Transcription
EMC CorporationEMC VNX OE for Block v05.33 and File v8.1 with Unisphere v1.3 running on VNX Series Hardware Models VNX5200 ,VNX5400 , VNX5600 , VNX5800 , VNX7600 , andVNX8000 Security TargetEvaluation Assurance Level (EAL): EAL2 Document Version: 0.5 Prepared for:Prepared by:EMC Corporation176 South StreetHopkinton, MA 01748United States of AmericaCorsec Security, Inc.13135 Lee Jackson Memorial Hwy, Suite 220Fairfax, VA 22033United States of AmericaPhone: 1 508 435 1000http://www.emc.comPhone: 1 703 267 6050http://www.corsec.com
Security Target, Version 0.5April 24, 2014Table of Contents1INTRODUCTION . 41.1 PURPOSE . 41.2 SECURITY TARGET AND TOE REFERENCES . 51.3 PRODUCT OVERVIEW . 61.4 TOE OVERVIEW . 81.4.1 Brief Description of the Components of the TOE. 101.4.2 TOE Environment . 111.5 TOE DESCRIPTION .111.5.1 Physical Scope. 111.5.2 Logical Scope . 141.5.3 Product Physical/Logical Features and Functionality not included in the TOE . 162CONFORMANCE CLAIMS . 173SECURITY PROBLEM . 183.1 THREATS TO SECURITY.183.2 ORGANIZATIONAL SECURITY POLICIES .193.3 ASSUMPTIONS .194SECURITY OBJECTIVES . 204.1 SECURITY OBJECTIVES FOR THE TOE .204.2 SECURITY OBJECTIVES FOR THE OPERATIONAL ENVIRONMENT.204.2.1 IT Security Objectives . 204.2.2 Non-IT Security Objectives . 215EXTENDED COMPONENTS . 226SECURITY REQUIREMENTS . 236.1 CONVENTIONS .236.2 SECURITY FUNCTIONAL REQUIREMENTS .236.2.1 Class FAU: Security Audit . 256.2.2 Class FCS: Cryptographic Support . 266.2.3 Class FDP: User Data Protection . 286.2.4 Class FIA: Identification and Authentication. 316.2.5 Class FMT: Security Management . 326.2.6 Class FPT: Protection of the TSF . 356.2.7 Class FTP: Trusted path/channels . 366.3 SECURITY ASSURANCE REQUIREMENTS .377TOE SPECIFICATION . 387.1 TOE SECURITY FUNCTIONS .387.1.1 Security Audit . 397.1.2 Cryptographic Support . 397.1.3 User Data Protection . 397.1.4 Identification and Authentication. 407.1.5 Security Management . 417.1.6 Protection of the TSF . 427.1.7 Trusted Path/Channels . 428RATIONALE . 438.1 CONFORMANCE CLAIMS RATIONALE .438.2 SECURITY OBJECTIVES RATIONALE .438.2.1 Security Objectives Rationale Relating to Threats . 438.2.2 Security Objectives Rationale Relating to Policies . 468.2.3 Security Objectives Rationale Relating to Assumptions . 47EMC VNX OE for Block v05.33 and File v8.1 with Unisphere v1.3 running on VNX SeriesPage 2 of 57Hardware Models VNX5200 , VNX5400 , VNX5600 , VNX5800 , VNX7600 , andVNX8000 2014 EMC CorporationThis document may be freely reproduced and distributed whole and intact including this copyright notice.
Security Target, Version 0.58.38.48.59April 24, 2014RATIONALE FOR EXTENDED SECURITY FUNCTIONAL REQUIREMENTS .48RATIONALE FOR EXTENDED TOE SECURITY ASSURANCE REQUIREMENTS .48SECURITY REQUIREMENTS RATIONALE .488.5.1 Rationale for Security Functional Requirements of the TOE Objectives . 488.5.2 Security Assurance Requirements Rationale . 518.5.3 Rationale for Refinements of Security Functional Requirements . 518.5.4 Dependency Rationale . 51ACRONYMS . 549.1 ACRONYMS .54Table of FiguresFIGURE 1 DEPLOYMENT CONFIGURATION OF THE TOE .9FIGURE 2 PHYSICAL TOE BOUNDARY . 12List of TablesTABLE 1 – ST AND TOE REFERENCES .5TABLE 2 – VNX HARDWARE CONFIGURATION . 12TABLE 3 – CC AND PP CONFORMANCE . 17TABLE 4 – THREATS . 18TABLE 5 – ASSUMPTIONS . 19TABLE 6 – SECURITY OBJECTIVES FOR THE TOE . 20TABLE 7 – IT SECURITY OBJECTIVES . 20TABLE 8 – NON-IT SECURITY OBJECTIVES . 21TABLE 9 – TOE SECURITY FUNCTIONAL REQUIREMENTS. 23TABLE 10 – CRYPTOGRAPHIC ALGORITHMS . 26TABLE 11 – AUTHORIZED ROLES. 33TABLE 12 – ASSURANCE REQUIREMENTS . 37TABLE 13 – MAPPING OF TOE SECURITY FUNCTIONS TO SECURITY FUNCTIONAL REQUIREMENTS . 38TABLE 14 – THREATS:OBJECTIVES MAPPING . 43TABLE 15 – ASSUMPTIONS:OBJECTIVES MAPPING . 47TABLE 16 – OBJECTIVES:SFRS MAPPING . 48TABLE 17 – FUNCTIONAL REQUIREMENTS DEPENDENCIES. 51TABLE 18 – ACRONYMS AND TERMS . 54EMC VNX OE for Block v05.33 and File v8.1 with Unisphere v1.3 running on VNX SeriesPage 3 of 57Hardware Models VNX5200 , VNX5400 , VNX5600 , VNX5800 , VNX7600 , andVNX8000 2014 EMC CorporationThis document may be freely reproduced and distributed whole and intact including this copyright notice.
Security Target, Version 0.51April 24, 2014IntroductionThis section identifies the Security Target (ST), Target of Evaluation (TOE), and the ST organization. TheTOE is EMC VNX OE for Block v05.33 and File v8.1 with Unisphere v1.3 running on VNX SeriesHardware Models VNX5200 , VNX5400 , VNX5600 , VNX5800 , VNX7600 , and VNX8000 ,and will hereafter be referred to as the TOE. The TOE is a File and Block storage solution administered byUnified Management (Unisphere) and Command Line Interface (CLI) tools known as Navisphere CLI andControl Station CLI. The TOE provides access controls for internal storage provided by the TOEhardware. Internal file storage is accessed via Network Attached Storage (NAS) over a Local AreaNetwork (LAN) and block storage is accessed via traditional Storage Area Network (SAN) based protocols.1.1 PurposeThis ST is divided into nine sections, as follows: Introduction (Section 1) – Provides a brief summary of the ST contents and describes theorganization of other sections within this document. It also provides an overview of the TOEsecurity functions and describes the physical and logical scope for the TOE, as well as the ST andTOE references.Conformance Claims (Section 2) – Provides the identification of any Common Criteria (CC), STProtection Profile, and Evaluation Assurance Level (EAL) package claims. It also identifieswhether the ST contains extended security requirements.Security Problem (Section 3) – Describes the threats, organizational security policies, andassumptions that pertain to the TOE and its environment.Security Objectives (Section 4) – Identifies the security objectives that are satisfied by the TOEand its environment.Extended Components (Section 5) – Identifies new components (extended Security FunctionalRequirements (SFRs) and extended Security Assurance Requirements (SARs)) that are notincluded in CC Part 2 or CC Part 3.Security Requirements (Section 6) – Presents the SFRs and SARs met by the TOE.TOE Specification (Section 7) – Describes the security functions provided by the TOE that satisfythe security functional requirements and objectives.Rationale (Section 8) - Presents the rationale for the security objectives, requirements, and SFRdependencies as to their consistency, completeness, and suitability.Acronyms (Section 9) – Defines the acronyms and terminology used within this ST.EMC VNX OE for Block v05.33 and File v8.1 with Unisphere v1.3 running on VNX SeriesPage 4 of 57Hardware Models VNX5200 , VNX5400 , VNX5600 , VNX5800 , VNX7600 , andVNX8000 2014 EMC CorporationThis document may be freely reproduced and distributed whole and intact including this copyright notice.
Security Target, Version 0.5April 24, 20141.2 Security Target and TOE ReferencesTable 1 – ST and TOE ReferencesST TitleEMC Corporation EMC VNX OE for Block v05.33 and File v8.1 withUnisphere v1.3 running on VNX Series Hardware Models VNX5200 ,VNX5400 , VNX5600 , VNX5800 , VNX7600 , and VNX8000 Security TargetST VersionVersion 0.5ST AuthorCorsec Security, Inc.ST Publication Date2014-04-24TOE ReferenceHardware:VNX Series Hardware Models VNX5200 , VNX5400 , VNX5600 ,VNX5800 , VNX7600 , and VNX8000 Software:VNX OE for Block v05.33.000.5.035VNX OE for File v8.1.1.33Unisphere v1.3.1.1.0033Navisphere CLI v7.33.1.0.33KeywordsVNX, Storage Area Network, SAN, storage array, data storage, Unisphere,Network Attached Storage, NAS, Navisphere CLI, Data Mover, ControlStation, Storage ProcessorEMC VNX OE for Block v05.33 and File v8.1 with Unisphere v1.3 running on VNX SeriesPage 5 of 57Hardware Models VNX5200 , VNX5400 , VNX5600 , VNX5800 , VNX7600 , andVNX8000 2014 EMC CorporationThis document may be freely reproduced and distributed whole and intact including this copyright notice.
Security Target, Version 0.5April 24, 20141.3 Product OverviewThe Product Overview provides a high level description of the product that is the subject of the evaluation.The following section, TOE Overview, will provide the introduction to the parts of the overall productoffering that are specifically being evaluated.EMC VNX OE for Block v05.33 and File v8.1 with Unisphere v1.3 running on VNX Series HardwareModels VNX5200 , VNX5400 , VNX5600 , VNX5800 , VNX7600 , and VNX8000 can bedivided into three main components. VNX OE is the software portion of the product responsible for accesscontrols and management of storage. Unisphere, Navisphere CLI, and Control Station CLI comprise themanagement software that allows administrators to maintain and configure the product. VNX is thehardware portion of the product. Together, these components provide Block and File access to internalstorage for external entities:1.2.Block: controls access to internal storage for devices on a SAN. These access controls allowadministrators to determine which devices on a SAN have access to VNX storage, and also whichareas of storage (disks or portions of disks) are available to each device. Storage is provided overFibre Channel1 (FC) and Internet Small Computer Systems Interface (iSCSI).File: controls access to internal storage for devices on a LAN. While Block mode requiresdevices to access storage from a SAN using SAN-specific communications, VNX also providesNAS that allows traditional Internet Protocol (IP) - based devices to access internal storage over aLAN. NAS storage is provided over Network File System (NFS 2), Server Message Block (SMB3,also referred to as CIFS4), File Transfer Protocol (FTP), and Trivial File Transfer Protocol(TFTP).Unisphere is a unified management suite presented through a Graphical User Interface (GUI) that allowsadministrators to configure the majority of VNX functionality from a single management console. Inaddition to Unisphere, VNX provides a CLI called Navisphere CLI and a second CLI available on theControl Station, referred to as Control Station CLI. Navisphere CLI provides a subset of the functionalityavailable via the Unisphere GUI and is used to configure both Block and File functionality. Control StationCLI provides necessary functionality to configure File mode properties. Administrators can create shellscripts and batch files for CLI commands to automate management tasks. The Control Station CLI isaccessed using a Secure Shell (SSH) interface that administrators can use for File-specific configurationmanagement activities. The product includes an SSH server to provide this functionality.VNX OE/Unisphere administrators can provision (make available) internal storage to devices on a LANand devices on a SAN. Once storage has been provisioned to LAN users, it is no longer available to SANusers, and storage provisioned to SAN users is no longer available to LAN users. Storage can be reprovisioned as needed to suit the needs of users.In File mode, VNX presents itself as one or more standard network-based file servers to client machines ona LAN. In Block mode, VNX presents itself as a series of block storage devices to client machines on aSAN. Administrators manage VNX and control the policies that govern access to storage with theU
In File mode, VNX presents itself as one or more standard network-based file servers to client machines on 1 3. EMC VNX OE for Block v05.33 a
