thecontentsofthisdocumentareprotectedby

contractualcondentialityobligations.

Allcompany ,brandandproductnamesaretradeorservicemarks,orregisteredtradeorservicemarks,ofZTE

CORPORATIONoroftheirrespectiveowners.

Thisdocumentisprovided“asis”,andallexpress,implied,orstatutorywarranties,representationsorconditions

aredisclaimed,includingwithoutlimitationanyimpliedwarrantyofmerchantability,tnessforaparticularpurpose,

titleornon-infringement.ZTECORPORATIONanditslicensorsshallnotbeliablefordamagesresultingfromthe

useoforrelianceontheinformationcontainedherein.

ZTECORPORA TIONoritslicensorsmayhavecurrentorpendingintellectualpropertyrightsorapplications

coveringthesubjectmatterofthisdocument.ExceptasexpresslyprovidedinanywrittenlicensebetweenZTE

CORPORATIONanditslicensee,theuserofthisdocumentshallnotacquireanylicensetothesubjectmatter

herein.

ZTECORPORA TIONreservestherighttoupgradeormaketechnicalchangetothisproductwithoutfurthernotice.

UsersmayvisitZTEtechnicalsupportwebsitehttp://ensupport.zte.com.cntoinquirerelatedinformation.

TheultimaterighttointerpretthisproductresidesinZTECORPORATION.

RevisionHistory

DateVersionRemark

2011/03/010.8Draftversion

2011/05/091.0Initialversion

2011/05/251.1Revisedaccordingto“20110524ASEEORs”

2011/06/131.2Added“dateandversionofST”toSTcover

2011/06/201.3Revisedaccordingto“EOR_ASE_07_03”

2011/07/041.4AddedT8000&8900ESeriesRouters

2011/07/271.5Fixed“versionnumberofguidancedocuments”

2011/08/191.6Minorrenement

SerialNumber:SJ-20110815105844-030

PublishingDate:2011/08/19（R1.6）

Contents

Chapter1STINTRODUCTION...................................................................1-1

1.1STIDENTIFICATION..........................................................................................1-1

1.1.1STTitle....................................................................................................1-1

1.1.2References..............................................................................................1-1

1.2TOEIDENTIFICATION.......................................................................................1-2

1.3TOEOVERVIEW...............................................................................................1-4

1.3.1IntendedusageandsecurityfeaturesoftheTOE.......................................1-4

1.3.2Non-TOEcomponents..............................................................................1-4

1.4TOEDESCRIPTION...........................................................................................1-5

1.4.1Physicalscope.........................................................................................1-6

1.4.2Logicalscope...........................................................................................1-7

1.4.3EvaluatedConguration............................................................................1-8

Chapter2CONFORMANCECLAIMS........................................................2-1

2.1COMMONCRITERIA(CC)CONFORMANCE......................................................2-1

Chapter3SECURITYPROBLEMDEFINITION.........................................3-1

3.1Threat...............................................................................................................3-1

3.2Assumption........................................................................................................3-2

3.2.1PersonnelAssumptions............................................................................3-2

3.2.2PhysicalEnvironmentAssumptions...........................................................3-2

3.2.3OperationalAssumptions..........................................................................3-3

3.3ORGANIZATIONALSECURITYPOLICIES..........................................................3-3

Chapter4SECURITYOBJECTIVES..........................................................4-1

4.1SECURITYOBJECTIVESFORTHETOE...........................................................4-1

4.2SECURITYOBJECTIVESFORTHEENVIRONMENT.........................................4-2

Chapter5SECURITYREQUIREMENTS....................................................5-1

5.1SECURITYFUNCTIONALREQUIREMENTS......................................................5-1

5.1.1Overview.................................................................................................5-1

5.1.2SecurityFunctionalRequirements.............................................................5-3

5.2SECURITYASSURANCEREQUIREMENTS......................................................5-11

5.2.1SecurityAssuranceRequirements............................................................5-11

Chapter6TOESUMMARYSPECIFICATION.............................................6-1

6.1TOESECURITYFUNCTIONS............................................................................6-1

6.1.1SecurityAuditing......................................................................................6-1

I

6.1.2Identication&Authentication...................................................................6-3

6.1.3SecurityManagement...............................................................................6-4

6.1.4TOEAccess.............................................................................................6-7

6.1.5Userdataprotection.................................................................................6-7

6.1.6TrustedChannel.......................................................................................6-9

Chapter7RATIONALE...............................................................................7-1

7.1RATIONALEFORSECURITYOBJECTIVES.......................................................7-1

7.1.1RationaleforSecurityObjectivesfortheTOE.............................................7-1

7.1.2RationaleforSecurityObjectivesfortheEnvironment.................................7-1

7.2SECURITYREQUIREMENTSRATIONALE.........................................................7-2

7.2.1RationaleforTOEsecurityfunctionalrequirements.....................................7-2

7.2.2RationaleforSecurityAssuranceRequirements.........................................7-6

7.2.3FunctionalRequirementDependenciesRationale......................................7-6

AppendixADocumentT erminology........................................................A-1

Tables..............................................................................................................I

II

Chapter1

STINTRODUCTION

TableofContents

STIDENTIFICATION..................................................................................................1-1

TOEIDENTIFICATION...............................................................................................1-2

TOEOVERVIEW........................................................................................................1-4

TOEDESCRIPTION..................................................................................................1-5

1.1STIDENTIFICATION

1.1.1STTitle

V1.6oftheSecurityT argetfortheZXR10M6000&T8000&8900ESeriesRoutersand
SwitchesrunningtheZXROSNGOperatingSystem.

1.1.2References

ThefollowingdocumentationwasusedtopreparethisST.

[CCp1]

CommonCriteriaforInformationT echnologySecurityEvaluation–Part1:

Introductionandgeneralmodel,datedJuly2009,Version3.1Revision3Final,CCMB­2009-07-001

[CCp2]

CommonCriteriaforInformationT echnologySecurityEvaluation–Part2:

Securityfunctionalrequirements,datedJuly2009,Version3.1Revision3Final,
CCMB-2009-07-002

[CCp3]

CommonCriteriaforInformationT echnologySecurityEvaluation–Part3:

Securityassurancerequirements,datedJuly2009,Version3.1Revision3Final,
CCMB-2009-07-003

[CEM]

CommonEvaluationMethodologyforInformationTechnologySecurityEvaluation,dated
July2009,Version3.1Revision3Final,CCMB-2009-07-004

1-1

SJ-20110815105844-030|2011/08/19（R1.6）ZTECORPORA TION

ZXR10M6000&T8000&8900ESecurityTarget

1.2TOEIDENTIFICATION

ThisSecurityTargetdescribestheM6000&T8000&8900ESeriesofRoutersandSwitches
runningtheZXROSNGOperatingSystemv1.00.20.

TheM6000&T8000&8900Eseriesconsistsofthefollowing:

Table1-1M6000&T8000&8900ESeriesModels

SeriesModelInterfaceDescriptionType

M6000-88xPFU

4xSFU

2xMPU

M6000-1616xPFU

4xSFU

2xMPU

M6000-nSeries

lMPUsupportedinterfaces:

à1xEthernetManagementInterface

à1xRS232Console

lPFUsupportedinterfaces:

à1-port10GbpsElectronicalEthernet

à4-port10GbpsElectronicalEthernet

à10-port1GbpsOpticalEthernet

à12-portGigabitOpticalInterface

à16-Port100MElectricalInterface

à40-portGigabitOpticalinterface

à48-portGigabitElectricalinterface

à1-PortIEEE1588LAN/WANInterface

à2-PortIEEE1588LAN/WANInterface

lSFUsupportedinterface:none

SR

M6000-3S3xPFU

2xMPU

M6000-5S5xPFU

2xSRU

M6000-8S8xPFU

2xSRU

2xSFU

M6000-nSSeries

lMPU/SRUsupportedinterfaces:

à1xEthernetManagementInterface

SR

1-2

SJ-20110815105844-030|2011/08/19（R1.6）ZTECORPORA TION

Chapter1STINTRODUCTION

à1xRS232Console

lFPUsupportedinterfaces:

à2-port10GELAN/WANInterface

à12-portGigabitcomboInterface

lSFUsupportedinterface:none

T800016xPFU

4xSFU

2xMPU

T8000Series

lMPUsupportedinterfaces:

à1xEthernetManagementInterface

à1xRS232Console

lPFUsupportedinterfaces:

à1-port10GbpsElectronicalEthernet

à4-port10GbpsElectronicalEthernet

à10-port1GbpsOpticalEthernet

à16-Port100MElectricalInterface

à48-portGigabitElectricalinterface

lSFUsupportedinterface:none

CR

8902E2xMCS

2xLIC

8905E2xMCS

5xLIC

8908E2xMCS

8xLIC

8912E2xMCS

12xLIC

8900ESeries

lMCSsupportedinterfaces:

à1xEthernetManagementInterface

à1xRS232Console

lLICsupportedinterfaces:

à8-port10GEOpticalEthernet

à12-port10GEOpticalinterface

à48-portGigabitElectricalinterface

à48portGigabitOpticalinterface

ESS

1-3

SJ-20110815105844-030|2011/08/19（R1.6）ZTECORPORA TION

ZXR10M6000&T8000&8900ESecurityTarget

Themajordifferencebetweenmodelsisthetype,capacityandnumberofthephysical
interfacesdescribedintheabovetable.

1.3TOEOVERVIEW

1.3.1IntendedusageandsecurityfeaturesoftheTOE

TheTOEisZXR10M6000&T8000&8900Eseriesroutersandswitchesrunningthe
ZXROSNG1.00.20.

TheTOEenablesthedeliveryofmetroEthernetservicesandhigh-densityservice-aware
EthernetaggregationoverIP/MPLS-basednetworks.

Thesupportedprotocolsarelayer2/layer3encapsulationandInternetProtocol(IP),and
Ethernet.Otherprotocolsmaybesupportedbytheproduct,butarenotevaluated(see
section1.4.3).

ThemajorsecurityfeaturesoftheTOEare:

lHandlingofpacketowsusingtheRIPv2,OSPFv2,IS-ISandBGPv4protocols
lLocalandremoteadministration
lAuthentication,eitherintheTOEorthroughTACACS+orRADIUS.
lAdministratorProlestopermitordenyaccesstoahierarchicalbranchorspecic

commands.

lAudit
lManagementandcongurationoftheTOE
lMitigateDoSattacks
lURPF(UnicastReversePathForwarding)tolimitthemalicioustrafc

1.3.2Non-TOEcomponents

TheTOErequiresthefollowingITinitsenvironment:

Alocalorremoteconsoleforadministration(required)

Atleastoneisneeded,butbothareallowed.

lForalocalconsole:AnyplatformthatsupportsterminalemulationtotheANSIX3.64

standard;

lForaremoteconsole,anyplatformthatsupportsterminalemulationtotheANSIX3.64

standardandtheSSHprotocol.

ASNMP/SYSLOGserverforlogging(required)

Thismaybetwoplatformsoronecombinedplatform.

lFortheSNMPserver,anyplatformthatsupportsRFC3411-RFC3418(SNMPv3)
lFortheSYSLOGserver,anyplatformthatsupportsRFC3164(SYSLOGProtocol);

1-4

SJ-20110815105844-030|2011/08/19（R1.6）ZTECORPORA TION

Chapter1STINTRODUCTION

AlllogsarestoredintheTOEwheneverthereisnewloggeneratedandthentheTOE
transferredtheloglestoSNMP/SYSLOGServerswithSNMP/SYSLOGnetworkprotocol
throughinternalnetworkinaconstantperiodtime.Thelogleisstoredunderthe‘data’
directoryoftheash/diskinsidetheTOE.Fordetailcontentofthelog,pleasereference
chapter5.1.2.1.

ANTPServer(required)

AnyplatformthatsupportsRFC1305(NTPv3)

ARADIUSorTACACS+serverforAAAservices(optional)

lFortheRADIUSServer,anyplatformthatsupportsRFC2865(Authentication&

Authorization)andRFC2866(Accounting)forRADIUS.

lFortheTACACS+Server,anyplatformthatsupportsTACACS+Version1.78

（DRAFT);

Atleasttwoexternalnetworksandaninternalnetwork

ThemajorfunctionalityoftheTOEistoforwarddatapacketsalongnetworks.Thereshould
beatleasttwodistinctnetworksornetworksegments:commonlytwoLANsorWANsor
aLANanditsISP’snetwork.Thereshouldalsobeaninternalnetworkthatconnectsthe
SNMP/SYSLOGserver,theNTPserverandtheRADIUS/TACACS+servertotheTOE.

1.4TOEDESCRIPTION

TheTOEisZXR10M6000&T8000&8900Eseriesroutersandswitchesrunningon
ZXROSNG.

M6000&T8000routerisadevicethatdeterminesthenextnetworkpointtowhichapacket
shouldbeforwardedtowarditsdestination.Itislocatedatanygateway(whereonenetwork
meetsanother).

M6000&T8000&8900Eroutersandswithesmaycreateormaintainatableoftheavailable
routesandtheirconditionsandusethisinformationalongwithdistanceandcostalgorithms
todeterminethebestrouteforagivenpacket.RoutingprotocolsincludeBGP ,RIPv2,
IS-ISandOSPF.IPpacketsareforwardedtotherouteroveroneormoreofitsphysical
networkinterfaces,whichprocessesthemaccordingtothesystem’scongurationand
stateinformationdynamicallymaintainedbytherouter.Thisprocessingtypicallyresultsin
theIPpacketsbeingforwardedoutoftherouteroveranotherinterface.

TheSeriessoftwareusesabasereal-timeoperatingsystem(OS).Theprimarycopyof
TOEsoftwareislocatedonaharddriveinthehardwareplatforms.Theremovablemedia
isshippedwitheachrouterandcontainsacopyoftheversionimage.

TheTOEconsistsoftwoplanes:ControlplaneandForwardingplane.

1-5

SJ-20110815105844-030|2011/08/19（R1.6）ZTECORPORA TION

ZXR10M6000&T8000&8900ESecurityTarget

ControlPlane

Thecontrolplanereceivescongurationcommands,protocolinformationandkeep-alive
packetsfromotherplanestoimplementsthefollowingfunctions:

lCongurationofcommandparameter,displayingstatisticsandstatusinformation.
lLocalauthentication,RADIUSauthenticationandT ACACS+authentication
lAuditloggingandSNMPtrappingandpreciseclocksynchronization
lGenerationofvarietyofcongurationitemssuchasroutingtables,IPandMAC

bindingtable,ACLtable,etc.

lImportantprotocolssuchasBGPv4/RIPv2/IS-IS/OSPFv2supportsvariety

ofauthenticationmethods(noauthentication,cleartextauthentication,MD5
authentication),.

Controlplanesendsprotocolpacketandtableentriestotheotherplane.

ForwardingPlane

Theforwardingplaneforwardstheuserdata,receivesprotocolpackets,keep-alive
packetsandcongurationtableentriesfromotherplanes.Theprotocolinformationand
keep-alivepacketaresenttothenetworkaccordingtotheirpriorities.TopreventIP
addresstheftfromleased-lineusers,theleased-lineIPaddressesareboundtospecic
MACaddresses.T orestricttheunknownuserstoaccesstheTOE,theACLisassigned
tothenetworkinterface.ByspecifyingtheURPFtotheimportingnetworkinterface
andcheckingtheconsistencyofthesourceroutingaddressandtheincominginterface,
TheTOEcanpreventIPspoongattacks.T opreventDoSattacks,theTOElimitsthe
up-sendingow,thetrafctocontrolplane,ratetoprotecttheCPUwhenthedataow
exceedingtheconguredthreshold,theexceededtrafcwillbedropped.ThentheTOE
dispatchesincomingpacketstocontrolplane.

Theforwardingplanealsoprovidesstatisticalinformationtotheotherplane.

1.4.1Physicalscope

TheTOEconsistsof:

laM6000seriesSR
laT8000seriesCR
la8900EseriesESS
lacopyofZXROSNGV1.00.20:locatedonacompactashcard/disk,whichcanbe

insertedintheSR/CR/ESSandisshippedwiththeSR/CR/ESS.Thecompleteversion
informationofZXROSNGV1.00.20areasfollows:

1-6

SJ-20110815105844-030|2011/08/19（R1.6）ZTECORPORA TION

Chapter1STINTRODUCTION

àZXR10M6000-16ZTEZXR10Software,

Version:M6000v1.00.30(1.0.70),ZXROSNGV1.00.20,ReleasesoftwareBuildon

2011/06/0709:27:25

àZXR10T8000-16ZTEZXR10Software,

Version:T8000v1.00.12(1.0.70),ZXROSNGV1.00.20,ReleasesoftwareBuildon

2011/06/0709:27:25

àZXR108902ESoftware,8900&8900EVersion:V3.00.01.B08P06,ZXROSNGV1.00.20RE-

LEASESOFTWARECompiled2011-6-8,16:51:27

lguidancedocuments

àZXR10M6000&T8000&8900ESeriesRoutersandSwitchesRunning

ZXROSNG_AGD_OPEv1.7

àZXR10M6000&T8000&8900ESeriesRoutersandSwitchesRunning

ZXROSNG_AGD_PREv1.3

1.4.2Logicalscope

TheTOEisconnectedtoaninternal(trusted)networkandtwoormoreexternal(untrusted)
networks.

Theexternalnetworksarethenetworkstoberoutedandsupporttheprimaryfunctionofthe
TOE:thehandlingofpacketowsfromonenetworktoanother.Typically,packetowsare
passedthroughtheinternetworkingdeviceandforwardedtotheircongureddestination.
Thepacketowscanbemanipulatedandmonitoredaswell.Routingprotocolsusedare
RIPv2,OSPFv2,IS-IS,andBGPv4.

Theinternalnetworkmaycontainthefollowingentities:

lARADIUSorTACACS+ServerforIdentication&Authentication(optional)
lASNMP/SYSLOGserverforlogging(required)
lANTPServerforexternaltimesynchronisation(required)
lAlocalconsoleformanagementoraremoteconsoleformanagement.Thisremote

consoleconnectswiththeTOEthroughtheSSH.(required)

TheTOEprovidesthefollowingservices:

lHandlingofpacketows:asdescribedaboveusingtheRIPv2,OSPFv2,IS-IS,and

BGPv4protocolswhichcanpreventthecommunicationwithtrustedroutersfrom
modication,insertionandreplayerrors.Packetowscanberestrictedtocomeonly
fromauthorizedsourcesand/orgotoauthorizeddestinations.

lLocal(throughaconsoleport)andremote(protectedthroughSSHorSNMPv3)

accesstotheTOEforadministrators.Thesesessionsaredroppedaftera
congurableamountoftotalsessiontimeorafteracongurableamountofidletime
topreventaccesstounattendedopensessions.

lAuthentication:Accesspermissioniscontrolledusing:TACACS+;RADIUS;or

localauthentication.Aprole,whichisbasedonadministratornameandpassword
congurations,isappliedfortheadministratorauthorizationprocesses.ThisST

1-7

SJ-20110815105844-030|2011/08/19（R1.6）ZTECORPORA TION

ZXR10M6000&T8000&8900ESecurityTarget

addressesonlytheclient-sidesupportofRADIUSandTACACS+:theservers
themselvesareout-of-scope.

lProles:Administratorprolesareconguredtopermitordenyaccesstoa

hierarchicalbranchorspeciccommands.

lAudit:TheTOEprovidesanauditfeatureforactionsrelatedtoauthenticationattempts

andadministratoractions

lManagement:TheTOEoffersadministratorsthecapabilitytoconguretheTOE

(primarilythepacketowhandlingandauditfeatures).

lMitigateDoSattacksthroughuseofreal-timestatisticscapabilitiesandURPF(Unicast

ReversePathForwarding)

1.4.3EvaluatedConfiguration

TheTOEhasmanyfeaturesthatcanbeconguredtobeonoroff.Thetablebelowlists
thesefeaturesandshowswhethertheyare:

lEvaluated:thismeansthatthefeaturecanbeenabled,anditwillworksecurely.
lNotPermitted:thismeansthatthefeaturemaynotbeenabled,asthiswillendanger

thesecurityoftheentireTOE.

lNotEvaluated:thismeansthatthefeaturecanbeenabled,thatenablingthisfeature

willnotendangerthesecurityoftheotherfeatures,buttheevaluationhasnot
determinedwhetherthefeatureitselfwillworksecurely.

Table1-2EvaluatedConguration

FeatureDescriptionEvaluatedNot

Permitted

Not

Evaluated

AAATACACS+RADIUS(Remote

AccessDial-InUserService)

×

ACLAccesscontrollists.×

DHCPDynamicHostControlProtocol

(DHCP)enablesyouto

automaticallyassignreusable

IPaddressestoDHCPclients.

×

IGMP××

IPv6××

MediaTypes

(non-Ethernet)

ADSL,ATM,FrameRelay ,ISDN,

MPLS,PPP ,PPPoE,SDH,and

SONET.

×

NATNetworkAddressTranslationis

usedbyadevice(rewall,router

orcomputer)thatsitsbetweenan

internalnetworkandtherestofthe

world.

×

1-8

SJ-20110815105844-030|2011/08/19（R1.6）ZTECORPORA TION

Chapter1STINTRODUCTION

FeatureDescriptionEvaluatedNot

Permitted

Not

Evaluated

NetFlow×

NTPv3NetworkTimeProtocolversion3×

QoSQualityofServicefeatures×

STPSpanningtreeprotocol×

RoutingProtocol

Disabled

RIPversion1××

RIPv2:RoutingInformation

Protocol(RIP)version2(MD5

authentication)

×

OSPFv2:OpenShortestPathFirst

(OSPFv2)Mode2

×

IS-IS:IntermediateSystem

to-IntermediateSystemProtocol.

×

RoutingProtocols

Permitted

BGPv4:BorderGatewayProtocol×

StaticRoutingStaticRoutingT able×

SSHv1SSHversion1clientandserver

support.

××

SSHv2SSHversion2clientandserver

support.

×

SNMPv2××

SNMPv3SimpleNetworkManagement

Protocol(SNMP):

×

SYSLOGCongurationanddeliveryof

SYSLOGmessages.

×

Telnet××

FTP/TFTP××

VLANNotevaluated:VirtualLAN×

MitigateDoS

attack

Denialofservice×

URPFUnicastReversePathForwarding×

VPNNotpermittedintheevaluated

conguration:WebVPN,IPSec,

IKE,L2TP(Layer2Tunneling

Protocol).

××

1-9

SJ-20110815105844-030|2011/08/19（R1.6）ZTECORPORA TION

ZXR10M6000&T8000&8900ESecurityTarget

FeatureDescriptionEvaluatedNot

Permitted

Not

Evaluated

IPSECNotevaluated:IPSecprovides

condentiality,authenticityand

integrityforIPdatatransmitted

betweentrusted(private)networks

orremoteclientsoveruntrusted

(public)linksornetworks.

×

1-10

SJ-20110815105844-030|2011/08/19（R1.6）ZTECORPORA TION

Chapter2

CONFORMANCECLAIMS

TableofContents

COMMONCRITERIA(CC)CONFORMANCE............................................................2-1

2.1COMMONCRITERIA(CC)CONFORMANCE

ThisSTconformsto:

lCC,version3.1R3,asdenedby[CCp1],[CCp2],[CCp3]and[CEM].
lCCPart2asCCPart2conformant
lCCPart3asCCPart3conformant

ThisSTconformstonoProtectionProle.

ThisSTconformstoEAL3+ALC_FLR.2,andtonootherpackages.

2-1

SJ-20110815105844-030|2011/08/19（R1.6）ZTECORPORA TION

ZXR10M6000&T8000&8900ESecurityTarget

Thispageintentionallyleftblank.

2-2

SJ-20110815105844-030|2011/08/19（R1.6）ZTECORPORA TION

Chapter3

SECURITYPROBLEM
DEFINITION

InordertoclarifythenatureofthesecurityproblemthattheTOEisintendedtosolve,this
sectiondescribesthefollowing:

1.Anyknownorassumedthreatstotheassetsagainstwhichspecicprotectionwithin
theTOEoritsenvironmentisrequired

2.AnyorganizationalsecuritypolicystatementsorruleswithwhichtheTOEmustcomply

3.Anyassumptionsaboutthesecurityaspectsoftheenvironmentand/orofthemanner
inwhichtheTOEisintendedtobeused.

ThischapteridentiesthreatsasT .THREAT,assumptionsasA.ASSUMPTIONandpolicies
asP .POLICY .

TableofContents

Threat........................................................................................................................3-1

Assumption................................................................................................................3-2

ORGANIZATIONALSECURITYPOLICIES................................................................3-3

3.1Threat

Athreatconsistsofathreatagent,anassetandanadverseactionofthatthreatagenton
thatasset.

1.Threatagentsareentitiesthatcanadverselyactonassets–thethreatagentsinthe
threatsbelowareunauthorizeduser,networkattacker,authorizeduserand

2.Assetsareentitiesthatsomeoneplacesvalueupon–theassetsareaccesstonetwork
services,

3.Adverseactionsareactionsperformedbyathreatagentonanasset–theadverse
actionsare:unauthorizedchangestoconguration,bothnetworkroutingconguration
andmanagementconguration.

Table3-1Threat

THREATDESCRIPTION

T.AUDIT_REVIEWActionsperformedbyusersmaynotbeknowntotheadministrators

duetoactionsnotbeingrecordedortheauditrecordsnotbeing

reviewedpriortothemachineshuttingdown,oranunauthorized

administratormodiesordestroysauditdata.

3-1

SJ-20110815105844-030|2011/08/19（R1.6）ZTECORPORA TION

ZXR10M6000&T8000&8900ESecurityTarget

THREATDESCRIPTION

T.NO_PRIVILEGEAnunauthorizedusermaygainaccesstoinappropriatelyview ,tamper,

modify,ordeleteTOESecurityFunctionalitydata.

T.MEDIATEAnunauthorizedentitymaysendimpermissibleinformationthrough

theTOEwhichresultsintheexploitationofresourcesonthenetwork.

T.NO_AUTH_SESSIONAusermaygainunauthorizedaccesstoanunattendedsessionand

altertheTOEsecurityconguration.

T.NO_AUTH_ACCESSAnunauthorizedusergainsmanagementaccesstotheTOEandalter

theTOEsecurityconguration.

3.2Assumption

Theassumptionsareorderedintothreegroups:PersonnelAssumptions,Physical
EnvironmentAssumptions,andOperationalAssumptions.

3.2.1PersonnelAssumptions

Table3-2PersonnelAssumption

ASSUMPTIONDESCRIPTION

A.NO_EVIL&TRAINTheauthorizedadministratorsarenotcareless,willfullynegligent,or

hostile,andwillfollowandabidebytheinstructionsprovidedbythe

TOEdocumentation,includingtheadministratorguidance;however ,

theyarecapableoferror .Theadministratorsaretrainedinthe

appropriateuseoftheTOE.

3.2.2PhysicalEnvironmentAssumptions

Table3-3PhysicalAssumption

ASSUMPTIONDESCRIPTION

A.CONNECTIVITYAllTOEexternalinterfacesexceptforthenetworktrafc/datainterface

areattachedtotheinternal(trusted)network.Thisincludes:

1.RADIUS,TACACS+serverinterface(optional)

2.SNMP/SYSLOGinterface(required)

3.NTPinterface(required)

4.SSHinterfaceforremoteclient(atleastoneofthelocalor

remoteadministrationclientisrequired)

3-2

SJ-20110815105844-030|2011/08/19（R1.6）ZTECORPORA TION