Certification Report: 20131205_CR

Certification Report: 20131205_CR
Sertifiseringsmyndigheten for IT-sikkerhet Norwegian Certification Authority for IT Security
SERTIT-055 CR Certification Report
Issue 1.0 05 December 2013
A10 Networks Thunder 5430S and 6430S Applications Delivery
Controllers
CERTIFICATION REPORT - SERTIT STANDARD REPORT TEMPLATE SD 009 VERSION 2.1 11.11.2011
SERTIT, P.O. Box 14, N-1306 Bærum postterminal, NORWAY
Phone: +47 67 86 40 00 Fax: +47 67 86 40 09 E-mail: [email protected] Internet: www.sertit.no
A10 Networks Thunder Applications
Delivery Controllers
EAL 2 augmented with ALC_FLR.1
ARRANGEMENT ON THE RECOGNITION OF COMMON CRITERIA CERTIFICATES IN
THE FIELD OF INFORMATION TECHNOLOGY SECURITY
SERTIT, the Norwegian Certification Authority for IT Security, is a member of the
above Arrangement and as such this confirms that the Common Criteria certificate
has been issued by or under the authority of a Party to this Arrangement and is the
Party’s claim that the certificate has been issued in accordance with the terms of
this Arrangement
The judgements contained in the certificate and Certification Report are those of
SERTIT which issued it and the evaluation facility (EVIT) which carried out the
evaluation. There is no implication of acceptance by other Members of the
Agreement Group of liability in respect of those judgements or for loss sustained as
a result of reliance placed upon those judgements by a third party.
Page 2 of 19
SERTIT-055 CR Issue 1.0
05 December 2013
A10 Networks Thunder Applications
Delivery Controllers
EAL 2 augmented with ALC_FLR.1
Contents
1 Certification Statement
4 2 Abbreviations
5 3 References
6 4 4.1 4.2 4.3 4.4 4.5 4.6 4.7 4.8 4.9 4.10 4.11 4.12 4.13 4.14 4.15 Executive Summary
Introduction
Evaluated Product
TOE scope
Protection Profile Conformance
Assurance Level
Security Policy
Security Claims
Threats Countered
Threats and Attacks not Countered
Environmental Assumptions and Dependencies
IT Security Objectives
Non-IT Security Objectives
Security Functional Requirements
Evaluation Conduct
General Points
7 7 7 7 7 7 8 8 8 8 9 9 9 10 11 11 5 5.1 5.2 5.3 5.4 5.5 5.6 5.7 Evaluation Findings
Introduction
Delivery
Installation and Guidance Documentation
Misuse
Vulnerability Analysis
Developer’s Tests
Evaluators’ Tests
13 13 13 13 13 14 14 14 6 6.1 6.2 Evaluation Outcome
Certification Result
Recommendations
15 15 15 Annex A: Evaluated Configuration
TOE Identification
TOE Documentation
TOE Configuration
Environmental Configuration
SERTIT-055 CR Issue 1.0
05 December 2013
16 16 16 17 19 Page 3 of 19
410 Networks Thunder
Applications
Pell,yilt,9llli?llql? : :.
1
:. ::
: :: ::
EAL
.::,:
i.
:,
2 augmented with
i :, :.,
, : ,:
ALC_FLR,1
, :::
::
Certification Statement
410 Networks'Thunder is an application delivery controller designed to help
enterprises and lSPs with application availability through a Web Application Delivery
Platform. The T0E is a hardware device. The hardware and firmware components of
the module are enclosed in a metal e nclosure which is the physical boundary of the
T0E. The T0E are devices with the same security functionality, but with different
performa nce parameters.
410 Networks Thunder Applications Delivery Controllers versions 5430S and 6430S
with firmware version R2.7.1-P2 have been evaluated under the terms of the
Norwegian Certification Scheme for lT Security and have met the Common Crite ria
Part 3 (lS0/lEC 15408) conformant requirements of Evaluation Assurance Level EAL 2
augmented with ALC_FLR.1for the specified Common Criteria Part 2 (lS0/lEC 15408)
extended functionality (see Security Target chapter 5) when running on the platforms
specified in Annex A.
Autho'
HøYe
il.l';li'e
Ouality Assurance
Lars
/fu^- t{
Borgot
,,
,4
''{ttt"
/'''/'
Ouality Assurance
Approved
iKjell w' Bergan
HeadorsERTT
Date a pproved
Page4of19
:
05 December
20
1
Pn#,-/
&ry*
\. . t a tar Ro ^-,
5"O"
3
"
\
SERTIT-055 CR lssue 1.0
05 December 2013
A10 Networks Thunder Applications
Delivery Controllers
2
EAL 2 augmented with ALC_FLR.1
Abbreviations
CC
Common Criteria for Information Technology Security Evaluation
(ISO/IEC 15408)
CCRA
Arrangement on the Recognition of Common Criteria Certificates in the
Field of Information Technology Security
CEM
Common Methodology for Information Technology Security Evaluation
CMVP
Cryptographic Module Validation Program
EAL
Evaluation Assurance Level
EOR
Evaluation Observation Report
ETR
Evaluation Technical Report
EVIT
Evaluation Facility under the Norwegian Certification Scheme for IT
Security
FIPS
Federal Information Processing Standard
HMAC
Hash-based message authentication code
HTTPS
Hypertext Transfer Protocol Secure
ISP
Internet Service Provider
SERTIT
Norwegian Certification Authority for IT Security
SFP
Security Function Policy
SSH
Secure Shell
SSL
Secure Sockets Layer
ST
Security Target
TOE
Target of Evaluation
TSF/TSFI
TOE Security Function/TOE Security Function Interface
SERTIT-055 CR Issue 1.0
05 December 2013
Page 5 of 19
A10 Networks Thunder Applications
Delivery Controllers
3
EAL 2 augmented with ALC_FLR.1
References
[1]
Security Target for A10 Networks Thunder 5430S and 6430S Applications
Delivery Controllers, v.1.1, 2013-10-21.
[2]
Common Criteria Part 1, CCMB-2012-09-001, Version 3.1 R4, September
2012.
[3]
Common Criteria Part 2, CCMB-2012-09-002, Version 3.1 R4, September
2012.
[4]
Common Criteria Part 3, CCMB-2012-09-003, Version 3.1 R4, September
2012.
[5]
The Norwegian Certification Scheme, SD001E, Version 8.0, 20 August 2010.
[6]
Common Methodology for Information Technology Security Evaluation,
Evaluation Methodology, CCMB-2012-09-004, Version 3.1 R4, September
2012.
[7]
ETR for the evaluation project SERTIT-055 Common Criteria EAL2
Augmented with ALC_FLR.1 Evaluation of Thunder 5430S and 6430S
Application Delivery Controllers, version 1.1, 01.12.2013.
(For references to guidance documents, see Annex A.)
Page 6 of 19
SERTIT-055 CR Issue 1.0
05 December 2013
A10 Networks Thunder Applications
Delivery Controllers
4
Executive Summary
4.1
Introduction
EAL 2 augmented with ALC_FLR.1
This Certification Report states the outcome of the Common Criteria security
evaluation of A10 Networks Thunder Applications Delivery Controllers version 5430S
and 6430S to the developer A10 Networks, Inc., and is intended to assist prospective
consumers when judging the suitability of the IT security of the product for their
particular requirements.
Prospective consumers are advised to read this report in conjunction with the
Security Target[1] which specifies the functional, environmental and assurance
evaluation requirements.
4.2
Evaluated Product
The versions of the product evaluated were A10 Networks Thunder Applications
Delivery Controllers and versions 5430S and 6430S with firmware version R2.7.1-P2.
These products are also described in this report as the Target of Evaluation (TOE). The
developer was A10 Networks, Inc.
Details of the evaluated configuration, including the TOE’s supporting guidance
documentation, are given in Annex A.
4.3
TOE scope
The scope of the evaluation includes firmware and hardware that form the TOE and
the TOE security functions that are stated in the Section 7.1 if the Security Target[1]
For A10 Networks Thunder 5430S and 6430S Applications Delivery Controllers.
-
High Availability feature is outside of the scope of the evaluation.
-
The Data Plane of Thunder Application Delivery Controller shall not have open
ports that are serviced by Thunder Application Delivery Controller (such as ssh
management, etc.)
-
There is no IP routing between the Management Plane an d the Data Plane,
therefore Thunder Data plane users cannot access the management plane.
4.4
Protection Profile Conformance
The Security Target[1] did not claim conformance to any protection profile.
4.5
Assurance Level
The Security Target[1] specified the assurance requirements for the evaluation.
Predefined evaluation assurance level EAL 2 augmented with ALC_FLR.1 was used.
Common Criteria Part 3[4] describes the scale of assurance given by predefined
assurance levels EAL1 to EAL7. An overview of CC is given in CC Part 1[2].
SERTIT-055 CR Issue 1.0
05 December 2013
Page 7 of 19
A10 Networks Thunder Applications
Delivery Controllers
4.6
EAL 2 augmented with ALC_FLR.1
Security Policy
P.Cryptography: The TOE shall provide cryptographic functions for its own use,
including encryption/decryption operations.
P.Cryptography_Validated: Only FIPS 140-1/2 validated cryptography (methods and
implementations) are acceptable for key management (i.e., generation, access,
distribution, destruction, handling, and storage of keys) and cryptographic services
(i.e.; encryption, decryption, signature, hashing, key exchange, and random number
generation services).
P.Manage: The TOE shall only be managed by authorized users.
P.Access: All data collected and produced by the TOE shall only be used for
authorized purposes.
P.Integrity: Data collected and produced by the TOE shall be protected from
modification.
4.7
Security Claims
The Security Target[1] fully specifies the TOE’s security objectives, the threats, OSP’s
and assumptions which these objectives meet and security functional requirements
and security functions to elaborate the objectives. The SFR’s are taken from CC Part
2[3]; use of this standard facilitates comparison with other evaluated products. There
are however some functional components that are extended. The rationale for these
components can be found in the Security Target[1], chapter 5.
4.8 Threats Countered
TT.Masquerade: A hacker may masquerade as another entity in order to gain
unauthorized access to data or TOE resources.
TT.Tampering: A hacker may be able to bypass the TOE’s security mechanisms by
tampering with the TOE or TOE environment.
TT.Access_TOE: A user may gain unauthorized access to security data on the TOE due
to SLB failure.
TT.Access_Int: A user may gain unauthorized access to server resources on
protected/internal network.
TT.Mod_Conf: A hacker may modify the TOE configuration to gain unauthorized
access to server resources on protected/internal network.
4.9 Threats and Attacks not Countered
No threats or attacks that are not countered are described.
Page 8 of 19
SERTIT-055 CR Issue 1.0
05 December 2013
A10 Networks Thunder Applications
Delivery Controllers
EAL 2 augmented with ALC_FLR.1
4.10 Environmental Assumptions and Dependencies
A.Install: The TOE has been installed and configured according to the appropriate
installation guides, and all traffic between clients and servers flows through it.
A.Manage: There is one or more competent individual (administrator) assigned to
manage the TOE and the security of the information it contains.
A.No_Evil: The administrators of the TOE are non-hostile, appropriately trained, and
follow all guidance.
A.Locate: The processing resources of the TOE will be located within controlled
access facilities, which will prevent unauthorized physical access.
4.11 IT Security Objectives
O.Load_Balancing: The TOE must provide encrypted SSL connections for load balanced
servers with basic firewall protection.
O.Cryptography: The TOE shall provide cryptographic functions to maintain the
confidentiality and allow for detection of modification of user data that is
transmitted outside the TOE.
O.Cryptography_Validated: The TOE will use CMVP FIPS 140-1/2 compliant crypto
modules for cryptographic services implementing CMVP -approved security functions
and random number generation services used by cryptographic functions.
O.Protect: The TOE must ensure the integrity of audit and system data by protecting
itself from unauthorized modifications and access to its functions and data, and
preserve correct operations during specified failure events.
O.Admin: The TOE must include a set of functions that allow management of its
functions and data, ensuring that TOE administrators with the appropriate privileges
and only those TOE administrators, may exercise such control.
O.Authenticate: The TOE must be able to identify and authenticate administrators
prior to allowing access to TOE administrative functions and data.
O.Audit: The TOE must record the actions taken by administrators, prevent
unauthorized deletion of the audit records stored on the TOE, and provide the
authorized administrators with the ability to review the audit trail.
O.Time: The TOE must provide reliable timestamps for its own use.
O.Access_Int: The TOE must allow access to server resources on protected/internal
network only as defined by the Information Flow Control SFP.
O.Integrity: The TOE must ensure the integrity of all audit and system data.
4.12 Non-IT Security Objectives
OE.External: The TOE environment must ensure any authentication data in the
environment are protected and maintained.
SERTIT-055 CR Issue 1.0
05 December 2013
Page 9 of 19
A10 Networks Thunder Applications
Delivery Controllers
EAL 2 augmented with ALC_FLR.1
OE.Manage: Sites deploying the TOE will provide competent, non-hostile TOE
administrators who are appropriately trained and follow all administrator guidance.
TOE administrators will ensure the system is used securely. The reliability of the
TOE’s timestamps will be ensured via periodic manual checks by the TOE
administrator.
OE.Connect: The TOE environment must provide network connectivity to the TOE. The
network connection to the TOE must be reliable.
OE.Power: The TOE environment must provide the electricity necessary to the TOE to
function. The power to the TOE must be reliable and protected from surges and
disconnects.
OE.AC: The TOE environment must regulate the temperature of the facility where the
TOE is located so no damage is caused by heat or cold.
OE.Physical: The physical environment must be suitable for supporting a computing
device in a secure setting.
OE.Install: Those responsible for the TOE must ensure that the TOE is delivered,
installed, managed, and operated in a manner which is consistent with IT security.
OE.Person: Personnel working as authorized administrators shall be carefully selected
and trained for proper operation of the TOE.
4.13 Security Functional Requirements
The TOE provides security functions to satisfy the following Security Functional
Requirements (SFRs):




















FLB_SCO_EXP.1 Secure communication
FAU_GEN.1 Audit data generation
FAU_GEN.2 User identity association
FAU_SAR.1 Audit review
FAU_SAR.3 Selectable audit review
FAU_STG.1 Protected audit trail storage
FAU_STG.4 Prevention of audit data loss
FCS_BCM_EXP.1 Baseline cryptographic module
FCS_CKM.1 Cryptographic key generation
FCS_CKM.2 Cryptographic key distribution
FCS_CKM.4 Cryptographic key destruction
FCS_COP_EXP.1 Random Number Generation
FCS_COP_EXP.2 Cryptographic Operation
FDP_ACC.1a Subset access control – Administrator Access Control
FDP_ACC.1b Subset access control – SSL Access Control
FDP_ACF.1a Security attribute based access control - Administrator Access
Control
FDP_ACF.1b Security attribute based access control - SSL Access Control
FDP_IFC.1 Subset information flow control
FDP_IFF.1 Simple security attributes
FIA_ATD.1 User attribute definition
Page 10 of 19
SERTIT-055 CR Issue 1.0
05 December 2013
A10 Networks Thunder Applications
Delivery Controllers
















EAL 2 augmented with ALC_FLR.1
FIA_UAU.1a Timing of authentication - Administrator
FIA_UAU_EXP.1 Timing of authentication – User
FIA_UAU.5 Multiple authentication mechanisms
FIA_UID.1 Timing of identification
FMT_MOF.1 Management of security functions behaviour
FMT_MSA.1 Management of security attributes
FMT_MSA.2 Secure security attributes
FMT_MSA.3a Static attribute initialisation - Administrator Access Control SFP
FMT_MSA.3b Static attribute initialisation - SSL Access Control SFP
FMT_MSA.3c Static attribute initialisation – Information Flow Control SFP
FMT_SMF.1 Specification of Management Functions
FMT_SMR.1 Security roles
FPT_FLS.1 Fail secure
FPT_ITC.1 Inter-TSF confidentiality during transmission
FPT_ITT.1 Basic internal TSF data transfer protection
FPT_STM.1 Reliable time stamps
4.14 Evaluation Conduct
The evaluation was carried out in accordance with the requirements of the
Norwegian Certification Scheme for IT Security as described in SERTIT Document
SD001E[5]. The Scheme is managed by the Norwegian Certification Authority for IT
Security (SERTIT). As stated on page 2 of this Certification Report, SERTIT is a
member of the Arrangement on the Recognition of Common Criteria Certificates in
the Field of Information Technology Security (CCRA), and the evaluation was
conducted in accordance with the terms of this Arrangement.
The purpose of the evaluation was to provide assurance about the effectiveness of
the TOE in meeting its Security Target[1], which prospective consumers are advised to
read. To ensure that the Security Target[1] gave an appropriate baseline for a CC
evaluation, it was first itself evaluated. The TOE was then evaluated against this
baseline. Both parts of the evaluation were performed in accordance with CC Part
3[4] and the Common Evaluation Methodology (CEM)[6].
SERTIT monitored the evaluation which was carried out by Advanced Data Security
(EVIT). The evaluation was completed when the EVIT submitted the Evaluation
Technical Report (ETR)[7] to SERTIT 01 December 2013. SERTIT then produced this
Certification Report.
4.15 General Points
The evaluation addressed the security functionality claimed in the Security Target[1]
with reference to the assumed operating environment specified by the Security
Target[1]. The evaluated configuration was that specified in Annex A. Prospective
consumers are advised to check that this matches their identified requirements and
give due consideration to the recommendations and caveats of this report.
SERTIT-055 CR Issue 1.0
05 December 2013
Page 11 of 19
A10 Networks Thunder Applications
Delivery Controllers
EAL 2 augmented with ALC_FLR.1
Certification does not guarantee that the IT product is free from security
vulnerabilities. This Certification Report and the belonging Certificate only reflect
the view of SERTIT at the time of certification. It is furthermore the responsibility of
users (both existing and prospective) to check whether any security vulnerabilities
have been discovered since the date shown in this report. This Certification Report is
not an endorsement of the IT product by SERTIT or any other organization that
recognizes or gives effect to this Certification Report, and no warranty of the IT
product by SERTIT or any other organization that recognizes or gives effect to this
Certification Report is either expressed or implied.
Page 12 of 19
SERTIT-055 CR Issue 1.0
05 December 2013
A10 Networks Thunder Applications
Delivery Controllers
5
Evaluation Findings
5.1
Introduction
EAL 2 augmented with ALC_FLR.1
The evaluation addressed the requirements specified in the Security Target[1]. The
results of this work were reported in the ETR[7] under the CC Part 3[4] headings. The
following sections note considerations that are of particular relevance to either
consumers or those involved with subsequent assurance maintenance and reevaluation of the TOE.
5.2
Delivery
On receipt of the TOE, the consumer is recommended to check that the evaluated
version has been supplied, and to check that the security of the TOE has not been
compromised in delivery.
The developer ships products using shipping boxes with sealed tape.
A cryptographic signature is used to verify the integrity of the firmware upon receipt
(or first use) of the product. HMAC signature is used to satisfy the FIPS 140-2
requirement. Tamper proof seals are used to secure the product.
HTTPS cryptographic signatures are used to verify the integrity of the firmware upon
electronic transfer of firmware.
The access to the firmware downloads is controlled, and the corresponding
mechanism uses user name an d password. Users registered to Support Web Portal and
selected user id and password.
The firmware downloads are encrypted by an HTTPS session. Self-Signed Certificate is
used for software distribution
5.3
Installation and Guidance Documentation
Installation of the TOE must be performed completely in accordance with the all
documents that comprise the administrator guidance, user guidance and installation
guide provided by the developer.
These documents are a collection of all security relevant operations and settings that
must be observed to ensure that the TOE operates in a secure manner.
5.4
Misuse
There is always a risk of intentional and unintentional misconfigurations that could
possibly compromise confidential information. Users of the TOE should follow the
guidance for the TOE in order to ensure that it operates in a secure manner.
The guidance documents adequately describe the mode of operation of the TOE, all
assumptions about the intended environment and all requirements for external
security. Sufficient guidance is provided for the consumer to effectively use the TOE’s
security functions.
SERTIT-055 CR Issue 1.0
05 December 2013
Page 13 of 19
A10 Networks Thunder Applications
Delivery Controllers
5.5
EAL 2 augmented with ALC_FLR.1
Vulnerability Analysis
The Evaluators’ vulnerability analysis was based on both public domain sources and
the visibility of the TOE given by the evaluation process. The evaluators have
searched for potential vulnerabilities and penetration tests have been devised and
performed. The evaluators have not found any exploitable vulnerabilities or residual
vulnerabilities in the TOE.
5.6
Developer’s Tests
The evaluators have examined the developers test plan and determined that it
describes the scenarios for performing each test, including any ordering dependencies
on results of other tests. The test plan provides information about the test
configuration being used: both on the configuration of the TOE and on any test
equipment being used, as well as information about how to execute the tests.
5.7
Evaluators’ Tests
The evaluators have employed a combination of a random sampling method and a
method based on the intent to cover the TSFI, Security Functions, and subsystems to
the maximum extent possible. The testing covered the following:
1. The use of the access control lists.
2. Load balancing using network protocols.
3. Tests of system functions.
4. Testing of encrypted user traffic.
5. Testing of secure administrative sessions via SSH and HTTPS.
6. Testing of logging.
Page 14 of 19
SERTIT-055 CR Issue 1.0
05 December 2013
A10 Networks Thunder Applications
Delivery Controllers
6
Evaluation Outcome
6.1
Certification Result
EAL 2 augmented with ALC_FLR.1
After due consideration of the ETR[7], produced by the evaluators, and the conduct of
the evaluation, as witnessed by the certifier, SERTIT has determined that A10
Networks Thunder Applications Delivery Controllers versions 5430S and 6430S meets
the Common Criteria Part 3 conformant requirements Evaluation Assurance Level EAL
2 augmented with ALC_FLR.1 extended functionality in the specified environment,
when running on platforms specified in Annex A.
6.2
Recommendations
Prospective consumers of A10 Networks Thunder Applications Delivery Controllers
versions 5430S and 6430S should understand the specific scope of the certification
by reading this report in conjunction with the Security Target[1]. The TOE should be
used in accordance with a number of environmental considerations as specified in
the Security Target.
Only the evaluated TOE configuration should be installed. This is specified in Annex A
with further relevant information given above under Section 4.3 “TOE Scope” and
Section 5 “Evaluation Findings”.
The TOE should be used in accordance with the supporting guidance documentation
included in the evaluated configuration.
The above “Evaluation Findings” include a number of recommendations relating to the
secure receipt, installation, configuration and operation of the TOE.
SERTIT-055 CR Issue 1.0
05 December 2013
Page 15 of 19
A10 Networks Thunder Applications
Delivery Controllers
EAL 2 augmented with ALC_FLR.1
Annex A: Evaluated Configuration
TOE Identification
The TOE consists of:
A10 Networks Thunder
Hardware versions: 5430S and 6430S.
Firmware version: R2.7.1-P2
TOE Documentation
The supporting guidance documents evaluated were:
[a]
Security Target For A10 Networks Thunder 5430S and 6430S Application
Delivery Controllers Version: 1.1
[b]
FIPS 140-2 Level 2 Security Policy For AX Series Advanced Traffic Manager,
Version 0.8
[c]
System Configuration and Administration Guide, A10 Thunder™ Series and
AX Series, Document No.: D-030-01-00-0024, Ver. 2.7.1 7/22/2013
[d]
aFleX Scripting Language Reference A10 Thunder Series and AX Series
aFleX Engine, Document No.: D-030-01-00-0007, aFleX Engine Ver. 2.0
7/20/2013
[e]
aXAPI Reference, AX Series Advanced Traffic Manager, Document No.: D030-01-00-0010, Ver. 2.7 8/5/2013
[f]
Command Line Interface Reference A10 Thunder Series and AX Series,
Document No.: D-030-01-00-0065, Ver. 2.7.1 8/5/2013
[g]
Graphical User Interface Reference A10 ThunderTM Series and AX Series,
Document No.: D-030-01-00-0067, Ver. 2.7.1 8/5/2013
[h]
Management Information Base Reference, A10 Thunder Series™ and AX
Series™, Document No.: D-030-01-00-0008, Ver. 2.7.1 7/21/2013
[i]
Application Delivery and Server Load Balancing Guide, Guide A10
ThunderTM Series and AX Series, Document No.: D-030-01-00-0026, Ver.
2.7.1 8/5/2013
[j]
Global Server Load Balancing Guide, AX Series Advanced Traffic Manager,
Document No.: D-030-01-00-0029, Ver. 2.7.1 7/29/2013
[k]
Release Notes, A10 ThunderTM Series and AX Series, Document No.: D030-02-00-0002 , Ver. 2.7.1-P2 8/5/2013
[l]
Installation Guide for Thunder 6430S/6430/5430S A10 ThunderTM Series,
Document No.: D-030-01-00-0061
[m]
Management Access Security Guide A10 ThunderTM Series and AX Series,
Document No.: D-030-01-00-0059, Ver. 2.7.1 7/21/2013
Page 16 of 19
SERTIT-055 CR Issue 1.0
05 December 2013
A10 Networks Thunder Applications
Delivery Controllers
EAL 2 augmented with ALC_FLR.1
TOE Configuration
The following configuration was used for testing:
Secure client-server traffic:
SERTIT-055 CR Issue 1.0
05 December 2013
Page 17 of 19
A10 Networks Thunder Applications
Delivery Controllers
EAL 2 augmented with ALC_FLR.1
Server load balancing:
The following tools were used during the evaluation





Nessus Vulnerability Scanner, Version 5.2.3
Nmap Security Scanner, Version 5.50
Wireshark Network Protocol Analyzer - version 1.10.2
OpenSSH Client, Version 6.3
PuTTY - release 0.63
Evaluated configuration included the following:

Page 18 of 19
The TOE, A10 Networks Thunder Applications Delivery Controllers, are
configured to run in the Common Criteria evaluated configuration that
is specified in the guidance documentation. More specifically:
-
The High Availability feature was not enabled
-
The Data Plane of Advanced Traffic Manager did not have open
ports that were serviced by Advanced Traffic Manager (such as
ssh management, etc.)
SERTIT-055 CR Issue 1.0
05 December 2013
A10 Networks Thunder Applications
Delivery Controllers
-
EAL 2 augmented with ALC_FLR.1
There was no IP routing between the Management Plane and the
Data Plane, therefore AX Data plane users could not access the
management plane.
Environmental Configuration
The TOE is stand alone boxes consisting of hardware and firmware.
SERTIT-055 CR Issue 1.0
05 December 2013
Page 19 of 19
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement