Gigamon GigaVUE Supplemental Administrative Guidance Version: 1.0 January 28, 2016

Gigamon Inc. 3300 Olcott Street Santa Clara, CA 95054

Prepared By:

Cyber Assurance Testing Laboratory 900 Elkridge Landing Road, Suite 100 Linthicum, MD 21090

Contents 1

Introduction ........................................................................................................................................... 3

2

Intended Audience ................................................................................................................................ 3

3

Terminology .......................................................................................................................................... 3

4

References ............................................................................................................................................. 4

5

Evaluated Configuration of the TOE .................................................................................................... 4

6

7

5.1

TOE Components.......................................................................................................................... 4

5.2

Supporting Environment Components .......................................................................................... 8

5.3

Assumptions.................................................................................................................................. 8

Secure Installation and Configuration................................................................................................... 9 6.1

Initial out-of-the-box Setup:.......................................................................................................... 9

6.2

Verify Software Version ............................................................................................................. 10

6.3

Configure the TOE to use Enhanced Security Mode: ................................................................. 10

6.4

Configure the TOE to record log and audit data (locally): ......................................................... 10

6.5

Disable Telnet and Enable SSH2 ................................................................................................ 10

6.6

Configure and Access the WebGUI (aka H-VUE) ..................................................................... 11

Secure Management of Gigamon GigaVUE ....................................................................................... 11 7.1

Authenticating to Gigamon GigaVUE ........................................................................................ 11

7.1.1

Public-Key Based Authentication Configuration................................................................ 12

7.1.2

LDAP Authentication Configuration (CLI) ........................................................................ 12

7.1.3

LDAP Authentication Configuration (WebGUI) ................................................................ 13

7.2

Managing Users .......................................................................................................................... 13

7.2.1

Create a New Admin User Account (CLI):......................................................................... 13

7.2.2

Create a New Admin User Account (GUI): ........................................................................ 14

7.3

Password Management ............................................................................................................... 14

7.4

Session Termination.................................................................................................................... 14

7.4.1

Admin Logout ..................................................................................................................... 14

7.4.2

Termination from Inactivity ................................................................................................ 15

7.5

Login Banner .............................................................................................................................. 15

7.6

System Time Configuration ........................................................................................................ 16

7.6.1 1|Page

Manually Configure the Time (CLI) ................................................................................... 16

7.6.2

Manually Configure the Time Configuration (WebGUI) ................................................... 16

7.6.3

Configure Connection to an NTP Server (CLI) .................................................................. 16

7.6.4

Configure Connection to an NTP Server (GUI) ................................................................. 16

7.7

8

Secure Updates............................................................................................................................ 17

7.7.1

Display the Current Version (CLI) ..................................................................................... 17

7.7.2

Display the Current Version (WebGUI) ............................................................................. 17

7.7.3

Downloading and Installing the New Image (CLI) ............................................................. 17

7.7.4

Downloading and Installing the New Image (WebGUI) .................................................... 18

7.7.5

Rebooting TOE (CLI) ......................................................................................................... 18

7.7.6

Rebooting the TOE (WebGUI) ........................................................................................... 18

7.7.7

Actions to be taken upon Failure ........................................................................................ 18

Auditing .............................................................................................................................................. 18 8.1

9

Audit Storage .............................................................................................................................. 32

8.1.1

Assigning a Public-Key to the Syslog Server and enable SSH (CLI) ................................. 32

8.1.2

Configuring the Syslog Server (CLI) .................................................................................. 33

Communications Protocols and Services ............................................................................................ 33

10

Modes of Operation ........................................................................................................................ 34

11

Obtaining Technical Assistance ...................................................................................................... 34

Table of Tables Table 5-1: HD8 and HD4 Series ................................................................................................................... 5 Table 5-2: HC2 Series ................................................................................................................................... 6 Table 5-3: HB1 Series ................................................................................................................................... 7 Table 5-4: TA10 Series ................................................................................................................................. 7 Table 5-5: TA40 Series ................................................................................................................................. 8 Table 5-6: Supporting Environmental Components ..................................................................................... 8 Table 8-1: NDPP Auditable Events ............................................................................................................ 32

2|Page

1 Introduction The Target of Evaluation (TOE) includes the models HD8, HD4, HC2, HB1, TA10 and TA40 with software version 4.4.03. These models allow an Authorized Administrator to access the TOE through a serial port, remote CLI via SSH, and a WebGUI via TLS/HTTPS. The TOE was evaluated against the requirements defined in the Gigamon GigaVUE Security Target. The GigaVUE's primary functionality is to use the Gigamon Forwarding Policy to receive out-of-band copied network data from external sources (TAP or SPAN port) and forward that copied network data to one or many tool ports for packet capture or analyzing tools based on user selected criteria. GigaVUE can also copy the network traffic itself when sitting in-line with the network flow using passive, inline and bypass taps or any combination. GigaVUE features extensive filtering abilities enabling authorized users to forward precise customized data flows of copied data from many sources to a single tool, from a single source to many tools, or from many sources to many tools. The TOE was evaluated as a network device only and the GigaVUE’s network traffic capture, filter, and forwarding capabilities described above were not assessed during this evaluation. The TOE is the general network device functionality (I&A, auditing, security management, trusted communications, etc.) of the GigaVUE, consistent with the claimed Protection Profile.

2 Intended Audience This document is intended for administrators responsible for installing, configuring, and/or operating Gigamon GigaVUE version 4.4.03. Guidance provided in this document allows the reader to deploy the product in an environment that is consistent with the configuration that was evaluated as part of the product’s Common Criteria (CC) testing process. It also provides the reader with instructions on how to exercise the security functions that were claimed as part of the CC evaluation. The reader is expected to be familiar with the Security Target for Gigamon GigaVUE version 4.4.03 and the general CC terminology that is referenced in it. This document references the Security Functional Requirements (SFRs) that are defined in the Security Target document and provides instructions on how to perform the security functions that are defined by these SFRs. The GigaVUE product as a whole provides a great deal of security functionality but only those functions that were in the scope of the claimed PP are discussed here. Any functionality that is not described here or in the Gigamon GigaVUE Security Target was not evaluated and should be exercised at the user’s risk.

3 Terminology In reviewing this document, the reader should be aware of the terms listed below. These terms are also described in the Gigamon GigaVUE Security Target. CC: stand for Common Criteria. Common Criteria provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and standard and repeatable manner at a level that is commensurate with the target environment for use.

3|Page

SFR: stands for Security Functional Requirement. An SFR is a security capability that was tested as part of the CC process. TOE: stands for Target of Evaluation. This refers to the aspects of Gigamon GigaVUE that contain the security functions that were tested as part of the CC evaluation process.

4 References The following documents are part of the Gigamon GigaVUE version 4.4.03. This is the standard documentation set that is provided with the product. [1] GigaVUE-OS-CLIUsersGuide-v4400 [2] GigaVUE-OS-HVUE-UsersGuide-v4400 [3] GV-TA-Series-UpgradeGuide-v4400 [4] GV-H-Series-UpgradeGuide-v4400 [5] GV-HB-Series-HardwareInstallationGuide-v4400 [6] GV-HC-Series-HardwareInstallationGuide-v4400 [7] GV-HD-Series-HardwareInstallationGuide-v4400 [8] GV-TA-Series-HardwareInstallationGuide-v4400 [9] GV-OS-ReleaseNote-v4400 [10] Gigamon GigaVUE Security Target v1.0 (ST) [11] Gigamon Linux-Based Cryptographic Module CMVP certificate #2128 Note: [11] refers to the FIPS validated cryptographic module used by the GigaVUE products.

5 Evaluated Configuration of the TOE This section lists the components that have been included in the TOE’s evaluated configuration, whether they are part of the TOE itself, environmental components that support the security behavior of the TOE, or non-interfering environmental components that were present during testing but are not associated with any security claims:

5.1 TOE Components Property

HD8

HD8

HD4

HD4

Model Number

GVS-HD8A1

GVS-HD8A2

GVS-HD4A1

GVS-HD4A2

GigaVUE-HD8 base unit w/ chassis, CLI

GigaVUE-HD8 base unit w/ chassis, CLI

GigaVUE-HD4 base unit w/ chassis, CLI

GigaVUE-HD4 base unit w/ chassis, CLI

Size

14RU

14RU

5RU

5RU

Total Slots

8

8

5

5

Power

AC

DC

AC

DC

Control Cards

1 or 2

1 or 2

1

1

Port Blades

PRT-H00-X12G04 Port Blade, HD Series, 12x10G 4x1G

4|Page

PRT-H00-X12TS Port Blade, HD Series, 12x10G Time Stamp PRT-H00-X04G44 Port Blade, HD Series, 4x10G 44x1G PRT-H00-Q02X32 Port Blade, HD Series, 2x40G 32x10G (24 10G + 2 40G or 32 10G active) PRT-HD0-Q08 Port Blade, HD Series, 8x40G PRT-HD0-C01 Port Blade, HD Series, 1x100G PRT-HD0-C02X08 Port Blade, HD Series, 2x100G CFP cages + 8x10G cages PRT-HD0-C02X08A Port Blade, HD Series, 2x100G CFP2 cages + 8x10G cages GigaSMART Module: SMT-HD0-GigaSMART, HD Series blade (includes Slicing, Masking, Source Port,& GigaVUE Tunneling De-Encapsulation SW Power Supplies

4

4

2

2

Processor

PowerPC 600

PowerPC 600

PowerPC 600

PowerPC 600

Memory (RAM)

CCv1: 2GB CCv2: 4GB

CCv1: 2GB CCv2: 4GB

CCv1: 2GB CCv2: 4GB

CCv1: 2GB CCv2: 4GB

Logical Drive

CCv1: 2GB CCv2: 8GB

CCv1: 2GB CCv2: 8GB

CCv1: 2GB CCv2: 8GB

CCv1: 2GB CCv2: 8GB

Fixed Ports

None

None

None

None

Configurable Ports

Provided by Port Blades

Provided by Port Blades

Provided by Port Blades

Provided by Port Blades

Capacity

Table 5-1: HD8 and HD4 Series

Property

HC2

HC2

Model Number

GVS-HC201

GVS-HC202

GigaVUE-HC2 base unit w/ chassis, CLI,

GigaVUE-HC2 base unit w/ chassis, CLI

Size

2RU

2RU

Front Bays

4

4

Rear Bays

1

1

Power

AC

DC

Main Board

1

1

TAP Modules

TAP-HC0-D25AC0 TAP module, HC Series, SX/SR Internal TAP Module 50/125, 12 TAPs TAP-HC0-D25BC0 TAP module, HC Series, SX/SR Internal TAP Module 62.5/125, 12 TAPs TAP-HC0-D35CC0 TAP module, HC Series, LX/LR Internal TAP Module, 12 TAPs TAP-HC0-G100C0 TAP and Bypass module, HC Series, Copper, 12 TAPs or BPS pairs

Bypass Combo Modules

BPS-HC0-D25A4G Bypass Combo Module, HC Series, 4 SX/SR 50/125 BPS pairs, 16 10G cages BPS-HC0-D25B4G Bypass Combo Module, HC Series, 4 SX/SR 62.5/125 BPS pairs, 16 10G cages

5|Page

BPS-HC0-D35C4G Bypass Combo Module, HC Series, 4 LX/LR BPS pairs, 16 10G cages Port Modules

PRT-HC0-X24 Port Module, HC Series, 24x10G PRT-HC0-Q06 Port Module, HC Series, 6x40G GigaSMART Modules: SMT-HC0-R GigaSMART, HC Series rear module (includes Slicing, Masking, Source Port & GigaVUE Tunneling De-Encapsulation SW) SMT-HC0-X16 GigaSMART, HC Series, Front Module, 16 10G cages (includes Slicing, Masking, Source Port & GigaVUE Tunneling De-Encapsulation SW

Power Supplies

2

2

Processor

PowerPC 600

PowerPC 600

Memory (RAM)

4GB

4GB

Logical Drive

8GB

8GB

PTP IEEE 1588

PTP IEEE 1588

Stack Mgmt. Port

Stack Mgmt. Port

Mgmt.

Mgmt.

Console

Console

Provided by TAP Modules,

Provided by TAP Modules,

Bypass combo modules,

Bypass combo modules,

Port Modules

Port Modules

Capacity Fixed Ports

Configurable Ports

Table 5-2: HC2 Series

Property

HB1

HB1

Model Number

GVS-HB101-0416

GVS-HB102-0416

branch node

branch node

Size

1RU

1RU

Cages

4 10G cages

4 10G cages

8 1G cages

8 1G cages

Copper

8 1G

8 1G

Power

AC

DC

Power Supplies

1

1

Processor

PowerPC 600

PowerPC 600

Memory (RAM)

2GB

2GB

Logical Drive

2GB

2GB

PTP 1588

PTP 1588

Mgmt.

Mgmt.

Capacity Fixed Ports

6|Page

Configurable Ports

Console

Console

8 10/100/1000 Ports,

8 10/100/1000 Ports,

8 1G Ports (SFP),

8 1G Ports (SFP),

4 1G/10G (SFP+)

4 1G/10G (SFP+)

None

None

Table 5-3: HB1 Series

Property

TA10

TA10

Model Number

GigaVUE-TA10

GigaVUE-TA10

Edge Traffic Aggregation Node

Edge Traffic Aggregation Node

(SKU GVS-TAX01)

(SKU GVS-TAX01)

Size

1RU

1RU

Power

AC

DC

Power Supplies

2

2

Processor

PowerPC e500

PowerPC e500

Memory (RAM)

4GB

4GB

Logical Drive

8GB

8GB

Mgmt.

Mgmt.

Console

Console

48 1G/10G Ports (SFP+)

48 1G/10G Ports (SFP+)

4 10G/40G QSFP Ports

4 10G/40G QSFP Ports

None

None

Capacity Fixed Ports

Configurable Ports

Table 5-4: TA10 Series

Property

TA40

TA40

Model Number

GigaVUE-TA40

GigaVUE-TA40

Edge Traffic Aggregation Node

Edge Traffic Aggregation Node

(SKU GVS-TAQ01)

(SKU GVS-TAQ01)

Size

1RU

1RU

Power

AC

DC

Power Supplies

2

2

Processor

PowerPC e500

PowerPC e500

Memory (RAM)

4GB

4GB

Logical Drive

8GB

8GB

Mgmt.

Mgmt.

Capacity Fixed Ports

7|Page

Configurable Ports

Console

Console

32 10G/40G QSFP Ports

32 10G/40G QSFP Ports

None

None

Table 5-5: TA40 Series

5.2 Supporting Environment Components Component LDAP Server

Management Workstation

NTP Server SPAN Syslog Server

TAP

Tool

Update Server

Definition A system that is capable of receiving authentication requests using LDAP over TLS and validating these requests against identity and credential data that is defined in an LDAP directory. Any general-purpose computer that is used by an administrator to manage the TOE. The TOE can be managed remotely, in which case the management workstation requires an SSH client to access the CLI or a web browser (Microsoft Internet Explorer 11 or higher and Google Chrome 36 or higher) to access the WebGUI, or locally, in which case the management workstation must be physically connected to the TOE using the serial port and must use a terminal emulator that is compatible with serial communications. A server that provides reliable time data to the TOE’s system clock so that the timestamps on its audit records can be synchronized with other devices in the Operational Environment that connect to the same server. This component provides the TOE with copied network data, but only if the TOE is configured to receive data from an external TAP or SPAN device. The Syslog Server connects to the TOE and allows the TOE to send Syslog messages to it for remote storage. This is used to send copies of audit data to be stored in a remote location for data redundancy purposes. This component provides the TOE with copied network data, either from an internal GigaVUE TAP or an external TAP. The TOE can also be configured to receive data from an external source, meaning a TAP device or SPAN port. This component is any analysis, capture or troubleshooting tool connected to a tool port. This component is required for the TOE to forward data. The connection to the tool is a physical connection. A general-purpose computer that includes a web server and is used to store software update packages that can be retrieved by the TOE using TLS/HTTPS. The update server can be a server maintained by Gigamon or it can be set up locally in the Operational Environment by an administrator if the TOE’s deployment prevents it from being able to access Gigamon’s web domain. Table 5-6: Supporting Environmental Components

5.3 Assumptions In order to ensure the product is capable of meeting its security requirements when deployed in its evaluated configuration, the following conditions must be satisfied by the organization, as defined in the claimed Protection Profile: 

No general purpose computing capabilities: The GigaVUE product must only be used for its intended purpose. General purpose computing applications, especially those with network-visible interfaces, may compromise the security of the product if introduced.

8|Page





Physical security: The GigaVUE product does not claim any sort of physical tamper-evident or tamper-resistant security mechanisms. Therefore, it is necessary to deploy the product in a locked or otherwise physically secured environment so that it is not subject to untrusted physical modification. Trusted administration: The GigaVUE product does not provide a mechanism to protect against the threat of a rogue or otherwise malicious administrator. Therefore, it is the responsibility of the organization to perform appropriate vetting and training for security administrators prior to granting them the ability to manage the product.

6 Secure Installation and Configuration Documentation for how to order and acquire the TOE is described in the ‘Contacting Sales’ section of documents [5] through [8]. When receiving delivery of a TOE model, this documentation should be checked as part of the acceptance procedures so that the correctness of the hardware can be verified. Additionally, documents [5] through [8] can be referenced for physical requirements such as unpacking the TOE, installing modules, racking the TOE, cabling (i.e. network and power), as well as verifying power and environmental operating conditions. The TOE comes with the software image installed on it by default, but if additional validation is necessary, an administrator may acquire the software image separately from Gigamon and perform a software upgrade to the known version. Regardless of the specific model being installed, the software is functionally identical with respect to the Common Criteria security requirements, so secure management for each device is described in the remainder of this document. Note that these steps can be performed using the initial default user account. Note: Use the write memory command in the CLI to save configuration changes to flash. Otherwise, changes will be added to the active configuration immediately but will not be saved across a reboot unless the write memory command is used.

6.1 Initial out-of-the-box Setup 1. Connect to the TOE via the local console using the following settings on a terminal application: 115,200 Baud 8 data bits No parity 1 stop bit No flow control

2. Authenticate using the default credentials: Username: admin Password: admin123A!

3. Start the jump-start script by entering the following commands on the TOE: enable config terminal config jump-start

9|Page

Refer to the ‘Run the Jump-Start Script’ Section in documents [5] through [8] for more information on completing the jump-start setup. Note: Ensure to modify the default password for the default ‘admin’ account.

6.2 Verify Software Version Now verify the version of software operating on the TOE by issuing a “show version” command and compare the displayed version to the expected version. If the version is not what is expected then follow the instructions in Section 7.7 to obtain and install the correct software image from Gigamon.

6.3 Configure the TOE to use Enhanced Security Mode Enhanced Security Mode must be configured to limit the cryptographic options to be consistent with the claims made for the Common Criteria evaluation. 1. Enter the following commands to enable secure cryptography mode: enable config terminal system security crypto enhanced reload

2. Respond “yes” to “Configuration has been modified; save first?” and then confirm the reload. 3. Authenticate to the TOE. 4. Verify that after authenticating, the TOE reports “System in secure cryptography mode.”

6.4 Configure the TOE to record log and audit data (locally) In the evaluated configuration, all auditable events relevant to the Common Criteria evaluation are logged locally by entering the following commands. enable config terminal logging level audit mgmt info logging level cli commands info logging local info

6.5 Disable Telnet and Enable SSH2 Both Telnet and SSH2 can be configured for remote connections to the GigaVUE’s Ethernet Management Port. By default, SSH2 is enabled and Telnet is disabled. In the Common Criteria evaluated configuration, Telnet must remain disabled. If Telnet is enabled, enter the following commands: enable config terminal no telnet-server enable

If SSH2 is disabled, enter the following commands: enable

10 | P a g e

config terminal ssh server enable

After verifying that Telnet is disabled and SSH2 is enabled, attempt to authenticate to the TOE with a SSH2 client by pointing the client at the TOE’s IP address and using the default ‘admin’ account’s credentials. To be able to connect to the TOE, the SSH2 client must support diffie-hellman-group14-sha1 as the key exchange method, and one or more of the following encryption and data integrity algorithms.  

Encryption Algorithms: AES-CBC-128 or AES-CBC-256 Data Integrity Algorithms: hmac-sha1, hmac-sha2-256, or hmac-sha2-512

6.6 Configure and Access the WebGUI (aka H-VUE) Follow the instructions for enabling the WebGUI by following the directions under ‘Enabling the Web Server’ Section in documents [5] through [8]. Then continue with that Section’s directions for connecting and authenticating to the WebGUI. The WebGUI can be accessed by navigating to https:// in a web browser. Web browsers that should be used in the Common Criteria evaluated configuration are Microsoft Internet Explorer 11 or higher and Google Chrome 36 or higher. These web browsers must be configured to support TLS 1.0, and one or more of the following ciphersuites:    

TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA

The TOE supports HTTPS and HTTP for the WebGUI. By default, HTTPS is enabled and HTTP is disabled. In the Common Criteria evaluated configuration, HTTP must remain disabled. If HTTP is enabled, enter the following commands: enable config terminal no web http enable

Note: Ensure to modify the default password for the default ‘admin’ account.

7 Secure Management of Gigamon GigaVUE 7.1 Authenticating to Gigamon GigaVUE Users must authenticate to Gigamon GigaVUE in order to perform any management functions. Section 8.4 of the ST discusses the process in which Gigamon GigaVUE authenticates users via the CLI, WebGUI or remotely via LDAP. Section 8.8.2 also discusses the trusted channels that are invoked in order to send the data securely. Local users login to the Command line interface (CLI) using username and password, while remote users can login to GigaVUE via the CLI using username and password or public key based authentication. User authentication information that is sent remotely via the CLI is protected using SSHv2. Users may also 11 | P a g e

authenticate remotely via a WebGUI that is protected using TLS/HTTPS. Remote authentication is possible using an LDAP server for its user store. Note: Connections to the LDAP server are protected with TLS. The TLS session for an LDAP request establishes and terminates almost immediately, making it nearly impossible to interrupt the TLS session. If the LDAP server is unreachable, the TOE will only perform a single attempt to connect to the LDAP server and will then default to verifying the authentication credential’s to the TOE’s local store. 7.1.1

Public-Key Based Authentication Configuration

SSH public/private key pairs must be generated or loaded on the TOE so that SSH authentication using a public- key is possible. Perform the following steps to add an authorized public-key to a user on the TOE: 1. Authenticate to the TOE via the CLI as an Admin user. 2. Enter the following commands on the TOE: enable config terminal ssh client user authorized-key sshv2 “”

Provide the user the corresponding private key for their use to authenticate via SSH. 4. The user would then load the private key on their SSH client when attempting to authenticate. 3.

7.1.2

LDAP Authentication Configuration (CLI)

Perform the following steps to configure the LDAP server on the TOE via the CLI. Refer to ‘Adding an LDAP Server’ Section in document [1] for more information. 1. Authenticate to the TOE via the CLI as an Admin user 2. Enter the following commands on the TOE to install the public-key for the LDAP server: enable config terminal crypto certificate name public-cert pem “-----BEGIN CERTIFICATE---------END CERTIFICATE-----” crypto certificate ca-list default-ca-list name

3. Refer to the ‘ldap’ section in document [1] between pages 773 and 776 to configure the LDAP parameters. The commands below are provided as an example of the LDAP parameters that need to be defined for a working configuration. The commands in bold must be configured as such in the evaluated configuration. ldap base-dn ldap bind-dn ldap bind-password ldap group-attribute ldap host ldap login-attribute ldap ssl mode tls ldap ssl ca-list default-ca-list ldap ssl cert-verify ldap version 3

12 | P a g e

4. Refer to the ‘aaa authentication’ section in document [1] between pages 661 and 664 to configure the AAA Authentication parameters. The command below is provided as an example of the AAA Authentication parameters that need to be defined for a working configuration. The command is in bold because it must be configured as such in the evaluated configuration. aaa authentication login default ldap local

5. Refer to the ‘aaa authorization’ section in document [1] between pages 664 and 665 to configure the AAA Authorization parameters. The commands below are provided as an example of the AAA Authorization parameters that need to be defined for a working configuration. aaa authorization map order aaa authorization map default-user

7.1.3

LDAP Authentication Configuration (WebGUI)

Perform the following steps to configure the LDAP server on the TOE via the WebGUI. 1. Authenticate to the TOE via the WebGUI as an Admin user. 2. Refer to the ‘Configuring Authentication and Authorization (AAA)’ section in document [2] between pages 182 and 183 to configure AAA. The following options must be chosen: a. First Priority: LDAP b. Second Priority: Local 3. Refer to the ‘Adding an LDAP Server’ section in document [2] on page 190 to add an LDAP server. 4. Refer to the ‘Configuring LDAP Authentication’ section in document [2] between pages 195 and 196 to configure LDAP authentication. The following options must be chosen: a. LDAP Version: v3 b. SSL Mode tls c. SSL Cert Check: on d. SSL ca-list: default CA list Note: Installing the public-key for the LDAP server must be performed via the CLI. Refer to Section 7.1.2 steps 1 and 2 for directions for installing the public-key.

7.2 Managing Users GigaVUE has role based authentication. There are three roles which can be Admin, Operator, or Monitor, depending on the role assigned by an Authorized Administrator and each has different levels of authorization in terms of the functions that can be performed by them. All SFR relevant management activity is performed by the Admin role. The Admin user corresponds to the PP’s definition of Authorized Administrator. Only Admin users have the ability to assign roles to users and more than one role may be assigned to a user. 7.2.1

Create a New Admin User Account (CLI):

1. Authenticate to the TOE via the CLI as an Admin user. 2. Select a password that meets the password strength requirements in section 6.4. 3. Enter the following commands to create a new user account: enable config terminal username password

13 | P a g e

username < USERNAME> roles add admin

Note: An Admin user can delete user accounts with the ‘no username’ command. 7.2.2 1. 2. 3. 4. 5.

Create a New Admin User Account (GUI): Authenticate to the TOE via the WebGUI as an Admin user. Click on “Roles and Users” > “Users” Click on “Add.” Fill in the fields as appropriate. Assign the user the “admin” capability and click “Save.”

Note: An Admin user can delete user accounts under the “Roles and Users” > “Users” by selecting the user and clicking “Delete”.

7.3 Password Management Passwords can be composed using any combination of upper case and lower case letters, numbers and special characters. The special characters that are supported include the following: “!”, “@”, “#”, “$”, “%”, “^”, “&”, “*”, “(“, and “)”. The password policy includes a configurable minimum length, which can be configured by an Admin user to any value between 15 and 30 in the evaluated configuration. Perform the following steps to configure minimum length for passwords: 1. Authenticate to the TOE via the CLI as an Admin user. 2. Enter the following commands to enable secure passwords mode: enable config terminal system security passwords enhanced system security passwords min-length 15 show system

3. Verify the TOE reports “Configured secure passwords mode : enabled” and “Minimum password length : 15.” In order to minimize the risk of account compromise, it is recommended to use a password that includes a mixture of uppercase, lowercase, numeric, and special characters and is not a common word or phrase, but is not so complex that it must be written down in order to be remembered.

7.4 Session Termination 7.4.1

Admin Logout

The Admin is able to terminate their own session by entering the "Exit" command when logged into the local console or remote CLI via SSH. The Admin can terminate their own session by clicking on the "logout" tab when logged into the WebGUI.

14 | P a g e

7.4.2

Termination from Inactivity

The TOE is designed to terminate a local session after a specified period of time with a default setting of 15 minutes. The TOE has a single configuration for the CLI accessed via the serial port and the CLI accessed via SSH. In the event that the inactivity setting is met while users are logged into the CLI via the serial port, the session will end. In the event that the inactivity setting is met while users are logged into the CLI via SSH, the TOE tears down the SSH connection. This setting can be configured between 0-35791 minutes. The value of 0 means that this setting is disabled and there is no timeout configured. The CLI timeout is configured via the CLI by an Admin user with the following commands: enable config terminal cli default auto-logout

In the event that the inactivity setting is reached while a user is logged into the WebGUI, the session will end. This setting can be configured between 0-999999999 minutes. The value of 0 means that this setting is disabled and there is no timeout configured. The WebGUI timeout can be configured via the CLI by an Admin user with the following commands: enable config terminal web auto-logout

Additionally, an Admin user authenticated to the WebGUI can only configure the timeout setting for the WebGUI and they would use the following steps: 1. 2. 3. 4. 5.

Authenticate to the TOE via the WebGUI as an Admin user Click on “Settings” > “Global Settings” > “Web.” Click “Edit.” In the field for “Auto logout Timeout” enter Click “Save”

7.5 Login Banner The CLI login banner is created by an Admin user authenticated to the CLI with the following commands: enable config terminal banner login

The WebGUI login banner is created by an Admin user authenticated to the WebGUI with the following steps: 1. 2. 3. 4. 5.

Authenticate to the TOE via the WebGUI as an Admin user. Click on “Settings” > “Global Settings” > “Hostname” Click on “Edit” Enter in the “Login Message” box. Click “Save”

15 | P a g e

7.6 System Time Configuration In the evaluated configuration of the TOE, the system time can either be set manually or by synchronizing with an NTP server in the TOE’s Operational Environment. Only an Admin user is able to perform these operations. 7.6.1

Manually Configure the Time (CLI)

1. Authenticate to the TOE via the CLI as an Admin user. 2. Enter the following command to view the current time: show clock

3. Enter the following commands to set the date and time: enable config terminal clock set []

7.6.2

Manually Configure the Time Configuration (WebGUI)

1. Authenticate to the TOE via the WebGUI as an Admin user. 2. Click on “Settings” > “Date And Time”. This step will also allow the Admin user to view the current time. 3. Click on “Edit” 4. Specify a new date and time in the fields and then click “Save.”

7.6.3 Configure Connection to an NTP Server (CLI) The TOE can be configured to connect to an NTP server by an Admin user authenticated to the CLI with the following commands: enable config terminal ntp enable ntp server [NTP_SERVER_IP_ADDRESS]

Refer to the ‘ntp’ section of document [1] on pages 808 and 809 for more information regarding configuring a connection to an NTP server.

7.6.4 Configure Connection to an NTP Server (GUI) The TOE can be configured to connect to an NTP server by an Admin user authenticated to the Web with the following steps: 1. 2. 3. 4. 5. 6.

16 | P a g e

Authenticate to the WebGUI Click on “Settings”>”Date and Time”>”NTP” Click “Add” Populate the Server IP field with the NTP server IP address and version field Check the server enabled box, and uncheck the key enabled box Click on “Settings”> and check “Enabled” for NTP time synchronization and click “Save”

7.7 Secure Updates To maintain security throughout the lifecycle of the GigaVUE product, the TOE provides a mechanism to apply software upgrades. To upgrade the software, the new software image must be either available on the Gigamon update server or on a local update server. The Gigamon update server is a Gigamon hosted site and the Admin user must enter a username and password to download the image. The local update server is under the control of the Admin user and is used by the Admin user to store a downloaded image. The following sections describe the steps which must be taken in order to install a new software image either by using the CLI or by using the WebGUI. Both communications channels are protected by TLS/HTTPS. If the connection is interrupted during a download of the software update but the TLS/HTTPS session has not timed out, the TOE will automatically continue the software update download over TLS/HTTPS once the connection has been re-established. If the TLS/HTTPS session has timed out, the Admin user will have to re-initiate the download of the software update.

7.7.1 Display the Current Version (CLI) Before downloading a new image, the current version of the software image should be identified. The current version of the software image is displayed via the CLI by using the command “show version”.

7.7.2 Display the Current Version (WebGUI) The current version of the software image is displayed via the WebGUI by following these steps: 1. Authenticate to the TOE via the WebGUI as an Admin user 2. Click on “Settings” > “Reboot and Upgrade” > “Images.” 3. Note the current version of the “currently booted” partition.

7.7.3 Downloading and Installing the New Image (CLI) The “image” command is used via the CLI to download and install the new image. For more information on the “image” command, refer to the ‘image’ Section in document [1] between pages 741 and 743. 1. Authenticate to the TOE via the CLI as an Admin user. 2. Enter the following commands to fetch an update to the TOE: enable config terminal image fetch https://

3. After the update has been fetched, enter the following commands on the TOE to initiate the update: image install install-boot image boot next

4. If prompted to save modified configuration, answer “yes”. 5. Once the TOE reboots, enter the “write memory” command.

17 | P a g e

7.7.4 Downloading and Installing the New Image (WebGUI) On the WebGUI the following steps must be performed in order to download and install the new image. 1. 2. 3. 4.

Authenticate to the TOE via the WebGUI as an Admin user Click on “Settings”>”Reboot and Upgrade”>”Images” Click on “New” Choose the “install from local file” option if installing from the local file server and select “choose file” 5. Alternatively if installing from the Gigamon or local update server, choose the “Install from url” option and provide the url.

7.7.5 Rebooting TOE (CLI) Once the image has been installed, the TOE must be rebooted for the new image to take effect and become the executing image. On the CLI this is achieved by using the following command: Reload Once the TOE fully reboots, the new version of the software can be checked by performing the steps of section 7.7.1 or 7.7.2 above.

7.7.6 Rebooting the TOE (WebGUI) On the WebGUI the Admin user must navigate to the “Settings”>”Reboot and Upgrade”>”Reboot” screen. Once the TOE fully reboots, the new version of the software can be checked by performing the steps of section 7.7.1 or 7.7.2 above.

7.7.7 Actions to be Taken Upon Failure The software image for the TOE contains a digital signature. If an attempt is made to download and install an illegitimate update, the Admin user must obey the verification warning from the TOE that the digital signature has failed and reject the software image by not installing. The Admin user can attempt to repeat the process to determine if the error condition disappears. However if the error continues then the attempts to perform a software update should be halted.

8 Auditing In order to be compliant with Common Criteria, GigaVUE must audit the events in the table below. The audit records that GigaVUE creates include the date and time, outcome of the event, event type, subject identity and the source of the event. Auditing is turned on and off by using the ‘logging’ command, refer to Section 6.4 for more information. The ‘show log’ or ‘show logs’ command displays audit information. It is possible to use regular expressions in the show log command to restrict the search.

18 | P a g e

Component

Event

FAU_GEN.1

Startup and shutdown of audit functions

Additional Information

Audit Examples Startup of audit functions: Nov 5 17:15:59 GigaVUE-HD mgmtd[1957]: [mgmtd.INFO]: Config change ID 8: requested by: user admin (System Administrator) via CLI, 1 item(s) changed Nov 5 17:15:59 GigaVUE-HD mgmtd[1957]: [mgmtd.INFO]: Config change ID 8: item 1: CLI command log level changed from "none" to "info" Shutdown of audit functions:

FCS_TLS_EX T.1

Failure to establish an TLS session Establishme nt/Terminati on of a TLS session.

Reason for failure. Non-TOE endpoint of connection (IP address) for both successes and failures.

Nov 5 17:07:44 GigaVUE-HD cli[2441]: [cli.INFO]: user admin: Executing command: logging level cli commands none Failure to establish session (TLS): Jan 27 17:05:12 GigamonHD4 httpd[20125]: [Wed Jan 27 17:05:12 2016] [notice] [client 192.168.1.99] Connection to child 7 established (server GigamonHD4:443) Jan 27 17:05:12 GigamonHD4 httpd[20125]: [Wed Jan 27 17:05:12 2016] [error] [client 192.168.1.99] (70014)End of file found: SSL handshake interrupted by system [Hint: No shared ciphers or stop button pressed in browser?!] Jan 27 17:05:12 GigamonHD4 httpd[20125]: [Wed Jan 27 17:05:12 2016] [notice] [client 192.168.1.99] Connection closed to child 7 with abortive shutdown (server GigamonHD4:443) Session establishment (TLS): Jan 27 16:59:37 GigamonHD4 httpd[20123]: [Wed Jan 27 16:59:37 2016] [notice] [client 192.168.1.99] Connection to child 3 established (server GigamonHD4:443) Jan 27 16:59:37 GigamonHD4 httpd[20123]: [Wed Jan 27 16:59:37 2016] [notice] [client 192.168.1.99] Connection to child 3 completed successfully (server GigamonHD4:443) Session termination (TLS):

FCS_SSH_EX

19 | P a g e

Failure to

Reason for failure.

Jan 27 16:59:37 GigamonHD4 httpd[20123]: [Wed Jan 27 16:59:37 2016] [notice] [client 192.168.1.99] Connection closed to child 3 with standard shutdown (server GigamonHD4:443) Failure to establish SSH session:

T.1

establish an SSH session Establishme nt/Terminati on of an SSH session.

Non-TOE endpoint of connection (IP address) for both successes and failures.

Nov 4 14:07:44 GigaVUE-HD sshd[4691]: Connection from 192.168.1.99 port 55592 Nov 4 14:07:44 GigaVUE-HD sshd[4691]: fatal: Unable to negotiate a key exchange method [preauth] Nov 4 14:08:28 GigaVUE-HD sshd[4714]: Connection from 192.168.1.99 port 55619 Nov 4 14:08:28 GigaVUE-HD sshd[4714]: fatal: no matching mac found: client hmac-md5 server hmacsha1,hmac-sha2-256,hmac-sha2-512 [preauth] Nov 4 14:09:06 GigaVUE-HD sshd[4737]: Connection from 192.168.1.99 port 55648 Nov 4 14:09:06 GigaVUE-HD sshd[4737]: fatal: no matching cipher found: client 3des-cbc server aes128cbc,aes256-cbc [preauth] Session establishment (SSH): Nov 4 13:24:20 GigaVUE-HD sshd[3753]: Connection from 192.168.1.99 port 53782 Session termination (SSH):

FCS_HTTPS_ EXT.1

Failure to establish an HTTPS session. Establishme nt/Terminati on of an HTTPS session.

Reason for failure. Non-TOE endpoint of connection (IP address) for both successes and failures.

Nov 4 13:24:51 GigaVUE-HD sshd[3753]: Connection closed by 192.168.1.99 [preauth] Failure to establish session (HTTPS): Refer to 'Audit log(s) for FCS_TLS_EXT.1' Session establishment (HTTPS): Jan 27 16:59:37 GigamonHD4 httpd[20123]: [Wed Jan 27 16:59:37 2016] [notice] [client 192.168.1.99] Connection to child 3 established (server GigamonHD4:443) Jan 27 16:59:37 GigamonHD4 httpd[20123]: [Wed Jan 27 16:59:37 2016] [notice] [client 192.168.1.99] Connection to child 3 completed successfully (server GigamonHD4:443) Session termination (HTTPS): Nov 4 13:20:04 GigaVUE-HD ugwd[2088]: [ugwd.INFO]: ugwd_release_session_ptr: sessions IIj5UbD9HXxluUE5IqvnBxxRCheg67fQWLpBeD35 BEBmAAg= count 0 logout 1 Nov 4 13:20:04 GigaVUE-HD ugwd[2088]: [ugwd.INFO]: session 1: closing for peer mgmtd user

20 | P a g e

i:1954-0-0 (0/0) 0 Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]: [mgmtd.INFO]: session 37: closing for peer ugwc.82088 user admin (0/0) 1 Nov 4 13:20:04 GigaVUE-HD wsmd[2078]: [wsmd.NOTICE]: User admin (System Administrator) from 192.168.1.99 logged out of Web UI Nov 4 13:20:04 GigaVUE-HD wsmd[2078]: [wsmd.INFO]: session 1: closing for peer mgmtd user i:1954-0-0 (0/0) 0 Nov 4 13:20:04 GigaVUE-HD wsmd[2078]: [wsmd.INFO]: Web session 8 closed Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]: [mgmtd.INFO]: EVENT: /mgmtd/session/events/logout Nov 4 13:20:04 GigaVUE-HD wsmd[2078]: [wsmd.INFO]: Recording web logout of user admin on device /dev/web/8 Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]: [mgmtd.INFO]: Calling internal interest callback for event /mgmtd/session/events/logout Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]: [mgmtd.INFO]: Calling internal interest callback for event /mgmtd/session/events/logout Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]: [mgmtd.NOTICE]: User admin: logout from 127.0.0.1 through trusted ugwc.8 channel. Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]: [mgmtd.INFO]: session 36: closing for peer wsmd.82078 user admin (0/0) 1 Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]: [mgmtd.INFO]: EVENT: /mgmtd/session/events/logout Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]: [mgmtd.INFO]: Calling internal interest callback for event /mgmtd/session/events/logout Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]: [mgmtd.INFO]: Calling internal interest callback for event /mgmtd/session/events/logout Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]: [mgmtd.NOTICE]: User admin: logout from

21 | P a g e

192.168.1.99 through trusted web channel. Nov 4 13:20:08 GigaVUE-HD gsd[2079]: [gsd.INFO]: gsd_mon_handle_get(), gsd_mgmt.c:422: bname: /gv/internal/state/liveness/gsd Local console login: Oct 29 02:50:25 GigaVUE-HD mgmtd[2115]: [mgmtd.NOTICE]: User admin (local user admin) authentication method: local Oct 29 02:50:25 GigaVUE-HD mgmtd[2115]: [mgmtd.NOTICE]: User admin: login from local through trusted cli channel. GUI login: Oct 29 04:59:16 GigaVUE-HD tornado.login: [INFO]: user admin attempting login from 192.168.1.241 Oct 29 04:59:16 GigaVUE-HD wsmd[2237]: [wsmd.INFO]: Web session 13 created Oct 29 04:59:16 GigaVUE-HD wsmd[2237]: [wsmd.INFO]: Recording web login of user admin on device /dev/web/13

FIA_UIA_EX T.1

All use of the identificatio n and authenticati on mechanism.

Oct 29 04:59:17 GigaVUE-HD mgmtd[2115]: [mgmtd.INFO]: Opened session: 73 Provided user identity, origin of the attempt (e.g., IP address).

Oct 29 04:59:17 GigaVUE-HD mgmtd[2115]: [mgmtd.INFO]: session 73: opened for client wsmd.13-2237 user admin (0/0) 1 Oct 29 04:59:17 GigaVUE-HD wsmd[2237]: [wsmd.INFO]: session 1: client open for peer mgmtd (local name wsmd.13-2237) Oct 29 04:59:17 GigaVUE-HD mgmtd[2115]: [mgmtd.INFO]: TRUSTED_AUTH_INFO (user admin/admin): validated OK LDAP GUI login: Oct 29 05:06:04 GigaVUE-HD tornado.login: [INFO]: user testUser1 attempting login from 192.168.1.241 Oct 29 05:06:09 GigaVUE-HD wsmd[2237]: [wsmd.INFO]: Web session 14 created Oct 29 05:06:09 GigaVUE-HD wsmd[2237]: [wsmd.INFO]: Recording web login of user admin on device /dev/web/14 Oct 29 05:06:09 GigaVUE-HD mgmtd[2115]: [mgmtd.INFO]: Opened session: 75

22 | P a g e

Oct 29 05:06:09 GigaVUE-HD mgmtd[2115]: [mgmtd.INFO]: session 75: opened for client wsmd.14-2237 user testUser1 (0/0) 1 Oct 29 05:06:09 GigaVUE-HD wsmd[2237]: [wsmd.NOTICE]: User testUser1 local user admin (System Administrator) logged into Web UI from 192.168.1.241 Oct 29 05:06:09 GigaVUE-HD mgmtd[2115]: [mgmtd.INFO]: TRUSTED_AUTH_INFO (user testUser1/admin): validated OK Oct 29 05:06:09 GigaVUE-HD ugwd[2247]: [ugwd.INFO]: remote user id: testUser1, local user id: admin Oct 29 05:06:09 GigaVUE-HD mgmtd[2115]: [mgmtd.NOTICE]: User testUser1 (local user admin) authentication method: ldap SSH login using public key: Jan 27 12:57:39 GigamonHD4 sshd[18546]: Connection from 192.168.1.99 port 46556 Jan 27 12:57:41 GigamonHD4 sshd[18546]: Found matching RSA key: de:2c:f2:4b:e6:f7:37:5e:41:18:96:c3:51:27:59:5a:09:3 c:47:c9 [SHA-1] Jan 27 12:57:41 GigamonHD4 sshd[18546]: Postponed publickey for cctl from 192.168.1.99 port 46556 ssh2 [preauth] Jan 27 12:57:41 GigamonHD4 sshd[18546]: Found matching RSA key: de:2c:f2:4b:e6:f7:37:5e:41:18:96:c3:51:27:59:5a:09:3 c:47:c9 [SHA-1] Jan 27 12:57:41 GigamonHD4 sshd[18546]: Accepted publickey for cctl from 192.168.1.99 port 46556 ssh2 Jan 27 12:57:41 GigamonHD4 sshd[18546]: User cctl logged in via ssh2 from 192.168.1.99 SSH login using password: Oct 29 02:58:04 GigaVUE-HD sshd[3477]: Connection from 192.168.1.241 port 59394 Oct 29 02:58:11 GigaVUE-HD sshd[3477]: Accepted keyboard-interactive/pam for admin from 192.168.1.241 port 59394 ssh2 Oct 29 02:58:11 GigaVUE-HD sshd[3477]: User

23 | P a g e

admin (System Administrator) logged in via ssh2 from 192.168.1.241

FIA_UAU_E XT.2

All use of the authenticati on mechanism.

Origin of the attempt (e.g., IP address).

See FIA_UIA_EXT.1

CLI Changes to time: Nov 4 13:43:10 GigaVUE-HD cli[4166]: [cli.INFO]: user admin: Executing command: show clock Nov 4 13:43:14 GigaVUE-HD cli[3985]: [cli.INFO]: user admin: Executing command: show log Nov 4 13:43:36 GigaVUE-HD cli[4166]: [cli.INFO]: user admin: Getting command line help: "clock set 13:44:00 ?" Nov 4 13:43:41 GigaVUE-HD cli[4166]: [cli.INFO]: user admin: Executing command: clock set 13:44:00 2015/11/04 Nov 4 13:43:41 GigaVUE-HD mgmtd[1954]: [mgmtd.INFO]: Action ID 27: requested by: user admin (System Administrator) via CLI

FPT_STM.1

Changes to the time.

The old and new values for the time. Origin of the attempt (e.g., IP address).

Nov 4 13:43:41 GigaVUE-HD mgmtd[1954]: [mgmtd.INFO]: Action ID 27: descr: system clock: set date and time Nov 4 13:43:41 GigaVUE-HD mgmtd[1954]: [mgmtd.INFO]: Action ID 27: param: date and time: 2015/11/04 13:44:00 Nov 4 13:44:00 GigaVUE-HD pm[1953]: [pm.INFO]: Restarting process crond (Cron Daemon) from RUNNING state GUI changes to time: Jan 27 15:15:03 GigamonHD4 mgmtd[1944]: [mgmtd.INFO]: Action ID 51: descr: system clock: set date and time Jan 27 15:15:03 GigamonHD4 mgmtd[1944]: [mgmtd.INFO]: Action ID 51: param: date and time: 2015/01/27 19:14:48 Jan 27 19:14:48 GigamonHD4 pm[1943]: [pm.INFO]: Restarting process crond (Cron Daemon) from RUNNING state Jan 27 19:14:48 GigamonHD4 pm[1943]: [pm.NOTICE]: Terminating process crond (Cron

24 | P a g e

Daemon) NTP changes to time: Nov 16 16:07:49 gigamon-20016a ntpd[3114]: synchronized to 10.224.0.13, stratum 1

FPT_TUD_E XT.1

Initiation of update.

No additional information

Nov 18 18:18:04 gigamon-20016a ntpd[3114]: time reset +180615.125342 s Initiation of update (CLI): Nov 2 12:27:53 GigaVUE-HD cli[2377]: [cli.INFO]: user admin: Executing command: image install hdccv2_2015-10-26.img install-boot Nov 2 12:27:53 GigaVUE-HD cli[2377]: [cli.INFO]: user admin: Tracking progress on operation ID cli2377-167 Nov 2 12:27:53 GigaVUE-HD mgmtd[1943]: [mgmtd.INFO]: Action ID 8: requested by: user admin (System Administrator) via CLI Nov 2 12:27:53 GigaVUE-HD mgmtd[1943]: [mgmtd.INFO]: Action ID 8: descr: install system software image Nov 2 12:27:53 GigaVUE-HD mgmtd[1943]: [mgmtd.INFO]: Action ID 8: param: image filename: hdccv2_2015-10-26.img, version: GigaVUE-OS 4.5.00hd_4402_bah #11264 2015-10-26 12:41:06 ppc gvcc2 build_master@jenkins-slave021:svn57106 Initiation of update (GUI): Oct 30 10:48:02 GigaVUE-HD ugwd[2085]: [ugwd.INFO]: :wsmd_user_id: admin, and wsmd_local_user_id :admin Oct 30 10:48:02 GigaVUE-HD mgmtd[1949]: [mgmtd.INFO]: Action ID 7: requested by: user admin (System Administrator) via ugwc-2085 Oct 30 10:48:02 GigaVUE-HD mgmtd[1949]: [mgmtd.INFO]: Action ID 7: descr: install system software image

FTA_SSL_EX T.1

25 | P a g e

Any attempts at unlocking

No additional information.

Oct 30 10:48:02 GigaVUE-HD mgmtd[1949]: [mgmtd.INFO]: Action ID 7: param: image filename: hdccv2_2015-10-26.img, version: GigaVUE-OS 4.5.00hd_4402_bah #11264 2015-10-26 12:41:06 ppc gvcc2 build_master@jenkins-slave021:svn57106 Session termination due to inactivity (local console):

of an interactive session. FTA_SSL.3

FTA_SSL.4

The termination of a remote session by the session locking mechanism.

The termination of an interactive session.

Oct 28 20:00:42 GigaVUE-HD cli[10349]: [cli.NOTICE]: user admin: Inactive for 3 minutes -automatically logging out No additional information.

Session termination due to inactivity (remote CLI): Oct 28 18:32:51 GigaVUE-HD cli[8386]: [cli.NOTICE]: user admin: Inactive for 3 minutes -automatically logging out Session termination due to inactivity (remote WebGUI):

No additional information.

Oct 28 19:20:33 GigaVUE-HD wsmd[2237]: [wsmd.INFO]: Web session 21 timed out due to inactivity Manual session termination by admin (local console): Oct 29 11:10:22 GigaVUE-HD cli[29757]: [cli.INFO]: user admin: Executing command: exit Oct 29 11:10:22 GigaVUE-HD mgmtd[2115]: [mgmtd.NOTICE]: User admin: logout from local through trusted cli channel. Oct 29 11:10:22 GigaVUE-HD cli[29757]: [cli.INFO]: user admin: session 1: closing, but already closed Oct 29 11:10:22 GigaVUE-HD cli[29757]: [cli.NOTICE]: user admin: CLI exiting Oct 29 11:10:22 GigaVUE-HD login: pam_unix(login:session): session closed for user admin Manual session termination by admin (remote CLI): Oct 29 11:13:20 GigaVUE-HD cli[29837]: [cli.INFO]: user admin: Executing command: exi Oct 29 11:13:20 GigaVUE-HD mgmtd[2115]: [mgmtd.NOTICE]: User admin: logout from 192.168.1.241 through trusted cli channel. Oct 29 11:13:20 GigaVUE-HD cli[29837]: [cli.INFO]: user admin: session 1: closing, but already closed Oct 29 11:13:20 GigaVUE-HD cli[29837]: [cli.NOTICE]: user admin: CLI exiting Oct 29 11:13:20 GigaVUE-HD sshd[29832]: Connection closed by 192.168.1.241

26 | P a g e

Oct 29 11:13:20 GigaVUE-HD sshd[29832]: pam_unix(sshd:session): session closed for user admin Oct 29 11:13:20 GigaVUE-HD sshd[29832]: Transferred: sent 3408, received 3056 bytes Oct 29 11:13:20 GigaVUE-HD sshd[29832]: Closing connection to 192.168.1.241 port 50844 Manual session termination by admin (remote WebGUI): Oct 29 11:17:47 GigaVUE-HD ugwd[2247]: [ugwd.INFO]: ugwd_release_session_ptr: sessions IKklQOWsG3GsGsAHUT7LronYyFy54sZej6VCAhc ZgCYCABs= count 0 logout 1 Oct 29 11:17:47 GigaVUE-HD ugwd[2247]: [ugwd.INFO]: session 1: closing for peer mgmtd user i:2115-0-0 (0/0) 0 Oct 29 11:17:47 GigaVUE-HD mgmtd[2115]: [mgmtd.INFO]: session 129: closing for peer ugwc.26-2247 user admin (0/0) 1 Oct 29 11:17:47 GigaVUE-HD wsmd[2237]: [wsmd.NOTICE]: User admin (System Administrator) from 192.168.1.241 logged out of Web UI Oct 29 11:17:47 GigaVUE-HD wsmd[2237]: [wsmd.INFO]: session 1: closing for peer mgmtd user i:2115-0-0 (0/0) 0

FTP_ITC.1

Initiation of the trusted channel. Termination of the trusted channel. Failure of the trusted channel functions.

Identification of the initiator and target of failed trusted channels establishment attempt.

Oct 29 11:17:47 GigaVUE-HD wsmd[2237]: [wsmd.INFO]: Web session 27 closed Initiation & termination of the trusted channel (HTTPS update web server): Nov 2 12:27:06 GigaVUE-HD cli[2377]: [cli.INFO]: user admin: Executing command: image fetch https://chris.cctl.com/4.4.03/hdccv2_2015-10-26.img Nov 2 12:27:06 GigaVUE-HD cli[2377]: [cli.INFO]: user admin: Tracking progress on operation ID cli2377-62 Nov 2 12:27:06 GigaVUE-HD mgmtd[1943]: [mgmtd.INFO]: Action ID 7: requested by: user admin (System Administrator) via CLI Nov 2 12:27:06 GigaVUE-HD mgmtd[1943]: [mgmtd.INFO]: Action ID 7: descr: download file Nov 2 12:27:30 GigaVUE-HD progress[2401]:

27 | P a g e

[progress.INFO]: session 1: closing, but already closed Nov 2 12:27:30 GigaVUE-HD progress[2401]: [progress.INFO]: Progress wrapper exiting Nov 2 12:27:30 GigaVUE-HD mgmtd[1943]: [mgmtd.INFO]: Download of /var/opt/tms/images/.temp/hdccv2_2015-10-26.img complete, now 0 downloads active Nov 2 12:27:30 GigaVUE-HD mgmtd[1943]: [mgmtd.INFO]: Action ID 7: status: completed with success Failure of the trusted channel functions (HTTPS update web server): Nov 5 17:57:22 GigaVUE-HD cli[2441]: [cli.INFO]: user admin: Executing command: image fetch https://chris.cctl.com/4.4.03/hb1_2015-10-26.img Nov 5 17:57:22 GigaVUE-HD mgmtd[1957]: [mgmtd.INFO]: Download of /var/opt/tms/images/.temp/hb1_2015-10-26.img complete, now 0 downloads active Nov 5 17:57:22 GigaVUE-HD mgmtd[1957]: [mgmtd.ERR]: Set commit return status: code 0x1, message: SSL certificate verification failed. Nov 5 17:57:22 GigaVUE-HD mgmtd[1957]: [mgmtd.INFO]: Action ID 18: status: completed with failure Initiation of the trusted channel (Remote syslog via SSH): Nov 5 18:14:25 GigaVUE-HD mgmtd[1957]: [mgmtd.INFO]: md_syslog_create_ssh: Creating ssh connection to [email protected]:6514 from local port 61001 Nov 5 18:14:25 GigaVUE-HD mgmtd[4267]: [mgmtd.NOTICE]: Respawning ssh process to [email protected]:6514 from localhost:61001 Nov 5 18:14:25 GigaVUE-HD mgmtd[1957]: [mgmtd.INFO]: md_syslog_create_netcat: Creating netcat for 192.168.1.51:61001 through /tmp/fifo192.168.1.51 Nov 5 18:14:31 GigaVUE-HD mgmtd[1957]: [mgmtd.INFO]: md_syslog_create_fifo: Fifofile /tmp/fifo-192.168.1.51 exist, no need to recreate.

28 | P a g e

Nov 5 18:14:31 GigaVUE-HD mgmtd[1957]: [mgmtd.INFO]: md_syslog_create_ssh: Creating ssh connection to [email protected]:6514 from local port 61001 Nov 5 18:14:31 GigaVUE-HD mgmtd[4281]: [mgmtd.NOTICE]: Respawning ssh process to [email protected]:6514 from localhost:61001 Nov 5 18:14:31 GigaVUE-HD mgmtd[1957]: [mgmtd.INFO]: md_syslog_create_netcat: Creating netcat for 192.168.1.51:61001 through /tmp/fifo192.168.1.51 Termination of the trusted channel (Remote syslog via SSH): Nov 5 18:25:27 GigaVUE-HD mgmtd[1957]: [mgmtd.INFO]: Config change ID 33: requested by: user admin (System Administrator) via CLI, 6 item(s) changed Nov 5 18:25:27 GigaVUE-HD mgmtd[1957]: [mgmtd.INFO]: Config change ID 33: item 1: syslog: remote sink 192.168.1.51 deleted Nov 5 18:25:27 GigaVUE-HD mgmtd[1957]: [mgmtd.INFO]: Config change ID 33: item 2: syslog: remote sink 192.168.1.51: minimum log severity was "info" before deletion Nov 5 18:25:27 GigaVUE-HD mgmtd[1957]: [mgmtd.INFO]: Config change ID 33: item 3: syslog: remote sink 192.168.1.51: per-facility override was enabled before deletion Nov 5 18:25:27 GigaVUE-HD mgmtd[1957]: [mgmtd.INFO]: Config change ID 33: item 4: syslog: remote sink 192.168.1.51: TCP forwarding port was 6514 before deletion Nov 5 18:25:27 GigaVUE-HD mgmtd[1957]: [mgmtd.INFO]: Config change ID 33: item 5: syslog: remote sink 192.168.1.51: SSH enabled was enabled before deletion Nov 5 18:25:27 GigaVUE-HD mgmtd[1957]: [mgmtd.INFO]: Config change ID 33: item 6: syslog: remote sink 192.168.1.51: SSH username was "cctl" before deletion Failure of the trusted channel (Remote syslog via SSH):

29 | P a g e

Jan 29 14:40:48 GigamonHD4 mgmtd[2109]: [mgmtd.INFO]: md_syslog_create_ssh: Creating ssh connection to [email protected]:6514 from local port 61001 Jan 29 14:40:49 GigamonHD4 mgmtd[5500]: [mgmtd.ERR]: SSH connection to [email protected]:6514 failed Jan 29 14:40:49 GigamonHD4 pm[2108]: [pm.NOTICE]: Output from mgmtd (Management Daemon) (pid 2109): [mgmtd.ERR]: SSH connection to 61001 failed Jan 29 14:40:49 GigamonHD4 mgmtd[2109]: [mgmtd.INFO]: md_syslog_create_ssh: Running /opt/tms/bin/gv_syslog_ssh.sh 61001 192.168.1.51 cctl 6514 Jan 29 14:40:49 GigamonHD4 mgmtd[2109]: [mgmtd.INFO]: md_syslog_create_netcat: Creating netcat for 192.168.1.51:61001 through /tmp/fifo192.168.1.51 Initiation of the trusted channel (LDAP authentication server): Jan 27 20:20:53 GigamonHD4 sshd[24229]: pam_ldap: session established to LDAP server tacacs.cctl.com:389: Termination of the trusted channel (LDAP authentication server): Jan 29 15:14:24 GigamonHD4 sshd[6462]: pam_ldap: connection closed to LDAP admin@server tacacs.cctl.com:389: Failure of the trusted channel (LDAP authentication server): Nov 6 11:01:39 GigaVUE-HD tornado.login: [INFO]: user testUser1 attempting login from 192.168.1.99

FTP_TRP.1

30 | P a g e

Initiation of the trusted channel. Termination of the trusted channel. Failures of the trusted path

Identification of the claimed user identity.

Nov 6 11:01:39 GigaVUE-HD wsmd[2069]: pam_ldap: ldap_starttls_s: server tacacs.cctl.com:389: Connect error: certificate verify failed Initiation & termination of the trusted path (SSH): Nov 5 17:59:31 GigaVUE-HD sshd[3870]: Connection from 192.168.1.99 port 7274 Nov 5 17:59:34 GigaVUE-HD sshd[3870]: Postponed keyboard-interactive for admin from 192.168.1.99 port 7274 ssh2 [preauth] Nov 5 17:59:36 GigaVUE-HD sshd[3870]: Postponed keyboard-interactive/pam for admin from

functions.

192.168.1.99 port 7274 ssh2 [preauth] Nov 5 17:59:36 GigaVUE-HD sshd[3870]: Accepted keyboard-interactive/pam for admin from 192.168.1.99 port 7274 ssh2 Nov 5 17:59:36 GigaVUE-HD sshd[3870]: User admin (System Administrator) logged in via ssh2 from 192.168.1.99 Nov 5 17:59:39 GigaVUE-HD sshd[3870]: Connection closed by 192.168.1.99 Nov 5 17:59:39 GigaVUE-HD sshd[3870]: pam_unix(sshd:session): session closed for user admin Nov 5 17:59:39 GigaVUE-HD sshd[3870]: Transferred: sent 1920, received 2096 bytes Nov 5 17:59:39 GigaVUE-HD sshd[3870]: Closing connection to 192.168.1.99 port 7274 Failure of the trusted path functions (SSH): Nov 4 14:07:44 GigaVUE-HD sshd[4691]: Connection from 192.168.1.99 port 55592 Nov 4 14:07:44 GigaVUE-HD sshd[4691]: fatal: Unable to negotiate a key exchange method [preauth] Nov 4 14:08:28 GigaVUE-HD sshd[4714]: Connection from 192.168.1.99 port 55619 Nov 4 14:08:28 GigaVUE-HD sshd[4714]: fatal: no matching mac found: client hmac-md5 server hmacsha1,hmac-sha2-256,hmac-sha2-512 [preauth] Nov 4 14:09:06 GigaVUE-HD sshd[4737]: Connection from 192.168.1.99 port 55648 Nov 4 14:09:06 GigaVUE-HD sshd[4737]: fatal: no matching cipher found: client 3des-cbc server aes128cbc,aes256-cbc [preauth] Initiation & termination of the trusted channel (HTTPS WebGUI): Nov 5 18:02:23 GigaVUE-HD mgmtd[1957]: [mgmtd.NOTICE]: User admin: login from 192.168.1.99 through trusted web channel. Nov 5 18:02:28 GigaVUE-HD mgmtd[1957]: [mgmtd.NOTICE]: User admin: logout from 192.168.1.99 through trusted web channel.

31 | P a g e

Failure of the trusted path functions (HTTPS WebGUI): Jan 27 17:05:12 GigamonHD4 httpd[20125]: [Wed Jan 27 17:05:12 2016] [error] [client 192.168.1.99] (70014)End of file found: SSL handshake interrupted by system Table 8-1: NDPP Auditable Events

The right most column in Table 8-1 provides examples for each audit event for which the TOE needs to produce a record. The following is one example of an audit record to describe the contents of the record: Oct 29 01:22:24 GigaVUE-HD mgmtd[2115]: [mgmtd.NOTICE]: User cctl: login from 192.168.1.241 through trusted CLI channel. The following are the fields for this audit record:     

Oct 29 01:22:24 = This is the date and time the event occurred GigaVUE-HD = This is the GigaVUE model that recorded the event mgmtd[2115]: [mgmtd.NOTICE]: = This is the management channel for the event User cctl: = This is the subject identity; which for this case is the username of the user that caused the event login from 192.168.1.241 through trusted CLI channel. = This is a message that indicates the type of event as well as identifies the IP address of the remote system connecting to the TOE.

8.1 Audit Storage The TOE generates audit records which are stored locally or on a configured Syslog Server. Once the Syslog Server is configured audit records are stored both locally and also sent immediately to the Syslog Server over an SSH encrypted channel. The following sections show how to create an SSH RSA key and configure the Syslog Server. If the connection is interrupted during a log transfer, the TOE will automatically continue the secure log transfer over SSH once the connection is re-established.

8.1.1 Assigning a Public-Key to the Syslog Server and Enable SSH (CLI) In order for the communications between the TOE and the Syslog Server to be encrypted by SSH, an RSA key must be generated on the TOE, which acts as the SSH client, and copied over to the Syslog Server which acts as the SSH server. This is achieved by the following steps. 1. Create the RSA key on the TOE using the command: enable config terminal ssh client user identity rsa2 generate show ssh client

2. Copy the RSA public key to the Syslog Server and insert it into the “~/ssh/authorized_keys” file.

32 | P a g e

8.1.2 Configuring the Syslog Server (CLI) The “logging” command is used to configure the Syslog Server. For more information on the “logging” command, refer to the ‘logging’ Section in document [1] between pages 777 and 780. The configuration must be performed by an Admin user via the CLI and the following commands must be used in the evaluated configuration of the TOE for connecting to a Syslog Server. enable config terminal logging < SYSLOG_SERVER_IP_ADDRESS > tcp ssh username logging trap info

9 Communications Protocols and Services In the evaluated configuration, the SSH2 protocol was tested for remote administration and secure transfer of audit data to the Syslog Server. TLS/HTTPS was also tested in the evaluated configuration to secure the WebGUI, update server and LDAP server (TLS only) trusted channels The Telnet protocol is excluded from the evaluated configuration of the GigaVUE product because it does not provide security for data in transit. The product supports numerous communications protocols that were not evaluated as part of the Common Criteria evaluation because they provide functionality that is not assessed by the Protection Profile. These protocols are facilitated by processes on the GigaVUE device that support their implementation and include the following:                     

ARP CDP DHCP DHCPv6 FTP GRE GTP HTTP IGMP ICMP ISL IPv4 IPv6 LLDP MPLS NTP PDP RADIUS RSVP SCP SFTP

33 | P a g e

       

SNMP SSL TACACS+ TCP Telnet TFTP TLS UDP

Information about the configuration and usage of these protocols can be found in the standard Gigamon documentation for the product as specified in Section 4 of this document.

10 Modes of Operation The TOE has two modes of operation, these modes are as follows: Booting – While booting, the GigaVUE does not allow access to the administrator interfaces or process network traffic until the software image and configuration have loaded. During this mode of operation the TOE’s Power-on self-tests (POST) are performed. As long as there are no errors during the POST, this mode of operation automatically progresses to the Normal mode of operation. Normal – The GigaVUE software image and configuration are loaded and the GigaVUE is operating as configured. It should be noted that all levels of administrative access occur in this mode and that all GigaVUE based security functions are operating. The POST includes self-tests for the cryptographic module’s operations, an integrity check of the configuration database, and a hardware inspection for anomalies. If there is a self-test failure during the POST, then the TOE will display error messages providing information regarding the self-test that failed via the serial console. If any of the POST self-tests fail, the following actions should be taken:  

Restart the TOE to perform POST again and determine if normal operation can be resumed If the problem persists, refer to Section 11 to contact Gigamon

11 Obtaining Technical Assistance Gigamon offers technical assistance through their website: www.gigamon.com under the heading “Support and Services”. There is a specific customer support portal with website: https://gigamoncp.force.com/gigamoncp/ where customers can login with a username and password. Support in North American can be contacted using the telephone number: +1 855-430-0813 (Toll Free). In addition the support team can be contacted by email at: [email protected] Other support contact information can be found at: https://www.gigamon.com/support-andservices/contact-support

34 | P a g e