TM ASSURANCE CONTINUITY MAINTENANCE REPORT FOR BROCADE COMMUNICATIONS SYSTEMS MLXe AND NetIron FAMILY DEVICES WITH Multi-Service IronWare R06.0.

Transcription

1 TM ASSURANCE CONTINUITY MAINTENANCE REPORT FOR BROCADE COMMUNICATIONS SYSTEMS MLXe AND NetIron FAMILY DEVICES WITH Multi-Service IronWare R Maintenance Update of Brocade Communication Systems Brocade MLXe and NetIron Family Devices with Multi-Service IronWare R Maintenance Report Number: CCEVS-VR-VID Date of Activity: 01 September 2016 References: Common Criteria Evaluation and Validation Scheme Publication #6, Assurance Continuity: Guidance for Maintenance and Re-evaluation, version 2.0, 8 September 2008; Impact Analysis Report for Brocade MLXe Family Devices with Multi- Service IronWare R (NDPP11E3.VPNGEP11), Revision 1.0, August 24, 2016 Documentation reported as being updated: Brocade MLXe Family Devices with Multi-Service IronWare R (NDPP11E3/VPNGEP11) Security Target, Version 1.0, 08/24/16; Brocade NetIron FIPS and Common Criteria Configuration Guide, Supporting Multi- Service Ironware R aa, , 18 May 2016; Brocade NetIron Monitoring Configuration Guide, Supporting NetIron OS , , 29 April 2016; Brocade NetIron Management Configuration Guide Supporting NetIron OS , , 29 April 2016; and Brocade NetIron Security Configuration Guide Supporting NetIron OS , , 29 April 2016 Assurance Continuity Maintenance Report: Gossamer Security Solutions, on behalf of Brocade Communications Systems, Inc., submitted an Impact Analysis Report (IAR) to Common Criteria Evaluation Validation Scheme (CCEVS) for approval on 24 August The IAR is intended to satisfy requirements outlined in Common Criteria Evaluation and Validation Scheme Publication #6, Assurance Continuity: Guidance for Maintenance and Re-evaluation, version 2.0. In accordance with those requirements, the IAR describes the changes made to the certified TOE, the evidence updated as a result of the changes and the security impact of the changes.

2 The IAR identifies the changes to the TOE included updating the operating system to NetIron , adding new non-security features, providing enhanced support for IPsec, and various bug fixes. The new non-security features were considered to be outside the scope of the NDPP/VPNGW IPsec changes were assessed and none were considered to be security relevant. NetIron was also revised to fix a number of bugs. These changes are also determined to be outside the scope of the original The evaluation evidence consists of the Security Target, Impact Analysis Report (IAR), and release notes. The Security Target was revised to reflect the new software version. The IAR and release notes were new. Note that Brocade continually tracks bugs, vulnerabilities, and other defects reported in the public domain and at the time of this report there are no known outstanding security-related vulnerabilities in the TOE. Changes to TOE: The Target of Evaluation (TOE) is the Brocade Communication Systems, Inc Brocade MLXe Family Devices with Multi-Service IronWare R and includes a various series and models. The TOE is composed of a hardware appliance with embedded software installed on a management processor. The embedded software is a version of Brocades' proprietary Multi-Service IronWare software. The software controls the switching and routing network frames and packets among the connections available on the hardware appliances. The TOE has been revised from the evaluated IronWare R aa to IronWare version R There were no changes to the hardware platforms. Non-security relevant software changes have also been made and are documented in the NI OS for Brocade MLXe and NetIron Release Notes v3.0, May 27, The changes are summarized below. NetIron Software Updates: The TOE software was updated from version aa to version R and no hardware changes were made to the evaluated configuration. The software updates included new nonsecurity relevant features and bug fixes. The software updates and their effects and relevance are summarized below: 1. Support for IPsec Security Consideration L2 over IPsec The feature provides secure point to point layer 2 extension over WAN. The layer 2 traffic is encrypted by IPsec tunnels using the most advanced Suite-B security protocols. This is not security relevant because the claimed and tested VPN functionality remains the same. This is an extension to the already evaluated function.

3 ICX IPsec interoperability - ICX and MLXe have been tested to interoperate in the same IPsec tunnels for secure VPN connection for enterprise vrouter IPsec interoperability - vrouter and MLXe have been tested to interoperate in the same IPsec tunnels for secure VPN connection between enterprise data center and public cloud for hybrid cloud use case. Track IPsec tunnels for VRRP failover - If the IPsec tunnel goes down, the VRRP / VRRPe priority will decrement and trigger the failover the VRRP / VRRPe peers. Option to display IKEv2 debug for a particular IPsec tunnel - The debug option displays IKEv2 debug logs for a specific IPSec tunnel as configured by the user. The debug logs are as per the currently supported debug logs such as trace, event, error, packet et cetera ICX is an additional hardware line at Brocade. The hardware is not being added to the evaluated configuration. vrouters were not considered in the original As such the VRouter functionality is outside the scope of the NDP/VPNGWP evaluation Failover was not considered in the original As such the failover functionality is outside the scope of the NDP/VPNGWP This is not security relevant because the claimed and tested VPN functionality remains the same. This is an extension to the already evaluated IKEv2 function. 2. New non-security features Security Consideration Software-defined Network (SDN) Path Computing Element Communication Protocol (PCEP) - Path Computing Element (PCE) is SDN based solution for MPLS traffic engineering. OpenFlow to MPLS LSP as logical port - MPLS LSP tunnels are supported in OpenFlow as logical ports. Network Packet Broker enhancements Increase traffic streams to 6K Increase L2 and L3 ACL to 4K SNMP monitoring support L2 High/low watermark thresholds for traffic statistics IPv6 ACL.1p match BGP diverse path BGP Add-Path - This enables router to advertise multiple paths for the same prefix for multi-pathing and faster convergence. PCEP and OpenFlow are outside the scope of the NDPP These enhancements deal with performance issues and are outside the scope of the NDPP The router path enhancements are outside the scope of the NDPP

4 BGP Best External - The router can advertise the best external BGP path to the BGP neighbors even when it receives a better internal BGP route. This enable multiple exit paths to other AS GRE enhancements GRE tunnel bypassing ACL GRE tunnel to hand off to IPv6 over IPv4 IPv6 enhancements - IPv6 for VE over VPLS IPv6 ACL deny logging IPv6 ACL per SNMP server group New Optics - 40G Bi-Di QSFP 40G Bi-Di QSFP+ optics is now supported on the MLXe 4- port 40G line card. RADIUS over TCP / TLS Radius connection will be sent over TCP (RFC 6613) and also over TLS (RFC 6614) to provide encrypted RADIUS. Performance enhancement Several changes were made to improve performance including faster routing, load balancing, CPU usage, and configurable delays. Additional show commands Several additional commands have been added to provide the administrator more information The routing tunnel functionality is outside the scope of the NDPP The ACL and routing functionality is outside the scope of the NDPP The interface type does not affect the security claimed in the NDPP Using RADIUS over TLS is a topic of the NDPP. However, the NetIron evaluation did not include this requirement. Brocade intends to address this as part of future Since there are no requirements in the ST, this does not apply to the security posture of the existing Performance enhancements are outside the scope of the NDPP The administrator is required to authenticate before performing any management. All necessary management commands were evaluated in the original Additional commands are an enhancement to the administrator but not necessary for the NDPP Security considerations for bug fixes: There are several bugs identified as being part of the security group. The analysis documented below analyzes each of the bug fixes with regard to the effect on Common Criteria certification of the TOE. Bug Description ACLRelated bugs There are several ACL related bugs. The NDPP does not address ACL related

5 MAC/802.1x Port-based Authentication Related bugs Policy based routing SSH Bad client version string" error is reported when backing up MLX configuration via SCP through BNA. SSH Device may unexpectedly reload during SSH access SSH - Unexpected reload of Management module when copying multiple L2 ACL configuration files using SCP/ Tftp://ftp SSH - Device may unexpectedly reload when a SSH client is attempting to login to it. SSH - The SSH session terminates unexpectedly when running "show tech- support" command MACsec - Media Access Control security - When delete-dynamic-learn" is enabled under "globalport-security", MAC addresses learnt on a PMS enabled LAG member port do not get deleted after the corresponding interface flaps. IPsec Bug fixes functionality so these bugs are not security relevant in the context of the NDPP Port-based authentication is outside the scope of the NDPP Policy based routing is outside the scope of the NDPP evaluation MACsec is outside the scope of the NDPP There are several IPsec related bug fixes. These fixes address SFlow configurations, tunnel disconnects, delays, displaying parameters, configuration issues, interoperability with 3 rd parties, and performance issues. These bug fixes do not dirty address an NDPP/VPNGW functionality. Conclusion: CCEVS reviewed the description of the changes and the analysis of the impact upon security, and found them all to be minor. In addition, the CCTL reported having conducted a vulnerability search update that located no new vulnerabilities. Further, it was also reported that the Vendor did regression testing and that the changes, collectively, had no security impact on the TOE. Therefore, CCEVS agrees that the original assurance is maintained for the product.