SERTIT-030 CR Certification Report

SERTIT-030 CR Certification Report
Sertifiseringsmyndigheten for IT-sikkerhet Norwegian Certification Authority for IT Security
SERTIT-030 CR Certification Report
Issue 1.0 15 March 2012
ZTE Softswitch and Media Gateway Communication System V 1.0
CERTIFICATION REPORT - SERTIT STANDARD REPORT TEMPLATE SD 009 VERSION 2.1 11.11.2011
SERTIT, P.O. Box 14, N-1306 Bærum postterminal, NORWAY
Phone: +47 67 86 40 00 Fax: +47 67 86 40 09 E-mail: [email protected] Internet: www.sertit.no
ZTE Softswitch and Media Gateway
Communication System Version 1.0
EAL 2+
ARRANGEMENT ON THE RECOGNITION OF COMMON CRITERIA CERTIFICATES IN
THE FIELD OF INFORM ATION TECHNOLOGY SECURITY
SERTIT, the Norwegian Certification Authority for IT Sec urity, is a member of the
above Arrangement and as such this confirms that the Common Criteria certificate
has been issued by or under the authority of a Party to this Arrangement and is the
Party’s cla im that the certificate has been issued in accordance with the terms of
this Arrangement
The judgements contained in the cert ificate and Cert ification Report are those of
SERTIT which issued it and the Norwegian evaluation facility (EVIT) which carried
out the evaluation. There is no implication of acceptance by other Members of the
Agreement Group of liability in respect of those judgements or for loss sustained as
a result of reliance pla ced upon those judgements by a third party. [*]
* Mutual Recognit ion under the CC recognit ion arrangement applies to EAL 2 but not
to ALC_FLR.2
Page 2 of 22
SERTIT-030 CR Issue 1.0
15 March 2012
ZTE Softswitch and Media Gateway
Communication System Version 1.0
EAL 2+
Contents
1
Certification Statement
5
2
Abbreviations
6
3
References
8
4
4.1
4.2
4.3
4.4
4.5
4.6
4.7
4.8
4.9
4.10
4.11
4.12
4.13
4.14
4.15
4.16
4.17
Executive Summary
Introduction
Evaluated Product
TOE scope
Protection Profile Conformance
Assurance Level
Security Policy
Security Claims
Threats Countered
Threats Countered by the TOE’s environment
Threats and Attacks not Countered
Environmental Assumptions and Dependencies
IT Security Objectives
Non-IT Security Objectives
Security Functional Requirements
Security Function Policy
Evaluation Conduct
General Points
9
9
9
9
9
9
9
10
10
10
10
11
11
12
13
13
14
15
5
5.1
5.2
5.3
5.4
5.5
5.6
5.7
Evaluation Findings
Introduction
Delivery
Installation and Guidance Documenta tion
Misuse
Vulnerability Analysis
Developer’s Tests
Evaluators’ Tests
16
16
17
17
17
17
17
17
6
6.1
6.2
Evaluation Outcome
Certifica tion Result
Recommendations
18
18
18
Annex A: Evaluated Configuration
TOE Identification
TOE Documenta tion
TOE Configuration
Environmental Configuration
SERTIT-030 CR Issue 1.0
15 March 2012
19
19
19
21
22
Page 3 of 22
ZTE Softswitch and Media Gateway
Communication System Version 1.0
Page 4 of 22
EAL 2+
SERTIT-030 CR Issue 1.0
15 March 2012
ZTE Softswitch and Media Gateway
Communication System Version 1.0
2
EAL 2+
Abbreviations
BOSS
Business Operation Support System
BSVR
Billing Server
CC
Common Criteria for Information Technology Security Evaluat ion
(ISO/IEC 15408)
CCRA
Arrangement on the Recognition of Common Criteria Cert ificates in the
Field of Information Technology Securit y
CDMA
Code Division Multiple Access
CEM
Common Methodology for Information Technology Securit y Evaluation
EAL
Evaluation Assurance Level
EMS
Network Element Mana gement System
EOR
Evaluation Observation Report
ETR
Evaluation Technica l Report
EVIT
Evaluation Facility under the Norwegian Certification Scheme for IT
Security
GSM
Global System of Mobile Communication
GUI
Graphics User Interface
I&A
Identification and Aut hentication
IMS
IP Mult imedia System
ISDN
Integrated Service Digital Network
L3 sw itch
|Layer 3 switch
LIG
Lawful interception ga teway
LIC
Lawful interception center
MML
Man Manual Language
MSG-9000
ZXMSG 9000 Media Gateway
NE
Network elements in t he core network
NMSI
Network mana gement service interfa ce
OMM
Operational Maintenanc e Module
POC
Point of Contact
PSTN
Public Swit ching Telecommunication Network
SERTIT
Norwegian Certification Authority for IT Security
SN
Signa lling Network
Page 6 of 22
SERTIT-030 CR Issue 1.0
15 March 2012
ZTE Softswitch and Media Gateway
Communication System Version 1.0
SS7
Signa lling System No 7
SSH
Secure Shell
SFTP
Secure FTP
SPM
Security Policy Model
ST
Security Target
TOE
Target of Evaluation
TSF
TOE Security Functions
TSP
TOE Security Policy
UMTS
Universal Mobile Telecommunications System
UDS
Universal Direct ory Server
VLAN
Virtual Loca l Area Net work
QP
Qualified Participant
SERTIT-030 CR Issue 1.0
15 March 2012
EAL 2+
Page 7 of 22
ZTE Softswitch and Media Gateway
Communication System Version 1.0
3
EAL 2+
References
[1]
ZXSS10 SS1B and MSG -9000 Communication System Security Target v 1.0,
v 08, 01 November2011 .
[2]
Common Criteria Part 1, CCMB -2009-07-001, Version 3.1 R3, July 2009 .
[3]
Common Criteria Part 2, CCMB -2009-07-002, Version 3.1 R3, July 2009 .
[4]
Common Criteria Part 3, CCMB -2009-07-003, Version 3.1 R3, July 2009 .
[5]
The Norwegian Cert ification Scheme, SD001E, Version 8.0, 20 August 2010 .
[6]
Common Methodology for Information Technology Securit y Evaluation,
Evaluation Methodology, CCMB -2009 -07-004, Version 3.1 R3, July 200 9.
[7]
Evaluation Technica l Report Common Criteria EAL2+ Evaluation of ZTE
Softswitch and Media Gateway Communication System, v 1.0, 12 Ja nuary
2012.
[8]
ZTE ZX SS10 SS1b&MSG 9000Common Criteria Security Evaluat ion –
Certified Configuration
[9]
ZXSS10 SS1b (V2.0.1.07) Doc umentation Guide
[10]
ZXSS10 SS1b (V2.0.1.07) Hardware Insta llation Guide
[11]
ZXSS10 SS1b (V2.0.1.07) Software Installation Guide Foreground Board
[12]
ZXSS10 SS1b (V2.0.1.07) Software Installation Guide PC Server
[13]
ZXSS10 SS1b (V2.0.1.07) Software Installation Guide SUN Server
Page 8 of 22
SERTIT-030 CR Issue 1.0
15 March 2012
ZTE Softswitch and Media Gateway
Communication System Version 1.0
4
Executive Summary
4.1
Introduction
EAL 2+
This Cert ification Report states the outcome of the Common Criteria securit y
evaluation of ZTE Softswitch and Media Gateway Communication System version 1.0
to the Sponsor, ZTE Corporation , and is intended to assist prospect ive consumers
when judging the suita bility of the IT security of the product for their particular
requirements.
Prospective consumers are advised to rea d this report in conjunct ion with the
Security Target [1] which specifies the functional, environmental and assurance
evaluation requirement s.
4.2
Evaluated Product
The version of the product evaluated was ZTE Softswitch and Media Gateway
Communication System and version 1.0.
This product is a lso described in this report a s the Target of Evaluation ( TOE). The
developer was ZTE Corporation .
The TOE is ZTE softswit ch and media gateway communication system V1.0. The TOE
consists of a softswitch (SS1b), a media gateway (MSG -9000) between the SS1b and
the PSTN network, an element management system (EMS), and a net work mana gement
service interface (NMSI).
Details of the evaluated configuration, including the TOE’s supporting guidance
documentation, are given in Annex A.
4.3
TOE scope
The TOE scope is described in the ST[1], chapt er 1.3
4.4
Protection Profile Conformance
The Security Target [1] did not claim conforma nce to any protection profile.
4.5
Assurance Level
The assurance incorporated predefined evalua tion assurance level EAL2, augmented
by ALC_FLR.2. Common Criteria Part 3 [4] describes the scale of assurance given by
predefined assurance levels EAL1 to EAL7. An overview of CC is given in CC Part 1 [2].
4.6
Security Policy
The TOE security policies are described in the ST [1], chapter 3.1
SERTIT-030 CR Issue 1.0
15 March 2012
Page 9 of 22
ZTE Softswitch and Media Gateway
Communication System Version 1.0
4.7
EAL 2+
Security Claims
The Security Target [1] fully specifies the TOE’s security objectives, t he threats which
these objectives meet and security functional requirements and security functions to
elaborate the objectives. Most of the SFR’s are taken from CC Part 2 [3]; use of this
standard facilitates comparison with other evaluated products.
The Security Target int roduces one extended component: FAU_GEN.3 Simplified audit
data generation. This component is a simplified version of FAU_GEN.1 and is
therefore a suitable member of the F AU_GEN family. It was added t o remove the need
to log start and st op of auditing and t o simplify the requirement.
4.8 Threats Countered

T.UNAUTHO RISED
TA.ROGUE_USER performs actions on the TOE that he is not authorized to do.

T.AUTHORISED
TA.ROGUE_USER performs actions on the TOE that he is authorized t o do, but
these are undesirable and it cannot be shown that this user was responsible.

T.UNKNOWN_ USER
TA.NE TWORK gains una uthorized a ccess to the TOE and is a ble to perform
actions on the TOE.

T. NETWORK
TA.NE TWORK is able to:



Modify/read network traffic originating from / destined for the TOE or
Modify/read network traffic between TOE subsystems
Impersonate the TOE
and thereby perform management actions on other entit ies on the network or
gain unauthori zed knowledge about TOE traffic.

T.PHYSICAL_ATTACK
TA.PHYSICAL ga ins physical access t o the TOE and is a ble to perform actions
on the TOE.
4.9 Threats Countered by the TOE’s environment
There are no threats countered by the TOE’s environment.
4.10 Threats and Attacks not Countered
No threats or attacks t hat are not countered are described.
Page 10 of 22
SERTIT-030 CR Issue 1.0
15 March 2012
ZTE Softswitch and Media Gateway
Communication System Version 1.0
EAL 2+
4.11 Environmental Assumptions and Dependencies
It is assumed that the LIG, Billing Center, and BOSS are trusted, and will not be used
to attack the TOE. It is assumed that no att acks on the TOE will ema nate from the
PSTN, the Wireless Net work, or IP telecommunication network
4.12 IT Security Objectives

O. AUTHENTICATE_EMS
The TOE shall support EMS Client user authentication, allowing the TOE to
accept/reject EMS users based on username a nd password.

O. AUTHORISE_EMS
The TOE shall support at least two roles on t he EMS Client:


EMS administrator wit h all rights
EMS operator with limited rights
Rights include:

 the ability to perform various management related actions
 the ability to manage ( create, modify rights, delete) other EMS users
O.AUDITING_EMS
The TOE shall support logging and auditing of OMM user act ions.

O. AUTHENTICATE_BSV R
The TOE shall support billing server authentication, allowing t he TO E to
accept/reject billing server based o n username and password.

O.AUTHENTICATE_BOSS
The TOE shall support BOSS authent ication, a llowing the TOE to accept/reject
BOSS based on username and password.

O.SEPARATE_USE RS
The TOE shall:
prohibit EMS users from accessing billing and BOSS related data a nd
functionalit y
 prohibit BSV R users from accessing E MS and BOSS related data and
functionalit y
 prohibit BOSS users from accessing E MS and billing related data and
functionalit y
O.PROTECT_COMMUNICATION


The TOE shall:

protect communication between the TOE a nd the BOSS a gainst
masquerading, disclosure and modification
SERTIT-030 CR Issue 1.0
15 March 2012
Page 11 of 22
ZTE Softswitch and Media Gateway
Communication System Version 1.0





EAL 2+
protect communication between the TOE and the Billing Center aga inst
masquerading, disclosure and modification
protect communication between the Clients a nd Servers of EMS a gainst
disclosure and modification
protect communication between the SS1b and the NMSI against
masquerading, disclosure and modification
protect communication between the SS1b and the EMS against
masquerading, disclosure and modification
protect communication between the EMS and the NTP a gainst
masquerading and modificat ion
4.13 Non-IT Security Objectives

OE.TIME
The NTP Server connected to the TOE sha ll supply the TOE with relia ble time.

OE.TRUST& TRAIN_USE RS
The customer shall ensure that EMS roles are only a ssigned t o users that are
sufficient ly trustworthy and sufficiently trained to fulfill those roles.

OE.CLIENT_SECURITY
The customer shall ensure that workstations t hat host one of the Clients are
protected from physica l and logical attacks that would a llow attackers to
subsequently:
Disclose passwords or other sensitive informa tion
Hijack the client
Execute man-in-t he-middle attacks between client and EMS or similar
attacks.
OE.PROTECTED_LINE_LIC




The customer and the law enforcement authority shall ensure that the
connection between the TOE and LIG and LIC is protected a gainst
masquerading, disclosure and modification.

OE.PROTECT_COMMUNICATION
The customer shall provide secure connection to

 protect communication between MSG -9000 and EMS
 protect communication between MS G-9000 and SS1b
OE.VLAN
The customer shall provide the following net works:

 IP management network
 BOSS network
OE.SERVER_SECU RITY
Page 12 of 22
SERTIT-030 CR Issue 1.0
15 March 2012
ZTE Softswitch and Media Gateway
Communication System Version 1.0
EAL 2+
The customer shall ensure that the TOE shall be protected from physical
attacks.

OE.TRUSTED_SYSTEMS
The customer shall ensure that the Billing Center, LIG, LIC, and BOSS are
trusted, and will not be used to attack the TO E. The operator shall a lso ensure
that all end -user level VoIP traffic emanate from the IP telecommunication
network are trusted.
4.14 Security Functional Requirements
























FIA_UID.2.EMS User identification before any action
FIA_UID.2.BO S User identificat ion before any action
FIA_UID.2.BIL User identificat ion before any action
FIA_UAU.2.EMS User authentication before a ny action
FIA_UAU.2.BO S User authentication before any a ction
FIA_UAU.2.BIL User aut hentication before any action
FTA_SSL.3 TSF -initiated terminat ion
FIA_AFL.1 Authent ication failure handling
FIA_SOS.1 Verification of secrets
FTA_MCS.1 Basic limit ation on mult iple concurrent sessions
FMT_SMR.1 Security rol es
FDP_ACC.2 Complete a ccess control
FDP_ACF.1 Security att ribute based access control
FAU_GEN.3.EMS Simplified audit data generation
FAU_SAR.1 Audit review
FAU_STG.1 Protected a udit trail storage
FAU_STG.4 Prevention of audit data loss
FDP_ITT.1.EMS Basic internal transfer protection
FDP_ITT.1.SS Basic internal transfer protection
FDP_ITT.1.NMSI Basic internal transfer protection
FTP_ITC.1.BOS Inter -TSF trusted channel
FTP_ITC.1.BIL Inter -TSF trusted channel
FTP_ITC.1.NTP Inter -TSF trusted channel
FMT_SMF.1 Specification of Management Functions
4.15 Security Function Policy
The TOE has the following general functionalities:
Softswitch SS1b:
Telecommunications functiona lities:


Interact with PSTN, Wireless Network, and Telecommunication IP net work
to perform the management and control funct ions of the
telecommunication net work
Interact with the Billing Center t o charge for these funct ionalities
SERTIT-030 CR Issue 1.0
15 March 2012
Page 13 of 22
ZTE Softswitch and Media Gateway
Communication System Version 1.0
EAL 2+
Management functionalities:


Interact with EMS to be managed and configured (except for lawful
interception)
Interact with the BOSS to allow the BOSS User to manage the user profile.
Media gateway MSG -9000:






Telecommunication functionalities:
Connects the PSTN to t he IP core network through trunk lines, and
performs voice/fax conversion on the PSTN/ISDN side a s well as on t he IP
network side
Interconnect signaling between SS7 and packet switched network
Connects the analog Z interface, ISDN users, V5.2 users and DSL users to
the IP network.
Management functionalities:
Interact with EMS to be managed and configu red (except for lawful
interception)
EMS system:


EMS server (EMS): manage SS1b and media gateway
EMS client: a GUI for user to use EMS server

Interface between BOSS to the SS1b.
NMSI:
4.16 Evaluation Conduct
The eva luation was carried out in accordance with the requirements of the
Norwegian Certification Scheme for IT Security as described in SERTIT Document
SD001[5]. The Scheme is managed by the Norwegian Certification Au thorit y for IT
Security (SERTIT). As st ated on page 2 of this Certification Report, SERTIT is a
member of the Arrangement on the Recognition of Common Criteria Certificates in
the Field of Information Technology Securit y (CCRA), and the evalua tion was
cond ucted in accordance with the terms of this Arrangement.
The purpose of the eva luation wa s to provide assurance about the effectiveness of
the TOE in meet ing its Security Target [1], which prospective consumers are advised t o
read. To ensure that the Security Target [1] gave an approp riate baseline for a CC
evaluation, it was first itself evaluated. The TOE was then evaluated against this
baseline. Both parts of the evaluation were performed in accordance with CC Part
3[4] and the Common Evaluation Methodology (CEM) [6].
SERTIT monitored the evaluation which was carried out by the Brightsight B.V.
Commercial Evaluation Facility ( CLEF/EVIT). The evaluation was completed when the
EVIT submitted the final Evaluation Technical Report (ETR) [7] t o SE RTIT on 12 January
2012. SE RTIT then produced this Certification Report.
Page 14 of 22
SERTIT-030 CR Issue 1.0
15 March 2012
ZTE Softswitch and Media Gateway
Communication System Version 1.0
EAL 2+
4.17 General Points
The eva luation a ddressed the security funct ionality claimed in the Security Target [1]
with reference to the a ssumed operating environment specified by the Security
Target[1]. The eva luated configuration was that specified in Annex A. Prospect ive
consumers are advised to check that this matches their identified requirements and
give due consideration to the recomme ndations and caveats of this report.
Certification does not guarantee that the IT product is free from security
vulnera bilities. This Certification Report and the belonging Certifica te only reflect
the view of SE RTIT at t he time of cert ification. It is fur thermore the responsibility of
users (both exist ing and prospective) to check whether any security vulnera bilities
have been discovered since the date shown in this report. This Certification Report is
not an endorsement of the IT product by SERTIT or any other organization that
recognizes or gives effect to this Cert ification Report, and no warra nty of the IT
product by SE RTIT or any other organizat ion t hat recognizes or gives effect to this
Certification Report is either expressed or implied.
SERTIT-030 CR Issue 1.0
15 March 2012
Page 15 of 22
ZTE Softswitch and Media Gateway
Communication System Version 1.0
5
EAL 2+
Evaluation Findings
The eva luators examined the following assurance classes and components taken from
CC Part 3. These classes comprise the EAL 2 a ssurance package augmented with
ALC_FLR.2
Assurance class
Development
Guidance documents
Life -cycle support
Security Target
evaluation
Tests
Vulnerabilit y assessment
5.1
Assurance components
ADV_ARC.1
Security architecture description
ADV_FSP.2
Security -enforcing functional specification
ADV_TDS. 1
Basic design
AGD_OPE.1
Operational user guida nce
AGD_PRE.1
Preparative procedures
ALC_CMC.2
Use of a CM system
ALC_CMS.2
Parts of the TOE CM coverage
ALC_DEL.1
Delivery procedures
ALC_FLR.2
Flaw reporting procedures
ASE_CCL.1
Conformance cla ims
ASE_ECD.1
Extended components definition
ASE_INT.1
ST introduct ion
ASE_OBJ.2
Security objectives
ASE_REQ.2
Derived security requirements
ASE_SPD.1
Security problem definition
ASE_TSS.1
TOE summary specifica tion
ATE_COV.1
Evidence of coverage
ATE_FUN.1
Functional test ing
ATE_IND.2
Independent testing – sample
AVA_VAN.2
Vulnerability analysis
Introduction
The eva luation a ddressed the requirements specified in the Securit y Target [1]. The
results of this work were reported in the ETR [7] under the CC Part 3 [4] headings. The
following sections not e considerations that a re of part icular relevance to either
consumers or those involved with subsequent assurance ma intenance and re evaluation of the TOE .
Page 16 of 22
SERTIT-030 CR Issue 1.0
15 March 2012
ZTE Softswitch and Media Gateway
Communication System Version 1.0
5.2
EAL 2+
Delivery
On receipt of the TOE, the consumer is recommended t o check that t he evaluated
version has been supplied, and to check that the security of the TOE has not been
compromised in delivery.
5.3
Installation and Guidance Documentation
Installation of the TOE must be performed completely in accordance with the
guidance in the Operat ional User Guidance [8][9] documents provided by the
developer.
These documents are a collection of all security relevant operations and settings that
must be observed t o ensure that the TOE operates in a secure manner
5.4
Misuse
There is always a risk of intentional and unint entional misconfigurations that could
possibly compromise confidential information. Developers should follow the guidance
for the TOE in order to ensure that the TOE operates in a secure manner.
The guidance documents adequately d escribe the mode of operation of the TOE, all
assumptions a bout the intended environment and all requirements for external
securit y. Sufficient guidance is provided for t he consumer t o effect ively use the TOE’s
securit y functions.
5.5
Vulnerability Analysis
The Evaluators’ vulnera bility analysis was based on both public domain sources and
the visibilit y of the TO E given by the evaluation process.
The eva luators assessed which potential vulnerabilities were alrea dy tested by the
developer and assessed the result s except those tests from [ATE IND AVA] .
The rema ining potentia l vulnerabilit ies were tested by Brightsight on the final
version of the TOE at the premises of ZTE, Na njing, China through remote terminal
client s.
5.6
Developer’s Tests
The developer test effort is considered already fairly complete. Any major missing
tests haves been added to the developer test set. And the developer integrated test s
for similar functionalit y into bigger test case. Nevertheless the eva luator has
modified 9 additional t ests for t he E MS, NMSI, BSVR and SS1b service part
subsystems as the evaluator’s independent tests.
5.7
Evaluators’ Tests
For independent test ing, the evaluator has repeated 5 and modified 10 out of the 33
developer's tests (15 evaluator’s ATE_IND.2 t ests in tota l). For ea ch of the TSFI
SERTIT-030 CR Issue 1.0
15 March 2012
Page 17 of 22
ZTE Softswitch and Media Gateway
Communication System Version 1.0
EAL 2+
available at least one t est is performed. Brightsight performed these tests based on
the final version of the TOE at the premises of ZTE, Nanjing, China through remote
terminal clients in October and November 2011.
6
Evaluation Outcome
6.1
Certification Result
After due consideration of the ETR [7], produced by the E valuators, and the conduct
of the evaluation, as witnessed by the Cert ifier, SERTIT has determined that ZTE
Softswitch and Media Gateway Communication System version 1.0 meet the Common
Criteria Part 3 conformant requirements of Evaluation Assurance Level EAL2
augmented with ALC_FLR.2 for the specified Common Criteria Part 2 extended
functionalit y, in t he specified environment, when running on platforms specified in
Annex A.
6.2
Recommendations
Prospective consumers of ZTE Softswit ch and Me dia Gateway Communication System
version 1.0 should understand the specific scope of the cert ification by rea ding this
report in conjunction with the Securit y Target [1]. The TOE should be used in
accordance with a number of environmental considerations as specified in the
Security Target.
Only the evaluated TOE configurat ion should be installed. This is speci fied in Annex A
with further relevant information given above under Section 4.3 “TOE Scope” and
Section 5 “Evaluation Findings”.
The TOE should be used in accordance with the supporting guidance documentation
included in the evaluat ed configuration.
Page 18 of 22
SERTIT-030 CR Issue 1.0
15 March 2012
ZTE Softswitch and Media Gateway
Communication System Version 1.0
EAL 2+
Annex A: Evaluated Configuration
TOE Identification
There is no special hardware requirement . Since the TOE already includes the
hardware components. The configuration of the hardware are listed below:
TYPE
NAME AND VERSION
Hardware
ESPC (for SS1b service part)
GPDU1 PCBA (DB server)
GPDU1 PCBA (for BSVR)
Central Control Unit1 & Service Resource Unit2 (for MSG-9000)
GPDU1 PCBA (for EMS Server)
GPDU1 PCBA (for NMSI)
SS1b service part (ZXSS10 SS1b v2.0.1.07)
DB server (ZXSS10 SS1b v2.0.1.07)
BSVR (ZXSS10 SS1b v2.0.1.07)
MSG-9000 (ZXMSG9000 v1.0.05)
EMS server/client (NetNumen U31 R30 V12.11.40)
(Note: The EMS client has to be installed on Windows 7 or abovOS.)
NMSI (NMSI 2.2.4)
SOFTWARE
TOE Documentation
The supporting guidance documents evaluated were:
Certified Configuration
- ZTE ZXSS10 SS1b&MSG 9000Common Criteria Security Eva luation – Certified
Configuration
Standard
- ZXSS10
- ZXSS10
- ZXSS10
- ZXSS10
guidance
SS1b (V2.0.1.07)
SS1b (V2.0.1.07)
SS1b (V2.0.1.07)
SS1b (V2.0.1.07)
Documentation Guide
System Descript ion
Product Description
Hardware Description
Installation and ma int enance
- ZXSS10 SS1b (V2.0.1.07) Hardware Installation Guide
- ZXSS10 SS1b (V2.0.1.07) Software Installation Guide Foreground Board
- ZXSS10 SS1b (V2.0.1.07) Software Installation Guide PC Server
- ZXSS10 SS1b (V2.0.1.07) Software Installation Guide SUN Server
Data configuration
- ZXSS10 SS1b (V2.0.1.07)
- ZXSS10 SS1b (V2.0.1.07)
Interconnection
- ZXSS10 SS1b (V2.0.1.07)
- ZXSS10 SS1b (V2.0.1.07)
- ZXSS10 SS1b (V2.0.1.07 )
- ZXSS10 SS1b (V2.0.1.07)
- ZXSS10 SS1b (V2.0.1.07)
- ZXSS10 SS1b (V2.0.1.07)
Data Configuration Guide AG Interconnect ion
Data Configuration Guide Application Server
Data
Data
Data
Data
Data
Data
Configuration
Configuration
Configuration
Configuration
Configuration
Configuration
1
2 x MOMP,2 x MCMP,2 x MSIPI,2 x MUIMC,2 x CLKG
2
1 x MRB,1 x MTDB,2 x MIPI,1 x MVTCA,2 x MUIMT,1 x MSPB
SERTIT-030 CR Issue 1.0
15 March 2012
Guide
Guide
Guide
Guide
Guide
Guide
Digit Analysis
DIGITMAP
Disaster Recovery
Global Configuration
H323 GK Interconnection
H323 Terminal Interconnection
Page 19 of 22
ZTE Softswitch and Media Gateway
Communication System Version 1.0
- ZXSS10 SS1b
- ZXSS10 SS1b
- ZXSS10 SS1b
- ZXSS10 SS1b
- ZXSS10 SS1b
- ZXSS10 SS1b
- ZXSS10 SS1b
- ZXSS10 SS1b
- ZXSS10 SS1b
- ZXSS10 SS1b
- ZXSS10 SS1b
- ZXSS10 SS1b
- ZXSS10 SS1b
- ZXSS10 SS1b
- ZXSS10 SS1b
- ZXSS10 SS1b
- ZXSS10 SS1b
- ZXSS10 SS1b
- ZXSS10 SS1b
- ZXSS10 SS1b
- ZXSS10 SS1b
- ZXSS10 SS1b
- ZXSS10 SS1b
- ZXSS10 SS1b
- ZXSS10 SS1b
Restriction
- ZXSS10 SS1b
- ZXSS10 SS1b
- ZXSS10 SS1b
- ZXSS10 SS1b
- ZXSS10 SS1b
- ZXSS10 SS1b
- ZXSS10 SS1b
Alarm
- ZXSS10
- ZXSS10
Volume
- ZXSS10
- ZXSS10
- ZXSS10
- ZXSS10
- ZXSS10
EAL 2+
(V2.0.1.07)
(V2.0.1.07)
(V2.0.1.07)
(V2.0.1.07)
(V2.0.1.07)
(V2.0.1.07)
(V2.0.1.07)
(V2.0.1.07)
(V2.0.1.07)
(V2.0.1.07)
(V2.0.1.07)
(V2.0.1.07)
(V2.0.1.07)
(V2.0.1.07)
(V2.0.1.07)
(V2.0.1.07)
(V2.0.1.07)
(V2.0.1.07)
(V2.0.1.07)
(V2.0.1.07)
(V2.0.1.07)
(V2.0.1.07)
(V2. 0.1.07)
(V2.0.1.07)
(V2.0.1.07)
Data Configuration Guide IAD Interconnection
Data Configuration Guide MGCF Feature
Data Configuration Guide MSG9000 Interconnection
Dat a Configuration Guide Other SS Interconnection
Data Configuration Guide PRA and BRA Subscriber
Data Configuration Guide PRA Trunk
Data Configuration Guide Route
Data Configuration Guide SCP Interconnection
Data Configuration Guide SG Interconnect ion
Data Configuration Guide SHLR Interconnection
Data Configuration Guide SIP Te rminal Int erconnection
Data Configuration Guide SSF Feature
Data Configuration Guide Subscriber Allocation
Data Configuration Guide TG Interconnect ion
D ata Configuration Guide Trunk
Data Configuration Guide V5 Interconnect ion
Global Variable Reference
Northbound Interfa ce Reference ( Toll_Office_Format)
Operation Guide Data Backup and Rest oration
Operation Guide File Management and Dat a Query
Operation Guide Signaling Tracing
Operation Guide System Maintenance
Operation Guide Traffic Control
Operation Guide Traffic Statistics
Service Provisioning Guide Authenticationand Call
(V2.0.1.07)
(V2.0.1.07)
(V2.0.1.07)
(V2.0.1.07)
(V2.0.1.07)
(V2.0.1.07)
(V2.0.1.07)
Service Provisioning Guide CENTREX
Service Provisioning Guide Mult i -Line Selected Group
Service Provisioning Guide Supplementary Service I
Service Provisioning Guide Supplementary Service II
Ti mer Reference
Traffic Statistics E ntity Reference Volume I
Traffic Statistics E ntity Reference Volume II
SS1b (V2.0.1.07) Alarm and Not ification Message Reference Alarm Volume
SS1b (V2.0.1.07) Alarm and Not ification Message Reference Notification
SS1b
SS1b
SS1b
SS1b
SS1b
(V2.0.1.07)
(V2.0.1.07)
(V2.0.1.07)
(V2.0.1. 07)
(V2.0.1.07)
Failure Code Reference I
Failure Code Reference II
Failure Code Reference III
Rout ine Maintenance
Troubleshooting Guide
BSVR
- ZXSS10 SS1b (V2.0.1.07) Charging Server User Manual
BOSS
- ZXSS10 SS1b (V2.0.1.07) Softswitch Control Equipment BOSS Command Reference
- ZXSS10 SS1b (V2.0.1.07) Softswitch Con trol Equipment BOSS Command Reference
(Supplementary)
MSG-9000 Guidance
- ZXMSG 9000(V1.0.05.R03)_Guide to Documentation_EN
- ZXMSG 9000(V1.0.05.R03)_Hardware Description ---9000 Volume_E N
- ZXMSG 9000(V1.0.05.R03)_Hardware Installation ---9000 Volume_EN
- ZXMSG 9000(V1.0.05.R03)_Software Insta lla tion ---9000 Volume_E N
- ZXMSG 9000(V1.0.05.R03)_Operation_Guide ---9000_Volume_I_EN
- ZXMSG 9000(V1.0.05.R03)_Operation_Guide ---9000_Volume_II_EN
Page 20 of 22
SERTIT-030 CR Issue 1.0
15 March 2012
ZTE Softswitch and Media Gateway
Communication System Version 1.0
EAL 2+
- ZXMSG 9000(V1.0.05.R03)_Operation_Guide ---9000_Volume_II_EN_1
- ZXMSG 9000(V1.0.05.R03)_Operation_Guide ---9000_Volume_III_EN
NetNumen U31 R30 Guidance
- NetNumen U31 R30 (V12.11.40)
Management Volume)
- NetNumen U31 R30 (V12.11.40)
- NetNumen U31 R30 (V12.11.40)
Manual
- NetNumen U31 R30 (V12.11.40)
- NetNumen U31 R30 (V12.11.40)
SS1b General Operation Guide(Security
SS1b General Operation Guide
SS1b Network Element Management Command
SS1b Product Description
SS1b Routine Maintenance Guide
NMSI Guidance
- NetNumen U31 R30 Accouting IMP Commissioning Guide
Further discussion of t he supporting guidance material is given in Section 5.3
“Installation and Guida nce Documentation”.
TOE Configuration
The following configuration was used for test ing:
ITEM
IDENTIFIER
VERSION
HARDWARE
ESPC (for SS1b service part)
GPDU1 PCBA (DB server)
GPDU1 PCBA (for BSVR)
Central Control Unit & Service Resource Unit (for MSG-9000)
GPDU1 PCBA (for EMS Server)
GPDU1 PCBA (for NMSI)
ESPC
GPDU1 PCBA
GPDU1 PCBA
Minor Versions3 4
GPDU1 PCBA
GPDU1 PCBA
SOFTWARE
SS1b service part (ZXSS10 SS1b v2.0.1.07)
DB server (ZXSS10 SS1b v2.0.1.07)
BSVR (ZXSS10 SS1b v2.0.1.07)
MSG-9000 (ZXMSG9000 v1.0.05)
EMS server/client (NetNumen U31 R30 V12.11.40)
NMSI (NMSI 2.2.4)
ZXSS10 SS1b v2.0.1.07
ZXSS10 SS1b v2.0.1.07
ZXSS10 SS1b v2.0.1.07
ZXMSG9000 v1.0.05
NetNumen U31 R30 V12.11.40
NMSI 2.2.4
MANUAL
ZTE ZXSS10 SS1b&MSG 9000 Common Criteria Security
Evaluation – Certified Configuration
R1.0
DEVELOPMENT
EVIDANCE
-
V0.8
-
Security Target ZTE Softswitch and Media Gateway
Communication System V1.0
ZTE Softswitch and Media Gateway Communication System
FSP-TDS
ZTE Softswitch and Media Gateway Communication System
Security Architecture / Guidance
ALC_DEL.1, ALC_CMC.2, ALC_CMS.2, ALC_FLR.2
documentation for ZTE Softswitch and Media Gateway
Communication System
Testplan for ZTE softswitch and media gateway
communication system
3
2 x MOMP,2 x MCMP,2 x MSIPI,2 x MUIMC,2 x CLKG
4
1 x MRB,1 x MTDB,2 x MIPI,1 x MVTCA,2 x MUIMT,1 x MSPB
SERTIT-030 CR Issue 1.0
15 March 2012
V0.3
V0.1
V0.1
V4.0
Page 21 of 22
ZTE Softswitch and Media Gateway
Communication System Version 1.0
EAL 2+
Environmental Configuration
The TOE was tested in the following test set -up
PC
EMS
client
BOSS
Emu lator
NTP
Billing
Center
<External IP>
Brightsight
<IP 2>
Remote Desktop
<IP 1>
<IP 3:ports>
<IP 4:ports>
<IP 5:ports>
L3 switch
VLAN1 VLAN2 VLAN3
EMS
<IP 6>
Page 22 of 22
NMSI
SS1b
MSG
9000
<IP 7>
Only IP 6 can see IP
7, other IPs cannot
see IP 7
SERTIT-030 CR Issue 1.0
15 March 2012
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement