netscaler platinum edition load balancer version 9.1 ... ... the netscaler platinum edition load...

Click here to load reader

Post on 07-Oct-2020

2 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • Citrix Systems, Inc.

    NetScaler Platinum Edition Load Balancer Version 9.1

    Security Target

    Evaluation Assurance Level: EAL2 augmented with ALC_FLR.2

    Document Version: 1

    Prepared for: Prepared by:

    Citrix Systems, Inc. Corsec Security, Inc.

    851 West Cypress Creek Road Fort Lauderdale, FL 33309

    10340 Democracy Lane, Suite 201 Fairfax, VA 22030

    Phone: (954) 267-3000 Phone: (703) 267-6050 Email: info@citrix.com Email: info@corsec.com http://www.citrix.com http://www.corsec.com

  • Security Target, Version 1 March 23, 2010

    Citrix NetScaler Platinum Edition Load Balancer Version 9.1 Page 2 of 75

    © 2010 Citrix Systems, Inc.

    This document may be freely reproduced and distributed whole and intact including this copyright notice.

    Table of Contents

    TABLE OF CONTENTS ........................................................................................................................... 2

    TABLE OF FIGURES ................................................................................................................................. 4

    TABLE OF TABLES ................................................................................................................................... 4

    1 INTRODUCTION ................................................................................................................................. 6

    1.1 PURPOSE ........................................................................................................................................ 6

    1.2 SECURITY TARGET AND TOE REFERENCES.................................................................................... 7

    1.3 PRODUCT OVERVIEW ..................................................................................................................... 7

    1.3.1 Load Balancer ................................................................................................................... 8

    1.3.2 Access Gateway .............................................................................................................. 10

    1.3.3 Web Application Firewall ............................................................................................... 10

    1.3.4 Application Delivery Networking Platform .................................................................... 10

    1.3.5 Hardware Appliances ..................................................................................................... 11

    1.4 TOE OVERVIEW ........................................................................................................................... 11

    1.4.1 Brief Description of the Components of the TOE ........................................................... 12

    1.5 TOE ENVIRONMENT .................................................................................................................... 12

    1.6 TOE DESCRIPTION ....................................................................................................................... 13

    1.6.1 Physical Scope ................................................................................................................ 13

    1.6.2 Logical Scope .................................................................................................................. 14

    1.6.3 Product Physical/Logical Features and Functionality not included in the TOE ............ 15

    2 CONFORMANCE CLAIMS .............................................................................................................. 17

    3 SECURITY PROBLEM ..................................................................................................................... 18

    3.1 THREATS TO SECURITY ................................................................................................................ 18

    3.2 ORGANIZATIONAL SECURITY POLICIES ........................................................................................ 19

    3.3 ASSUMPTIONS .............................................................................................................................. 19

  • Security Target, Version 1 March 23, 2010

    Citrix NetScaler Platinum Edition Load Balancer Version 9.1 Page 3 of 75

    © 2010 Citrix Systems, Inc.

    This document may be freely reproduced and distributed whole and intact including this copyright notice.

    4 SECURITY OBJECTIVES ................................................................................................................ 21

    4.1 SECURITY OBJECTIVES FOR THE TOE .......................................................................................... 21

    4.2 SECURITY OBJECTIVES FOR THE OPERATIONAL ENVIRONMENT ................................................... 22

    4.2.1 IT Security Objectives ..................................................................................................... 22

    4.2.2 Non-IT Security Objectives ............................................................................................. 22

    5 EXTENDED COMPONENTS ........................................................................................................... 24

    5.1 EXTENDED TOE SECURITY FUNCTIONAL COMPONENTS .............................................................. 24

    6 SECURITY REQUIREMENTS ......................................................................................................... 25

    6.1 CONVENTIONS .............................................................................................................................. 25

    6.2 SECURITY FUNCTIONAL REQUIREMENTS ..................................................................................... 25

    6.2.1 Class FAU: Security Audit .............................................................................................. 28

    6.2.2 Class FDP: User Data Protection .................................................................................. 30

    6.2.3 Class FIA: Identification and Authentication ................................................................. 39

    6.2.4 Class FMT: Security Management.................................................................................. 40

    6.2.5 Class FPT: Protection of the TSF ................................................................................... 45

    6.3 SECURITY ASSURANCE REQUIREMENTS ....................................................................................... 46

    7 TOE SPECIFICATION ...................................................................................................................... 47

    7.1 TOE SECURITY FUNCTIONS ......................................................................................................... 47

    7.1.1 Security Audit .................................................................................................................. 48

    7.1.2 User Data Protection ...................................................................................................... 49

    7.1.3 Identification and Authentication .................................................................................... 51

    7.1.4 Security Management ...................................................................................................... 51

    7.1.5 Protection of the TSF ...................................................................................................... 52

    8 RATIONALE ....................................................................................................................................... 53

    8.1 CONFORMANCE CLAIMS RATIONALE ........................................................................................... 53

  • Security Target, Version 1 March 23, 2010

    Citrix NetScaler Platinum Edition Load Balancer Version 9.1 Page 4 of 75

    © 2010 Citrix Systems, Inc.

    This document may be freely reproduced and distributed whole and intact including this copyright notice.

    8.2 EXTENDED SECURITY FUNCTIONAL REQUIREMENTS ................................................................... 53

    8.3 PROTECTION PROFILE CLAIMS RATIONALE .................................................................................. 53

    8.4 SECURITY OBJECTIVES RATIONALE ............................................................................................. 53

    8.4.1 Security Objectives Rationale Relating to Threats ......................................................... 53

    8.4.2 Security Objectives Rationale Relating to Policies ......................................................... 60

    8.4.3 Security Objectives Rationale Relating to Assumptions .................................................. 60

    8.5 RATIONALE FOR EXTENDED SECURITY FUNCTIONAL REQUIREMENTS ......................................... 65

    8.6 RATIONALE FOR EXTENDED TOE SECURITY ASSURANCE REQUIREMENTS ................................. 65

    8.7 SECURITY REQUIREMENTS RATIONALE ....................................................................................... 65

    8.7.1 Rationale for Security Functional Requirements of the TOE Objectives ........................ 65

    8.7.2 Security Assurance Requirements Rationale................................................................... 69

    8.7.3 Dependency Rationale ..................................................................

View more