haltdos mitigation platform - common criteria · 17/09/2018 · april 10, 2017 1.0 anshul saxena...
Post on 16-Aug-2020
3 Views
Preview:
TRANSCRIPT
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 1 of 91
HaltDosMitigationPlatform
Version1.1
SecurityTarget
Version1.4
September17,2018
PreparedFor
Haltdos.comPrivateLimitedE–52,Sector-3,
NOIDA,UP,India–201301Ph:0120-4545911Fax:0120-4243669
www.haltdos.com
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 2 of 91
RevisionHistory
Date Version Author DescriptionApril10,2017 1.0 AnshulSaxena FirstDraftJan03,2017 1.1 AnshulSaxena SecondDraftasper
recommendationsApril25,2018 1.2 AnshulSaxena Thirddraftasper
recommendationJune22,2018 1.3 AnshulSaxena Fourthdraftasper
recommendationSeptember17,2018 1.4 AnshulSaxena Finaldraft
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 3 of 91
TableofContents1SecurityTargetIntroduction 9
1.1SecurityTargetReference 9
1.2TOEReference 9
1.3TOEOverview 9
1.3.1TOEType 10
1.3.2TOEBuildNumber 10
1.3.2.1IdentificationMethod: 10
1.3.2.2PlatformVersioning: 11
1.4TOEDescription 11
1.4.1Acronyms 11
1.4.2Description 12
1.4.2.1TOEDependencies 14
1.4.3UserDescription 15
1.4.4UserInterfaces 16
1.4.4.1WebbasedUserInterface(GUI) 16
1.4.4.2CommandLineInterface(CLI) 17
1.4.5TOEDataDescription 18
1.4.6ProductGuidance 18
1.4.7BusinessViewoftheTOE 18
1.4.8PhysicalScopeoftheTOE 19
1.4.8.1IncludedintheTOE: 20
1.4.8.2ExcludedfromtheTOE: 20
1.4.9LogicalScopeoftheTOE 20
1.4.10EnvironmentoftheTOE 22
1.4.11DeliveryMethod 22
2ConformanceClaims 23
2.1CommonCriteriaConformance 23
2.2ProtectionProfileClaim 23
2.3PackageClaim 23
3SecurityProblemDefinition 24
3.1Threats 24
3.2Assumptions 24
3.3OrganizationalSecurityPolicies 25
4SecurityObjectives 26
4.1SecurityObjectivesfortheTOE 26
4.2SecurityObjectivesfortheOperationalEnvironment 26
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 4 of 91
4.3SecurityObjectivesRationale 27
5ExtendedComponentsDefinition 32
5.1DDoS_DEF_EXT.1DDoSDefence 32
5.1.1Class:DDoS:DistributedDenialofService 32
5.1.2Family:DDoSDefence(DDoS_DEF) 32
5.1.2.1FamilyBehaviour 32
5.1.2.2Componentlevelling 32
5.1.2.3Management 32
5.1.2.4Audit 33
5.1.3Definition 33
5.1.4Rationale 33
5.2DDoS_NOT_EXT.1Explicit:SecurityNotifications 34
5.2.1Class:DDoS:DistributedDenialofService 34
5.2.2Family:SecurityNotifications(DDoS_NOT) 34
5.2.2.1FamilyBehaviour 34
5.2.2.2Componentlevelling 34
5.2.2.3Management 34
5.2.2.4Audit 34
5.2.3Definition 34
5.2.4Rationale 36
5.3FIA_UAU_EXT.2Userauthenticationbeforeanyaction 36
5.3.1ClassFIA:Identificationandauthentication 36
5.3.2Family:Userauthentication(FIA_UAU) 36
5.3.2.1FamilyBehaviour 36
5.3.2.2Componentlevelling 36
5.3.2.3Management 36
5.3.2.4Audit 36
5.3.3Definition 37
5.3.4Rationale 37
6SecurityRequirements 38
6.1SecurityFunctionalRequirementsfortheTOE 38
6.1.1ClassFAU:SecurityAudit 40
6.1.1.1FAU_GEN.1AuditDataGeneration 40
6.1.1.2FAU_GEN.2UserIdentityAssociation 41
6.1.1.3FAU_SAR.1AuditReview 41
6.1.1.4FAU_SAR.3SelectableAuditReview 42
6.1.1.5FAU_STG.1Protectedaudittrailstorage 42
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 5 of 91
6.1.2ClassFIA:Identificationandauthentication 42
6.1.2.1FIA_ATD.1UserAttributeDefinition 42
6.1.2.2FIA_SOS.1VerificationofSecrets 43
6.1.2.3FIA_UAU.5MultipleAuthenticationMechanisms 43
6.1.2.4FIA_UAU_EXT.2UserAuthenticationBeforeanyAction 44
6.1.2.5FIA_UID.1TimingofIdentification 44
6.1.2.6FIA_UID.2UserIdentificationBeforeanyAction 44
6.1.3ClassFMT:SecurityManagement 45
6.1.3.1FMT_MTD.1ManagementofTSFdata 45
6.1.3.2FMT_SMF.1SpecificationofManagementFunctions 46
6.1.3.3FMT_SMR.1SecurityRoles 47
6.1.3.4FMT_MSA.1ManagementofSecurityAttributes 47
6.1.3.5FMT_MSA.3StaticAttributeInitialization 47
6.1.4ClassFPT:ProtectionofTSF 48
6.1.4.1FPT_FLS.1FailurewithPreservationofSecureState 48
6.1.4.2FPT_STM.1ReliableTimeStamps 48
6.1.5ClassDDoS:DistributedDenialofService 48
6.1.5.1DDoS_DEF_EXT.1DDoSDefence 48
6.1.5.2DDoS_NOT_EXT.1Explicit:SecurityNotifications 49
6.1.6ClassFTP:TrustedPath/Channels 50
6.1.6.1FTP_ITC.1Inter-TSFTrustedChannel 50
6.1.6.2FTP_TRP.1TrustedPath 50
6.1.7ClassFDP:UserDataProtection 50
6.1.7.1FDP_IFC.1SubsetInformationFlowControl 50
6.1.7.2FDP_IFF.1SimpleSecurityAttributes 51
6.1.7.3FDP_ITC.1ImportofUserDatawithoutSecurityAttributes 52
6.1.7.4FDP_ITT.1BasicInternetTransferProtection 52
6.1.8ClassFCS:CryptographicSupport 52
6.1.8.1FCS_COP.1CryptographicOperation(a) 52
6.1.8.2FCS_COP.1CryptographicOperation(b) 53
6.1.8.3FCS_COP.1CryptographicOperation(c) 53
6.2SecurityAssuranceRequirementsfortheTOE 53
6.2.1ADV_ARC.1SecurityArchitectureDescription 54
6.2.2ADV_FSP.2Security-enforcingfunctionalspecification 55
6.2.3ADV_TDS.1Basicdesign 55
6.2.4AGD_OPE.1Operationaluserguidance 56
6.2.5AGD_PRE.1Preparativeprocedures 57
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 6 of 91
6.2.6ALC_CMC.3Authorisationcontrols 57
6.2.7ALC_CMS.3ImplementationrepresentationCMcoverage 58
6.2.8ALC_DEL.1Deliveryprocedures 58
6.2.10ALC_DVS.1Identificationofsecuritymeasures 59
6.2.11ALC_LCD.1Developerdefinedlife-cyclemodel 59
6.2.12ASE_CCL.1Conformanceclaims 59
6.2.13ASE_ECD.1Extendedcomponentsdefinition 60
6.2.14ASE_INT.1STintroduction 61
6.2.15ASE_OBJ.2Securityobjectives 62
6.2.16ASE_REQ.2Derivedsecurityrequirements 62
6.2.17ASE_SPD.1Securityproblemdefinition 63
6.2.18ASE_TSS.1TOEsummaryspecification 64
6.2.19ATE_COV.1Evidenceofcoverage 64
6.2.20ATE_FUN.1Functionaltesting 64
6.2.21ATE_IND.2Independenttesting-sample 65
6.2.22AVA_VAN.2Vulnerabilityanalysis 65
6.3SecurityRequirementsRationale 65
6.3.1AssuranceRationale 65
6.3.2DependenciesSatisfactionRationale 66
6.3.3FunctionalRequirementsvsObjectivesSatisfactionRationale 67
7TOESummarySpecification 72
7.1SecurityAudit 73
7.1.1SA-1:AuditGeneration 73
7.1.2SA-2:AuditReview 73
7.1.3SA-3:AuditProtection 73
7.2ProtectionofTSF 74
7.2.1FPT-1:Failurewithpreservationofsecurestate 74
7.2.2FPT-2:ReliableTimeStamps 74
7.3IdentificationandAuthentication 75
7.3.1IA-1:UserAttributes 75
7.3.2IA-2:UserI&A 75
WARNING:Defaultusernameandpassword 76
7.4SecurityManagement 76
7.4.1SM-1:ManagementofTSFData 76
7.4.2SM-2:SpecificationofManagementFunctions 76
7.4.3SM-3:SecurityRoles 77
7.5TrustedCommunications 78
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 7 of 91
7.5.1TC-1:TrustedChannelforAuthentication 78
7.5.2TC-2:TrustedChannelforIPReputation,TorIP&SoftwareUpdates 78
7.5.3TC-3:TrustedPathforCLIAccess 78
7.5.4TC-4:TrustedPathforhdDeviceUI 78
7.6ResourceUtilization(DDoSProtection) 78
7.6.1DDoS-1:DDoSDetect 78
7.6.2DDoS-2AdditionalFilterControl 80
7.6.3DDoS-3Notification 83
8GlossaryofTerms 85
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 8 of 91
ListofTablesandFiguresTABLE1-1:PRODUCTSPECIFICACRONYMS................................................................................................................................................12TABLE1-2:CCSPECIFICACRONYMS............................................................................................................................................................12FIGURE1-1:OFF-LINEMODEDEPLOYMENT...............................................................................................................................................13FIGURE1-2:IN-LINEMODEDEPLOYMENT..................................................................................................................................................14TABLE1-3:HALTDOSAPPLIANCECOMMONFEATURES...........................................................................................................................14FIGURE1-3:BACKPANELOFTHEHALTDOSAPPLIANCEWITH1GCOPPERINTERFACES....................................................................15FIGURE1-4:PROTECTIONINTERFACES........................................................................................................................................................15TABLE1-4:PREDEFINEDUSERAUTHORITY...............................................................................................................................................16TABLE1-5:MENUBAROFHDDEVICEUI.....................................................................................................................................................17FIGURE1-5:OPTIONSFORCONNECTINGTOTHECLI................................................................................................................................17TABLE1-6:CONNECTIONOPTIONS...............................................................................................................................................................17TABLE1-7:TOEUSERGUIDANCEDOCUMENTS........................................................................................................................................18FIGURE1-6:TOEPHYSICALBOUNDARY.....................................................................................................................................................19FIGURE1-7:TOEENVIRONMENT.................................................................................................................................................................19TABLE3-1:TOETHREATS.............................................................................................................................................................................24TABLE3-2:ASSUMPTIONS..............................................................................................................................................................................25TABLE4-1:TOESECURITYOBJECTIVES......................................................................................................................................................26TABLE4-2:SECURITYOBJECTIVESFORTHEOPERATIONALENVIRONMENT.........................................................................................27TABLE4-3:MAPPINGOFTOESECURITYOBJECTIVESTOTHREATS/POLICIES....................................................................................27TABLE4-4:MAPPINGOFSECURITYOBJECTIVESFORTHEOPERATIONALENVIRONMENTTOTHREATS/POLICIES/ASSUMPTIONS
..................................................................................................................................................................................................................27TABLE4-5:ALLTHREATSTOSECURITYCOUNTERED...............................................................................................................................29TABLE4-6:ALLASSUMPTIONSUPHELD......................................................................................................................................................31TABLE5-1:EXTENDEDCOMPONENTS..........................................................................................................................................................32TABLE6-1:FUNCTIONALCOMPONENTS......................................................................................................................................................39TABLE6-2:FUNCTIONALCOMPONENTS......................................................................................................................................................40TABLE6-3:AUDITRECORDINFORMATION.................................................................................................................................................41TABLE6-4:TOEPASSWORDPOLICYRULES..............................................................................................................................................43TABLE6-5:MANAGEMENTOFTSFDATA...................................................................................................................................................46TABLE6-6:SECURITYNOTIFICATIONS.........................................................................................................................................................49TABLE6-7:EAL2ASSURANCECOMPONENTS............................................................................................................................................54TABLE6-8:TOEDEPENDENCIESSATISFIED..............................................................................................................................................67TABLE6-9:MAPPINGOFTOESFRSTOTOESECURITYOBJECTIVES....................................................................................................68TABLE6-10:ALLTOEOBJECTIVESMETBYSECURITYFUNCTIONALREQUIREMENTS.......................................................................71TABLE7-1:SECURITYFUNCTIONALREQUIREMENTSMAPPEDTOSECURITYFUNCTIONS..................................................................72TABLE7-2:AUDITSEARCHFIELDS...............................................................................................................................................................73TABLE7-4:AUTHENTICATIONSCENARIOEXAMPLES................................................................................................................................75TABLE7-6:ALERTTYPES...............................................................................................................................................................................84
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 9 of 91
1SecurityTargetIntroduction
1.1SecurityTargetReference
STTitle:
HaltDosMitigationPlatform
STVersion:
v1.4
STAuthor:
Haltdos.comPrivateLimited
STDate: September17,2018
1.2TOEReferenceTOE Identification: HaltDos Mitigation Platform version 1.1 comprising of hdInspector version 1.0,hdDeviceUIversion2.0,hdDetectionServiceversion1.0andhdCLIversion2.0.Refersection1.4.8.2forthelistofdependencies(hardware/software/firmware)neededbytheTOEbutexcludedfromevaluation.TOEVendor:Haltdos.comPrivateLimited
1.3TOEOverview The Target of Evaluation (TOE) is HaltDos Mitigation Platform version 1.1. It is a software solutioncomprisingofhdInspectorversion1.0,hdDeviceUIversion2.0,hdDetectionServiceversion1.0andhdCLIversion2.0.TheTOEcanbe installedonasingle, stand-aloneappliancetoprotect InternetProtocol (IP)networksfromthreatsagainstDistributedDenialofService(DDoS)attacks.TheTOEprovidesLayer3toLayer7DDoSdetectionandmitigation(filtering)capabilitythatminimizeapplicationdowntimeintheeventofaDDoSattack.TheapplianceinstalledwiththeTOEisusuallydeployedatingresspointsofanenterprise(beforeoraftertheingressrouter)todetect,block,andreportonvariouscategoriesofDDoSattacks.TheTOEcontinuouslymonitorsallincomingandoutgoingtrafficandcanautomaticallydetectandmitigatevarioustypesofDDoSattackstargetingonlineservices.FollowingisthelistofsecurityfeaturesoftheTOE:
• Auditdatageneration• Useridentityassociation• Auditreview• Selectableauditreview• Protectedaudittrailstorage• Userattributedefinition• Verificationofsecrets• Multipleauthenticationmechanism
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 10 of 91
• Userauthenticationbeforeanyaction• Useridentificationbeforeanyaction• ManagementofTSFdata• Specificationofmanagementfunctions• Securityroles• FailurewithPreservationofSecureState• ReliableTimeStamps• DDoSDefence• SecurityNotifications• Inter-TSFtrustedChannel• TrustedPath/Channel
Furtherdetailsaboutthesecurityrequirementsarementionedinsection6.Allthefeaturesmentionedaboveareunderevaluation.ThisSecurityTarget(ST)definestheInformationTechnology(IT)securityrequirementsfortheTOE.TheTOEisbeingevaluatedatassurancelevelEAL2+.Refer section 1.4.8.1 for the lists of the software components that describe the TOE and are underevaluation. Also refer to section 1.4.8.2 for the list of dependencies (hardware/software/firmware)neededbytheTOEbutareexcludedfromtheevaluation.
1.3.1TOEType
TheTOEisaDistributedDenialofService(DDoS)detectionandmitigationplatform.
1.3.2TOEBuildNumber
TheTOEhasthefollowingidentificationdetails:• BuildNumber:1.0-2.0-1.0-2.0• BuildDate:2018-04-20• VersionNumber:1.1
1.3.2.1 Identification Method: TheTOEusesthefollowingmechanismtouniquelyidentifyeachplatformversionreleaseanditsassociatedcomponents:
• ComponentVersioning:Each component (hdInspector, hdUI, hdCLI, hdDetectionService) has a version of its own.Wheneveracomponent ischangedandreadyforrelease, itsversion is incrementedby1.Forexample,ifhdCLIhasacurrentversionofv1.0,thenextversionreleasedwillbev2.0.
• BuildNumbering:Buildnumberhasthefollowingformat:<hdInspectorVersion>-<hdUIVersion>-<hdDetectionServiceVersion>-<hdCLIVersion>
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 11 of 91
1.3.2.2 Platform Versioning: TheTOEcanbeidentifiedbytheuniquereferenceprovidedastheplatformversion.VersionsoftheTOE(HaltDosMitigationPlatform)isclassifiedintothefollowingreleases:
• Major Releases: These are themajor updates of the platform provided by the developmentteam.Versionsv1.0,v2.0,v3.0andsoonareassignedtothemajorreleases.
• Minorreleases:Thesearetheminorupdateswithinamajorreleaseprovidedbythedevelopmentteam. Versionsv1.1,v1.2,v1.3andsoonareassignedtotheminorreleases,overall9minorreleasesareprovidedrangingfrom1to9i.e.v1.1tov1.9
• Developmentreleases:Thesearethedevelopmentupdateswithinaminorreleaseprovidedbythe development team. Versions v1.1101, v1.1102, v1.1103 and so on are assigned to thedevelopmentreleases.
1.4TOEDescription
1.4.1Acronyms
Table1-1andTable1-2defineproductspecificandCCspecificacronymsrespectively.
Acronym DefinitionAAA Authentication,Authorization,&AccountingAPI ApplicationProgrammingInterfaceCDN ContentDeliveryNetworkCIDR ClasslessInter-DomainRoutingCLI CommandLineInterfaceCSV CommaSeparatedValueDDoS DistributedDenialofServiceDNS DomainNameServerFCAP FlowCapturefingerprintexpressionlanguageFQDN FullyQualifiedDomainNameGUI GraphicalUserInterfaceHTTP HypertextTransferProtocolHTTPS HypertextTransferProtocolSecureICMP InternetControlMessageProtocolISP InternetServiceProviderLAN LocalAreaNetworkMSSP ManagedSecurityServiceProviderNIC NetworkInterfaceCardNTP NetworkTimeProtocolPPS PacketsPerSecondRDN RegisteredDomainNameRADIUS RemoteAuthenticationDial-inUserServiceforAuthentication,Authorizationand
AuditingSIP StandardInitiationProtocolSMTP SimpleMailTransportProtocol
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 12 of 91
SNMP SimpleNetworkManagementProtocolSSH SecureShellSSL SecureSocketLayerTCP/IP TransmissionControlProtocol/InternetProtocolTLS TransportSecurityLayerUDP UserDatagramProtocolUI UserInterfaceURL UniformResourceLocatorVoIP VoiceoverInternetProtocolVPN VirtualPrivateNetworkWAN WideAreaNetwork
TABLE0-1:PRODUCTSPECIFICACRONYMSAcronym DefinitionCC CommonCriteria[forITSecurityEvaluation]EAL EvaluationAssuranceLevelIT InformationTechnologyOSP OrganizationalSecurityPolicyPP ProtectionProfileSAR SecurityAssuranceRequirementSFP SecurityFunctionPolicySFR SecurityFunctionalRequirementST SecurityTargetTOE TargetofEvaluationTSC TSFScopeofControlTSF TOESecurityFunctionsTSFI TOESecurityFunctionsInterfaceTSP TOESecurityPolicy
TABLE1-2:CCSPECIFICACRONYMS
1.4.2Description
TheTargetofEvaluation(TOE)isHaltDosMitigationPlatformversion1.1comprisesofhdInspectorversion1.0,hdDeviceUIversion2.0,hdDetectionServiceversion1.0andhdCLIversion2.0.TheTOEsecuresdatacentrefromnetworkandapplicationlayer,distributeddenialofservice(DDoS)attacks.TheTOEcanbeinstalledonasingle,stand-aloneappliancethatcanbedeployedinanenterpriseITnetworktodetect,block,andreportonvariouscategoriesofDistributedDenialofService(DDoS)attacks.ItisrecommendedthattheappliancerunningtheTOEbehardwarebypasscapable.Thisensuresthattheenvironmentfactorssuchaspowerfailures,hardwarefailures,orsoftwarefailuresaffectingtheproperfunctioningoftheTOEwillresultinbypassingallnetworktrafficalbeitunmitigated.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 13 of 91
TheTOEisflexibletoruninmultipleoperationalmodes.Thefollowingoperationalmodesofdeploymentaresupported:
• In-lineMode§ Active:Withfilteringenabled(Activemode)§ Bypass:Withfilteringdisabled(Bypassmode)
• Off-lineModethroughspanportornetworktap,withfilteringdisabledInoff-linemode,theTOEmonitorstrafficfromaspanportornetworktap,whichcollectivelyarereferredtoasmonitorports.TherouterorswitchsendsthetrafficalongitsoriginalpathandalsomirrorstotheappliancerunningtheTOE.TheTOEanalysesthemirrortrafficanddetectspossibleDDoSattacks,andbutdoesnotperformanyDDoSmitigation.Only the traffic coming from external network (usually the internet) should be sent to the appliancerunningtheTOEontheEXT#interface.Thetrafficcomingfromprotectednetwork(usuallytheinternaltraffic)canoptionallybesenttotheINT#interfaces.TheTOEinoff-linemodeneverforwardstrafficfromEXT#portstoINT#portsorvice-versa.
Off-linemodeismostcommonlyusedintrialimplementations.Forexample,beforedeployingTheTOEinin-linemodeandallowingittoaffecttheenterprisenetworktraffic,itcanbedeployedinoff-linemodeforfinetuningaspertheenterpriseITnetwork.
FIGURE1-1:OFF-LINEMODEDEPLOYMENT
Inin-linemodedeployment,theappliancerunningtheTOEactsasaphysicalcablebetweentheexternalnetwork (usually the internet) and the protected network (usually internal network). In in-linedeploymentallofthetrafficbetweenexternalandprotectednetworkflowsthroughtheTOE.
During deployment an ethernet cable from the external network (an upstream router or the serviceprovider's equipment) is connected to an EXT# interface of the appliance running the TOE. Thecorresponding INT# interfaceon the sameappliance is connected to the equipment in theprotectednetwork(usuallyafirewallorarouteroraswitch).
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 14 of 91
WheninActivemode,theTOEanalysesthetraffic,detectsDDoSattacks(ifany),andappliesappropriatemitigations(trafficfiltering)beforeforwarding.WheninBypassmode,theTOEanalysesthetrafficbutonlydetectsDDoSattacks(ifany).Nomitigations(trafficfiltering)isperformedinBypassmode.
Bypassmodeofoperationgeneratesinformationthatcanbeusedtoset/customizetheTOEsettingsforaccurate attack detection and mitigation. When policy is ready for operational implementation inproductionenvironment,theadministratorcanchangetheprotectionmodeto“Active”.
FIGURE1-2:IN-LINEMODEDEPLOYMENT
1.4.2.1TOEDependencies
TheTOEisasoftwaresolutioncomprisingofvarioussoftwarecomponents(refersection1.2)thatcanbeinstalledonasinglestand-aloneappliance.TheTOErequiresalinuxoperatingsystemwithUbuntu16.04LTSastheofficiallysupportedoperatingsystem.MySQLv5.7databaseisusedasadatastorebytheTOEand Intel DPDK framework is used for receiving and sending packets. All the dependencies are opensourcesoftwareand(exceptforthelinuxoperatingsystem)alldependenciesaremanaged,maintainedandcompiledbythedeveloper.ThetablebelowpresentscommonenvironmentalconsiderationsfortheappliancerunningtheTOE:
PowerOptions 550W(1+1)RedundanthotplugPSUAC:100to127VAC,50to60Hz,6Amax200to240VAC,50to60Hz,3AmaxDC:-48to-60VDC,13AMax
Environment Temperature,operating:60ºto95ºF(0ºto35ºC)Humidity,operating:8%to90%Humidity,non-operating:95%,non-condensingattemperaturesof73ºto104ºF(23ºto40ºC)
PhysicalDimensions Chassis:1U/2UrackheightHeight:0.28cmWidth:48.2cm
MonitoringCompatibility Optional integrationwithmanagement consolessupportingSNMPv2orSNMPV3
TABLE1-3:HALTDOSAPPLIANCECOMMONFEATURES
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 15 of 91
FIGURE1-3:BACKPANELOFTHEHALTDOSAPPLIANCEWITH1GCOPPERINTERFACES
1 PowerSupply(ACmodule). 2 Serialport(optional)3 USB0andUSB1(1onthetop,0onthebottom) 4 USB2andUSB3(3onthetop,2onthebottom)5 Managementport,MGT(GbENIC1connector) 6 IPMIport(GbENIC1connector)
7 VGAporttoconnectmonitor. 8 Protectionports(1Gcopperisshown)1G.Theprotectionportsareconfiguredasportpairs.Eachpairconsistsofanexternal(EXT)portandaninternal(INT)port.
*MinimumconfigurationneededtoruntheTOE.Thefollowingdiagramsshowhowtheprotectionportsarenumberedforeachoftheavailableinterfaces:
FIGURE1-4:PROTECTIONINTERFACES
Thenetworkpathtobeprotectedisconnectedtoanytwolike-numberedinterfaces.The“EXT#”interfacealways connects to the external network, and the “INT#” interface always connects to the protectednetwork,asshowninFigure1-2:In-linemodeDeployment.
1.4.3UserDescription
UserauthoritiesprovidethemeanstoorganizetheTOEusersintodifferentlevelsofpermittedsystemaccess.Whenauseraccountiscreated,itmustbeassignedtoauserauthority.Theuseraccountinheritsthe access levels that are assigned to that authority. The TOE contains the followingpredefineduserauthorities.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 16 of 91
Authority AccessADMINISTRATOR Userswiththisauthorityhavefullreadandwriteaccess
onallpagesoftheWebGUI.NETWORK_ANALYST Userswiththisauthorityhavefullreadandwriteaccessonall
networkrelatedaspectsintheWebGUI.VISITOR Userswiththisauthorityhaveread-onlyaccesstomost
oftheWebGUIpagesandcaneditandupdatetheirownuseraccountsettings.Usersinthisgroupcannotchangeanyconfigurationsettings.
SECURITY_ANALYST UserswiththisauthorityhavefullreadandwriteaccessonallsecurityrelatedaspectsandhavereadonlyaccesstootherpagesinWebGUI.
SYSTEMADMINISTRATOR TheseareLinuxOSusersontheTOEappliancethathaveadministratorprivileges.TheseuserscanlogontotheapplianceviaSSHtorunsystemcommandsandaccesstheCLItomaintainandconfiguretheTOE.SomeoftheCLIcommandsmakeAPIcallstoWebGUI.Forsuchcommand,thisusermustalsobeADMINISTRATORonWebGUI
TABLE1-4:PREDEFINEDUSERAUTHORITY
Thisgroupingofusersintoauthoritiesthatrestricts/permitsTSFfunctionalityforanyuserisreferredinCommonCriteriaas“roles”.
1.4.4UserInterfaces
1.4.4.1WebbasedUserInterface(GUI) ThemainadministrativeinterfaceaftertheTOEhasbeeninstalledisawebbasedGUIthatisaccessedbyconnectingtotheIPaddressoftheMGTinterfaceoftheTOE.ThisisprovidedbyhdDeviceUIsoftwarethat iswritten in Javaand is capableof showingnetwork statistics via graphsanddashboards, trafficmonitoring,attackalarmnotifications,attacksummaries,realtimeandhistorictrafficdetails,audittrailandconfigurationmanagement.hdDeviceUIusesHTTPSprotocolforsecuresessionsovertheMGTinterface.ThisinterfaceisnotavailablethroughtheINT#orEXT#interfaces.ThefirsttimeGUIisaccessed,theusermustaccepttheSSLcertificatetocompletethesecureconnection.TheGUImenubarindicateswhichmenuisactiveandprovidestheabilitytonavigatetheGUImenusandpages. The menus that are available depend on the user authority to which the authorized user isassigned.Themenubarisdividedintothefollowingmenus:
Menu DescriptionHome DisplaysthekeypointsoftrafficmonitoredbytheTOEEvents DisplaystheinformationabouttherecenteventsthatoccurredintheTOEDashboard DisplaysinformationaboutthetrafficthattheTOEmonitorsandmitigates.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 17 of 91
Action Providesabilitytoview,configureandmanagesecuritysettingsoftheTOE.Alarms Providesabilitytoview,setalarmsfortrafficpassingthroughtheTOE.WebAnalytics ProvidestheabilitytoviewandconfigurerulesforWebAnalyticsdonebytheTOE.Report ProvidesthefunctionstoviewreportandstatisticsofthetrafficthattheTOE
monitors.Settings ProvidesthefunctionstoconfigureandmaintainsystemsettingsoftheTOEappliance.
TABLE1-5:MENUBAROFHDDEVICEUI 1.4.4.2CommandLineInterface(CLI)ThecommandlineinterfaceisprovidedthroughhdCLI.Itallowsauthenticatedusertoentercommandsontheterminal.Typically,theCLIisusedforinstallingandupgradingthesoftwareandcompletingtheinitialconfiguration.However,someadvancedfunctionscanonlybeconfiguredbyusingtheCLI.TheHaltDosCLIcanbeaccessedeitherdirectlyorremotely.ThefollowingfigureshowstheoptionsandportsthatcanbeusedtoconnecttotheapplianceinordertoaccesstheCLI.
FIGURE1-5:OPTIONSFORCONNECTINGTOTHECLI Thefollowingtabledescribestheconnectionsinthefigure:
Item Connection1 Serialportforconsoleaccessonserver2 USBportwithkeyboardandVGAconnectorwithmonitor(directconnection)3 ManagementportMGTwithSSH
TABLE1-6:CONNECTIONOPTIONSTheCLIfunctionalityislimitedto:
• Installingandreinstallingthesolution• RetrievingandUpdatingconfiguration• BackupandRestoration• Settinghardwarebypasssettings• Downloadingupdates• Generatingreports
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 18 of 91
1.4.5TOEDataDescription
TSFDataincludesinformationusedbytheTSFinmakingdecisions.Itincludesthesystemsparameterssetbyadministratorstoconfigurethesecurityof theTOEsecurityattributes,authenticationdataandtrafficcontrolattributes.ExamplesofTSFDataincludeadministrativerolesandauditloggingparameters.
UserDataincludestheDatacreatedbyexternalandinternalITentitiesthatdoesnotaffecttheoperationoftheTOE.UserDataisseparatefromtheTSFdata.TheinformationflowscreatedbyClientsandServersareexamplesofUserData.
1.4.6ProductGuidance
ThefollowingproductguidancedocumentsareprovidedwiththeTOE:ReferenceTitle IDHaltDosUserGuide [ADMIN]HaltDosReleaseNotes [RELEASE]
TABLE1-7:TOEUSERGUIDANCEDOCUMENTS
1.4.7BusinessViewoftheTOE
TheTOEisahighthroughput,highperformancesoftware-basedDDoSdetectionandmitigationplatformthatcanrunofqualifyinghardwareandcanstayupdatedwithevolvingtechnologyandthreatsthroughsoftwareupdateswithoutrequiringanyhardwarereplacements.Withitsmulti-layeredandmulti-vectorapproach,itcandefendagainstawiderangeofDDoSattackswithinsecondstoensurehighuptimeofprotectedonlineservicessuchaswebsiteandwebservices.
Ithasfollowingfeatures:
• Providesmulti-layeredsecurity(Layer3toLayer7)• Alwaysonprotectionwithrealtimemetricsandanalytics• Alertsonattack,attacksignature,customermisbehaviourandaudittrails
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 19 of 91
1.4.8PhysicalScopeoftheTOE
ThephysicalboundaryoftheTOEistheentireappliancerunningtheTOE.TheTOEwillbeevaluatedinthe“in-linemode”deploymentscenario.
FIGURE1-6:TOEPHYSICALBOUNDARY
FIGURE1-7:TOEENVIRONMENT
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 20 of 91
1.4.8.1IncludedintheTOE:
Thescopeoftheevaluationincludesthefollowingproductcomponentsand/orfunctionality(markedinyellowinFigure1-7):
TOEanditsuserinterfaces:
• HaltDosWebInterface(hdDeviceUI)• HaltDosCommandLineInterface(hdCLI)• HaltDosDetectionService(hdDetectionService)• HaltDosInspector(hdInspector)
TOEconfigurationconditionsforevaluation:
• In-lineMode• Defaultpasswordsmustbechangedduringinstallation.• UseofCLIsarescopedtothosefunctionsdescribedinSection1.4.4.2
1.4.8.2ExcludedfromtheTOE: ThefollowingassetsareincludedintheITEnvironmentandarenotpartoftheTOE:
• OptionalNTPServer(highlyrecommendedforenterprisetimesyncing)• OptionalSMTPServer(fornotifications)• OptionalRADIUSServer(forAAA)• OperatingSystem(Ubuntu16.04LTS)• Database(MySQLv5.7.17)• WebServer(ApacheTomcatv8.0)• IntelDPDKplatformv17.02• ApplianceonwhichtheTOEruns• Webbrowser(anditshostplatform)isnotincludedintheTOEboundary• ThenetworkassetscommunicatingonthenetworkprovingdataflowthroughtheTOE
Thefollowingfunctionalityisnotincludedinthescopeoftheevaluation:
• HaltDosProgrammableAPI
1.4.9LogicalScopeoftheTOE
TOEprovidesthefollowingsecurityfunctionality:
• SecurityAudit:TheTOE’sauditingcapabilitiesincluderecordinginformationaboutsystemprocessingandaccesstotheTOE.Subjectidentity(userloginname)andoutcomearerecordedforeacheventaudited.TheauditrecordsgeneratedbytheTOEareprotectedbytheTOE.TheaudittrailiscomprisedoftheTOEchangelogandthesyslog.Theauditrecordscanbeoffloadedforlongtermstorage.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 21 of 91
• IdentificationandAuthentication:Eachusermustbesuccessfullyidentifiedandauthenticatedwithausernameandpasswordbythe TSF. The TOE provides a password-based authentication mechanism to administrators.Accesstosecurityfunctionsanddataisprohibiteduntilauserisidentifiedandauthenticated.
• SecurityManagement:TheTOEallowsonlyauthorizeduserswithappropriateprivilegestoadministerandmanagetheTOE.OnlyauthorizedadministratorswithappropriateprivilegesmaymodifytheTSFdatarelatedto the TSF, security attributes, and authentication data. The TOE maintains 4 default roles(authorities):Administrator(Read,Write,&Executeall),Visitor(read-onlyaccessfromWebUI),Network analyst (Read,Write and Execute only network configurations) and Security Analyst(Read,WriteandExecuteonlysecurityconfigurations).ThereisalsoasystemadministratorwhoistheLinuxOSadministratoruser.OnlysystemadministratorcanoperatetheCLI.
• ResourceUtilization(DDoSProtection):TheTOEsitsattheperimeterofthenetwork,referredtoastheedge,toprotectInternetProtocol(IP)networksagainstDDoSattacksbysuccessfully identifyingandfilteringDDoSattacks,whileforwardinglegitimatetraffictothenetworkwithoutimpactingservice.TheTOEcanfunctioninin-lineactive (monitoringandfiltering), in-lineBypass (monitoringwithout filtering)oroff-linemodes. TheTOEprovides capabilities to filter trafficbymultiplemeans. Thesemeans includefilteringonWhitelist, Blacklist, Rate Limits,malformedHTTP, andTCPSYNRate configurationspecificationstonameafew.VisualalertsforWebGUIusersandalarmscanbeconfiguredtowarntherecipientofaneventoractionthathastakenplace.Theformatscantaketheformofanemailorsyslogmessage.
• ProtectionofTSF:TheTOEtransfersallpacketspassingthroughtheTOEonlyafterprocessingthetrafficbasedontrafficattributes.IfahardwarefailureoccursandtheTOEdoesnotrepairitself,theTOEforcesthe appliance to go into a hardware bypassmode. This shunts the “EXT#” and “INT#” ports,maintaining all traffic flow through the equipment. Thus, the DDoS filtering functionmay beunavailable,buttheflowoftrafficwillnotbeimpeded.ThecommunicationbetweentheremotemanagerandtheTOEareprotectedfromdisclosureandmodification.TheTOEprovidesreliabletimestampsonitsownorwiththesupportofanNTPServerintheITenvironment.TheTSFisprotected because the hardware, theOS and the application the logical access to the TOE iscontrolledbytheidentificationandauthenticationfunctionalityprovidedbytheTOE.
• TrustedChannel/Path:The TOE requires the establishment of HTTPS (SSL/TLS) connection from the remoteadministrator’sbrowser.TheTOEalsorequirestheestablishmentofSSHconnectioninordertoaccess the TOE remotely to use theCLI. The TOE communicateswith external authenticationmechanismsviatrustedchannel.TheTOEprovidesacommunicationchannelbetweenitselfandthe external authentication mechanisms that is logically distinct from other communicationchannelsandprovidesassuredidentificationofitsendpointsandprotectionofthechanneldatafrommodificationordisclosure.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 22 of 91
1.4.10EnvironmentoftheTOE
TOEisrunningonthetopoftheUbuntu16.04operatingsystem.Ithasfourcomponents–• hdDeviceUIisrunningontomcatserver.• hdDetectionServiceisrunningontomcatserver.• hdInspectorisrunningonIntelDPDKtointercepttrafficbetween#INTand#EXT.• hdCLItoaccesssystemfromremotesystemovertrustedpath(SSH).
ToaccessTOE,thefollowinginterfacesareexposed:
• INT#:NetworkinterfaceconnectingtheTOEwithinternalnetwork • EXT#:NetworkinterfaceconnectingWAN/RoutertotheTOE • MGT#:Networkinterfacethatisconfiguredforaccesstoorganization’ssecurityadministrator/
analyst. FollowingarethecomponentsoftheTOEenvironment:
• OptionalNTPServer(highlyrecommendedforenterprisetimesyncing)• OptionalSMTPServer(fornotifications)• OptionalRADIUSServer(forAAA)• OperatingSystem(Ubuntu16.04LTS)• Database(MySQLv5.7.17)• WebServer(ApacheTomcatv8.0)• IntelDPDKplatformv17.02• ApplianceonwhichtheTOEruns• Webbrowser(anditshostplatform)isnotincludedintheTOEboundary• ThenetworkassetscommunicatingonthenetworkprovingdataflowthroughtheTOE
1.4.11DeliveryMethod
Beforethecomponentsarescheduledfordelivery,theappliancealongwiththeplatformgoesthroughverification and acceptance testing at the developer premise. Once verification is completed, thehardwareisresetwithabareminimumsoftwareinstallationincluding:
• Ubuntu16.04operatingsystem• TOEinstallationscript
Theapplianceisthepackedinashippingboxandoncetheshipmentisdone,thefollowingaresharedwiththeenduserovertheregisteredemail:
• Shipmentdetails• PurchaseOrder• DeliveryChallan(containingtheserialno.andmodelno.)ofhardware• TheTOElicense• HardwareManualandUserGuidancedocuments
The delivered appliance can be identified by the unique identifier serial number assigned by thedevelopers.Followingistheformatusedforgeneratingtheserialnumber:Format:hd-<haltdos-model>-numberExample:hd-swift-01
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 23 of 91
2ConformanceClaims 2.1CommonCriteriaConformance
TheTOEisPart2extended,Part3conformant,andmeetstherequirementsofEvaluationAssuranceLevel(EAL)2+byaddingALC_CMC.3andALC_CMS.3fromtheCommonCriteriaVersion3.1R5.
ThisdocumentconformstotheCommonCriteria(CC)forInformationTechnology(IT)SecurityEvaluation,Version3.1,Revision5,datedApril2017.
2.2ProtectionProfileClaim
ThisSTdoesnotclaimconformancetoanyexistingProtectionProfile.
2.3PackageClaim
ThisSTclaimsconformancetotheassurancerequirementspackage:EvaluationAssuranceLevel(EAL)2+.
● hdInspectorclaimsconformancetotheassurancerequirementspackage:EvaluationAssuranceLevel(EAL)2.
● hdDeviceUIclaimsconformancetotheassurancerequirementspackage:EvaluationAssuranceLevel(EAL)2.
● hdDetectionService claims conformance to the assurance requirements package: EvaluationAssuranceLevel(EAL)2.
● hdCLIclaimsconformancetotheassurancerequirementspackage:EvaluationAssuranceLevel(EAL)2.
TheEvaluationAssuranceLevelisaugmentedtoEAL2+byaddingALC_CMC.3andALC_CMS.3fromtheCommonCriteriaVersion3.1R5.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 24 of 91
3SecurityProblemDefinition 3.1ThreatsTheTOEmustcounterthethreatstosecuritylistedinTable3-1.Theassumedlevelofexpertiseoftheattacker isunsophisticated,withaccesstoonlystandardequipmentandpublic informationabouttheproduct.
Item ThreatID ThreatDescription1 T.AUDIT Unauthorized attempts by users and external IT entities to access network
resources through the TOE, TOE data or TOE security functions may goundetectedbecausetheactionstheyconductarenotauditedorauditrecordsarenotreviewed,thusallowinganattackertoescapedetection.
2 T.DDoSATTACK An External IT Entity or group of External IT Entities may exhaust serviceresourcesoftheTOEorInternalITEntitiesbypassinginformationflowsthroughtheTOEbyDDoSattacksthusmakingtheresourcesunavailabletoitsintendedusers.
3 T.FAILURE AHardware,Softwareand/orPowerfailureoftheTOEmayinterrupttheflowoftrafficbetweennetworksthusmakingthemunavailable.
4 T.MANAGE AnunauthorizedpersonorunauthorizedITentitymaybeabletoview,modify,and/ordeleteTSFdataontheTOE
5 T.NOAUTH AnunauthorizedpersonmayattempttobypassthesecurityoftheTOEsoastoaccessandusesecurityfunctionsand/ornon-securityfunctionsprovidedbytheTOE.
6 T.PROCOM AnunauthorizedpersonorunauthorizedITentitymaybeabletoview,modify,and/or delete security related information that is sent between a remotelylocatedauthorizedadministratorandtheTOE.
TABLE3-1:TOETHREATS
3.2Assumptions TheassumptionsregardingthesecurityenvironmentandtheintendedusageoftheTOEarelistedinTable3-2.
Item AssumptionID AssumptionDescription1 A.BACKUP Administratorswillbackuptheauditfiles,configurationfilesandmonitordisk
usagetoensureauditinformationisnotlost.2 A.CONNECT TheTOEwillseparatethenetworkonwhichitisinstalledandoperatesinto
externalandinternalnetworks.InformationcannotflowbetweentheexternalandinternalnetworkswithoutpassingthroughtheTOEunlesstheTOEissetintobypassmode
3 A.NOEVIL TherewillbeoneormorecompetentindividualsassignedtomanagetheTOEandthesecurityoftheinformationitcontains.Theauthorizedadministratorsarenotcareless,wilfullynegligent,orhostile,andwillfollowandabidebytheinstructionsprovidedbytheTOEdocumentation.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 25 of 91
4 A.PHYSICAL TheTOEhardwareandsoftwarecriticaltosecuritypolicyenforcementwillbeprotected from unauthorized physical modification and the processingresourcesoftheTOEwillbelocatedwithincontrolledaccessfacilities,whichwillpreventunauthorizedphysicalaccess.
TABLE3-2:ASSUMPTIONS
3.3OrganizationalSecurityPolicies
TherearenoOrganizationalSecurityPoliciesdefinedfortheTOE.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 26 of 91
4SecurityObjectives 4.1SecurityObjectivesfortheTOE ThesecurityobjectivesfortheTOEarelistedinTable4-1.
Item ObjectiveID Description1 O.AUDIT The TOE must provide a means to record, store and review security
relevanteventsinauditrecordstotracetheresponsibilityofallactionsregardingsecurity.
2 O.DDoSALERT TheTOEwill provide the capability to alert administratorswhenDDoSattacks are detected and other customizable events, conditions, andsystemerrors.
3 O.DDoSMITIGATE The TOE must limit resource usage to an acceptable level (stoplegitimate/illegitimate clients fromoverusing resources and stopDDoSattacks).TheTOEmustbeabletoserveasaratebasedcontrollerandpolicebothmalicioususerswhoattempttofloodthenetworkwithDDoSattacks,andauthorizeduserswhomayoveruseresources.
4 O.FAILSAFE ThefailureoftheTOEmustnotinterrupttheflowoftrafficthroughtheTOEbetweennetworks.
5 O.IDAUTH TheTOEmustuniquelyidentifyandauthenticatetheclaimedidentityofalladministrativeusers,beforegrantinganadministrativeuseraccesstoTOEfunctions.
6 O.MANAGE TheTOEwillprovideallthefunctionsandfacilitiesnecessarytosupporttheadministratorsintheirmanagementofthesecurityoftheTOE,andrestrictthesefunctionsandfacilitiesfromunauthorizeduse.
7 O.PROCOM TheTOEwill providea secure session for communicationbetween theTOEandtheremoteadministrator’sbrowsertryingtoaccesstheWebGUIorremoteaccesstotheCLITABLE4-1:TOESECURITYOBJECTIVES
4.2SecurityObjectivesfortheOperationalEnvironmentThesecurityobjectivesfortheOperationalEnvironmentarelistedinTable4-2.
Item EnvironmentObjective
Description
1 OE.AUDIT TheITenvironmentmustprovidealongtermauditandalertstorefortheTOE.2 OE.BACKUP ThoseresponsiblefortheTOEmustensurethattheauditfiles,configuration
filesarebackedupanddiskusageismonitoredtoensureauditinformationisnotlost.
3 OE.CONNECT Those responsible for the TOE must ensure that the TOE is installed andoperatedonanetworkandseparatesthenetworkintoexternal,internalandmanagement networks. Information cannot flow between the networkswithoutpassingthroughtheTOEunlesstheTOEissetintohardwarebypass
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 27 of 91
4 OE.NOEVIL Those responsible for theTOEmustensure that therewillbeoneormorecompetent individualsassigned tomanage theTOEand the securityof theinformation it contains and the authorizedadministrators arenot careless,wilfully negligent, or hostile, and will follow and abide by the instructionsprovidedbytheTOEdocumentation.
5 OE.PHYSICAL Those responsible for the TOE must ensure that the TOE hardware andsoftware critical to security policy enforcement will be protected fromunauthorizedmodificationand theprocessing resourcesof theTOEwill belocatedwithin controlled access facilities, whichwill prevent unauthorizedphysicalaccess.
TABLE4-2:SECURITYOBJECTIVESFORTHEOPERATIONALENVIRONMENT
4.3SecurityObjectivesRationaleItem TOEObjective Threat1 O.AUDIT T.AUDIT2 O.DDoSALERT T.MANAGE3 O.DDoSMITIGATE T.DDoSATTACK4 O.FAILSAFE T.FAILURE5 O.IDAUTH T.NOAUTH6 O.MANAGE T.MANAGE7 O.PROCOM T.PROCOM
TABLE4-3:MAPPINGOFTOESECURITYOBJECTIVESTOTHREATS/POLICIES Item EnvironmentObjective Threat/Policy/Assumption8 OE.AUDIT T.AUDIT9 OE.BACKUP A.BACKUP10 OE.CONNECT A.CONNECT11 OE.NOEVIL A.NOEVIL12 OE.PHYSICAL A.PHYSICALTABLE4-4:MAPPINGOFSECURITYOBJECTIVESFORTHEOPERATIONALENVIRONMENTTOTHREATS/POLICIES/ASSUMPTIONS
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 28 of 91
Table4-5showsthatalltheidentifiedThreatstosecurityarecounteredbySecurityObjectives.RationaleisprovidedforeachThreatinthetable.
Item ThreatID Objective Rationale
1
O.AUDIT
TheTOEmustprovideameanstorecord,storeandreviewsecurityrelevant events in audit recordsto trace the responsibility of allactionsregardingsecurity.
ThisthreatismitigatedbyO.AUDITwhich requires that theTOE must provide a means torecord, storeandreviewsecurityrelevanteventsinauditrecordstotrace the responsibility of allactions regarding security thusproviding administrators theabilitytoinvestigateincidents.
OE.AUDIT
TheITenvironmentmustprovidealongtermauditfortheTOE.
OE.AUDIT requires that ITenvironmentmustprovidealongtermauditstorefortheTOEthusproviding administrators with alonger history to investigateincidentswith.
2
T.DDoSATTACK
An External IT Entity or groupofExternal IT Entities may exhaustservice resources of the TOE orInternal IT Entities by passinginformation flows through theTOEbyDDoSattacksthusmakingthe resources unavailable to itsintendedusers.
O.DDoSMITIGATE
The TOE must limit resourceusage to an acceptable level(stop legitimate/illegitimateclientsfromoverusingresourcesandstopDDoSattacks).TheTOEmust be able to serve as a ratebasedcontrollerandpolicebothmalicious userswho attempt toflood the network with DDoSattacks, and authorized userswhomayoveruseresources.
This threat is mitigated byO.DDoSMITIGATE,whichrequires that the TOEmust limitresource usage to an acceptablelevel(stopclientsfromoverusingresourcesandstopDDoSattacks).The TOE must also be able toserve as a rate based controllerand police both malicious userswhoattempttofloodthenetworkwith DOS andDDoS attacks, andauthorized users who mayoveruseresources.
3
T.FAILURE
A Hardware, Software and/orPower failure of the TOE mayinterrupt the flow of trafficbetween networks thus makingthemunavailable.
O.FAILSAFE
The failure of the TOEmust notinterrupt the flow of trafficthrough the TOE betweennetworks.
ThisthreatismitigatedbyO.FAILSAFE which ensures thattheflowoftrafficthroughtheTOEis not interrupted during TOEfailurecreatingaDDoSscenario.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 29 of 91
4
T.MANAGE
An unauthorized person orunauthorized IT entity may beable to view, modify, and/ordeleteTSFdataontheTOE
O.MANAGE
The TOE will provide all thefunctionsandfacilitiesnecessarytosupport theadministrators intheir management of thesecurityof theTOE,and restrictthese functions and facilitiesfromunauthorizeduse.
ThisthreatismitigatedbyO.MANAGE, which requires thatTheTOEmustprotectstoredTSFdata from unauthorizeddisclosure, modification, ordeletion. The TOE provides rolebased access control tomanagementfunctions.
O.DDoSALERT
ThisthreatismitigatedbyO.DDoSALERTwhichprovidesthealertingrequiredtowarn
The TOE will provide thecapability toalertadministratorswhenDDoSattacksaredetectedand other customizable events,conditions,andsystemerrors.
administrators about events thathappened or are happening thatmayrequirefurthermanagementintervention.
5
T.NOAUTH
An unauthorized person mayattempttobypassthesecurityofthe TOE so as to access and usesecurity functions and/or non-securityfunctionsprovidedbytheTOE.
O.IDAUTH
The TOE must uniquely identifyand authenticate the claimedidentity of all administrativeusers, before granting anadministrativeuseraccesstoTOEfunctions.
This threat is mitigated byO.IDAUTH, which provides forunique identification andauthentication of administrativeusers.
6
T.PROCOM
An unauthorized person orunauthorized IT entity may beable to view, modify, and/ordelete security relatedinformationthat issentbetweena remotely located authorizedadministratorandtheTOE.
O.PROCOM
The TOE will provide a securesession for communicationbetweentheTOEandtheremoteadministrator’sbrowsertryingtoaccess theGUIor remoteaccesstotheCLI.
ThisthreatismitigatedbyO.PROCOM which requires thatthe TSF must provide a securesession for communicationbetweentheTOEandtheremoteadministrator’s web browsertrying to access theWebGUI orremotelyaccessingtheCLI.
TABLE4-5:ALLTHREATSTOSECURITYCOUNTERED
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 30 of 91
Table4-6 shows that the securityobjectives for theoperationalenvironmentupholdall assumptions.RationaleisprovidedforeachAssumptioninthetable.
Item AssumptionID Objective Rationale1 A.BACKUP
Administrators will back up theauditfiles,configurationfilesandmonitor disk usage to ensureauditinformationisnotlost.
OE.BACKUPThose responsible for the TOEmustensure that the audit files,configuration files are backed upand disk usage is monitored toensure audit information is notlost.
This objective provides for thebackup of the TOE audit andconfiguration files byadministrators to ensure dataloss minimization due tohardwareorsoftwareerrors.
2 A.CONNECTThe TOE will separate thenetwork on which it is installedand operates into external andinternal networks. Informationcannot flow between theexternal and internal networkswithoutpassingthroughtheTOE.
OE.CONNECTThose responsible for the TOEmust ensure that the TOE isinstalled and operated on anetwork and separates thenetworkintoexternal,internalandmanagement networks.Informationcannot flowbetweenthe networks without passingthroughtheTOE.
This objective provides forplacingtheTOEatthenetworkperimeter and ensuring thatinformation flow cannot flowbetween internal and externalnetworks without TOEinspectionunlesstheTOEissetintohardwarebypassmode
3 A.NOEVILThere will be one or morecompetent individuals assignedto manage the TOE and thesecurity of the information itcontains. The authorizedadministrators are not careless,wilfullynegligent,orhostile,andwill follow and abide by theinstructionsprovidedbytheTOEdocumentation.
OE.NOEVILThose responsible for the TOEmustensurethattherewillbeoneor more competent individualsassigned tomanage the TOE andthe security of the information itcontains and the authorizedadministrators are not careless,wilfully negligent, or hostile, andwill follow and abide by theinstructions provided by the TOEdocumentation.
This objective provides forcompetent and non-hostilepersonnel to administer theTOE.ThisobjectiveensurestheTOE is delivered, installed,managed, and operated bycompetentindividuals.
4 A.PHYSICALTheTOEhardwareandsoftwarecritical to security policyenforcementwillbeprotected from unauthorizedmodification and the processingresources of the TOE will belocatedwithin controlled accessfacilities, which will preventunauthorizedphysicalaccess.
OE.PHYSICALThose responsible for the TOEmust ensure that the TOEhardware and software critical tosecuritypolicyenforcementwillbeprotected from unauthorizedmodification and the processingresources of the TOE will belocatedwithincontrolledaccess
Thisobjectiveprovides for theprotection of the TOE fromuntrusted software and users.Thisobjectiveprovides for thephysicalprotectionof theTOEsoftware.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 31 of 91
facilities, which will preventunauthorizedphysicalaccess.
TABLE4-6:ALLASSUMPTIONSUPHELD
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 32 of 91
5ExtendedComponentsDefinition
AllofthecomponentsdefinedbelowhavebeenmodelledoncomponentsfromPart2oftheCCVersion3.1.Theextendedcomponentsaredenotedbyadding“_EXT”inthecomponentname.
Item SFRID SFRTitle1 DDoS_DEF_EXT.1 DDoSDefence2 DDoS_NOT_EXT.1 SecurityNotifications3 FIA_UAU_EXT.2 UserAuthenticationbeforeanyaction
TABLE5-1:EXTENDEDCOMPONENTS
5.1DDoS_DEF_EXT.1DDoSDefence
5.1.1Class:DDoS:DistributedDenialofService
Thisclasswasexplicitlycreated.Thefamiliesinthisclassspecifythefunctionalrequirementsthatpertainto the security featuresofaDDoSdetectionandmitigationproduct.While thisSFRwasmodelledonexistingFRUrequirementsintheCCPart2,theserequirementsneededfurthermodificationtomeetthespecificneedsofDDoSdetectionandmitigationimplementationratherthanintrusiondetection.
5.1.2Family:DDoSDefence(DDoS_DEF)
5.1.2.1FamilyBehaviour ThisfamilyprovidesrequirementsfortheTSFenforcementofdetectionandmitigationofDDoSattacks.TherequirementsofthisfamilyensurethattheTOEwillprotectnetworksagainstDDoSattacks.
5.1.2.2Componentlevelling
DDoS_DEF_EXT.1DDoSdefenceprovidesamechanismtomitigateDDoSattacks.Componentdefinitionandrationaleareprovidedinsection5.1.3and5.1.4.
5.1.2.3Management ThefollowingactionscouldbeconsideredforthemanagementfunctionsinFMT:
• ManagementofTSFdata.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 33 of 91
5.1.2.4Audit ThefollowingactionsshouldbeauditableifFAU_GENSecurityauditdatagenerationisincludedinthePP/ST:
• Minimal:DetectionandActionstakenduetodetectedpotentialattacks.
5.1.3Definition
DDoS_DEF_EXT.1DDoSDefence
• Hierarchicalto:Noothercomponents• Dependencies:Noothercomponents
DDoS_DEF_EXT.1.1TheTSFshallbeabletodetectthefollowingtypesofDDoSattacks
• SYNFlood• TCPFlood• HTTPFlood• ICMPFlood• UDPFlood• DNSQueryFlood• DNSAmplificationFlood• TCPConnectionFlood
DDoS_DEF_EXT.1.2TheTSFshallbeabletomitigatethedetectedDDoSattacks
DDoS_DEF_EXT.1.3TheTSFshallbeprovidethefollowingadditionalinformationflowcontrolcapabilities
• GeoIPbasedfiltering• CustomRules
5.1.4Rationale
DDoS_DEF_EXT.1hadtobeexplicitlystatedbecausetheCCPart2doesnothaveanyDDoSmitigationrelatedSFRsthatcandescribethefunctionsoftheTOE.DDoS_DEFismodelledasaFamilyofthestandardclass FRU (ResourceUtilization) as it is the only class that dealswith availability and prioritization ofresources.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 34 of 91
5.2DDoS_NOT_EXT.1Explicit:SecurityNotifications 5.2.1Class:DDoS:DistributedDenialofServiceThisclasswasexplicitlycreated.Thefamiliesinthisclassspecifythefunctionalrequirementsthatpertainto the security featuresofaDDoSdetectionandmitigationproduct.While thisSFRwasmodelledonexisting IDS requirements that have been used in validated Protection Profiles, these requirementsneededfurthermodificationtomeetthespecificneedsofDDoSdetectionandmitigationimplementationratherthanintrusiondetection.5.2.2Family:SecurityNotifications(DDoS_NOT)5.2.2.1FamilyBehaviourThisfamilydefinesthenotificationsgeneratedbytheTSFasaresultoftriggereventsthathappenwhilethe TSF is detecting and mitigating DDoS attacks. This family also defines the destination(s) of thenotificationsthataregenerated.Thescannerswouldgenerallycollectstaticconfiguration informationandsendthatontoananalyticalcomponentwhichwouldcausethenotificationstobegenerated.5.2.2.2Componentlevelling
DDoS_NOT_EXT.1SecuritynotificationprovidesamechanismfordetectingDDoSAttacksandNotifytheusersaccordingly.Componentdefinitionandrationaleareprovidedinsection5.2.3and5.2.4.5.2.2.3Management
ThefollowingactionscouldbeconsideredforthemanagementfunctionsinFMT:
• Configurationofthenotificationdestinationbyanadministrator
5.2.2.4Audit
ThefollowingactionsshouldbeauditableifFAU_GENsecurityauditdatagenerationisincludedinthePP/ST:
• Basic:timenotificationgenerated,sourceanddestinationofnotification,notificationtype
5.2.3Definition
DDoS_NOT_EXT.1Explicit:SecurityNotifications
Hierarchicalto:NoothercomponentsDependencies:DDoS_DEF_EXT.1 DDoSDefence
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 35 of 91
DDoS_NOT_EXT.1.1TheTSFshallsendavisualnotificationwheneventsoccurduringtheassessment. TheeventsgeneratedfromTOEcomponentscontainsthefollowinginformation:
• CreatedDate:Thetimestampatwhichtheeventwascreated• CreatedBy:usernameforusergeneratedeventsorsystemforsystemgeneratedevents• Status:statusoftheevent(ENDED/ONGOING/NULL)• Category:categoryoftheevent• Sub-category:refinementofcategoryoftheevent.• Direction:trafficflowforwhichtheeventwascreated(INBOUND/OUTBOUND/NULL).• Message:messagetobedisplayedtotheuser.
Visualnotificationsareavailableat:
• WebGUI:hdDeviceUI• Emailaddressesoftheregisteredusers
ListofEvents(Categories):
• Attackevents• Alarmevents• Systemevents
DDoS_NOT_EXT.1.2TheTSFshallsendanotificationwheneventsoccurduringtheassessmentprocess.Followingarethenotificationtypes.
• WebbasedUInotification:listofeventsdisplayedinhdDeviceUI.• Emailnotification:emailsenttotheregisteredusersoneventgeneration.
Listofnotificationrecipients:
• AllregisteredusersonhdDeviceUI
Listofevents/alertcategories:
• System• Configuration• Attack• Alarm• User• Report• Operational• DiskUsage
Furtherdescriptionofthealertcategoriescanbereferredfromsection6.1.5.2.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 36 of 91
5.2.4Rationale
DDoS_NOT_EXT.1 ismodelled on IDS_RCT.1Analyser react (EXP) as defined in IDS SystemProtectionProfile Version 1.7 July 25, 2007. This SFR wasmodified to apply to the various events that can begeneratedbyanydetectionandmitigationtypesystemratherthanonlythedetectionofanintrusion.ThisSFRusestheterm“notification”ratherthan“alert”becausethereisnoguaranteethattherecipientwillacknowledgeorreadtheeventinformationinatimelymanner.Forexample,iftheTOEsendsthisinformationviaemail(SMTPServerornativemessagingwithintheproduct)thereisnoguaranteethattherecipientwillacknowledgeorreadtheeventinformationinatimelymanner.NoristheTOEexpectedtohandleincomingresponsessuchasanacknowledgedreceiptorread.
5.3FIA_UAU_EXT.2Userauthenticationbeforeanyaction
5.3.1ClassFIA:Identificationandauthentication
SeeSection12oftheCommonCriteriaforInformationTechnologySecurityEvaluationPart2:SecurityfunctionalcomponentsApril2017Version3.1Revision5.
5.3.2Family:Userauthentication(FIA_UAU)
5.3.2.1FamilyBehaviourThisfamilydefinesthetypesofuserauthenticationmechanismssupportedbytheTSF.Thisfamilyalsodefinestherequiredattributesonwhichtheuserauthenticationmechanismsmustbebased.5.3.2.2Componentlevelling
FIA_UAU_EXT.2Thepassword-basedauthenticationmechanismprovidesadministrativeusersa locallybasedauthenticationmechanism.Componentdefinitionandrationaleareprovidedinsection5.3.3and5.3.4.Refertosection6.1.2forlistofuserattributes,managementofdataandpasswordpolicy.5.3.2.3ManagementThefollowingactionscouldbeconsideredforthemanagementfunctionsinFMT:
- Managementoftheauthenticationdatabyanadministrator- Managementoftheauthenticationdatabytheuserassociatedwiththisdata
5.3.2.4Audit ThefollowingactionsshouldbeauditableifFAU_GENSecurityauditdatagenerationisincludedinthePP/ST:
• Minimal:Unsuccessfuluseoftheauthenticationmechanism• Basic:Alluseoftheauthenticationmechanism
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 37 of 91
5.3.3Definition
FIA_UAU_EXT.2UserauthenticationbeforeanyactionHierarchicalto:FIA_UAU.1TimingofauthenticationDependencies:FIA_UID.1TimingofidentificationFIA_UAU_EXT.2.1Hierarchicalto:FIA_UAU_EXT.2UserauthenticationbeforeanyactionTheTSFshallrequireeachusertobesuccessfullyauthenticatedeitherbytheTSForbyanauthenticationservice in the Operational Environment invoked by the TSF before allowing any other TSF-mediatedactionsonbehalfofthatuser.
5.3.4Rationale
FIA_UAU_EXT.2ismodelledcloselyonthestandardcomponentFIA_UAU.2:Userauthenticationbeforeany action. FIA_UAU_EXT.2 needed to be defined as an extended component because the standardcomponentwasbroadenedbyaddingthetext“eitherbytheTSForbyanauthenticationserviceintheOperationalEnvironmentinvokedbytheTSF”.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 38 of 91
6SecurityRequirementsThissectionprovidesthesecurityfunctionalandassurancerequirementsfortheTOE.6.1SecurityFunctionalRequirementsfortheTOE FormattingConventions
Thenotation,formatting,andconventionsusedinthissecuritytarget(ST)areconsistentwithversion3.1oftheCommonCriteriaforInformationTechnologySecurityEvaluation.
TheCCpermitsfourfunctionalcomponentoperations:assignment,iteration,refinement,andselectiontobeperformedonfunctionalrequirements.Theseoperationsaredefinedas:
• Iteration:allowsacomponenttobeusedmorethanoncewithvaryingoperations• Assignment:allowsthespecificationofparameters• Selection:allowsthespecificationofoneormoreitemsfromalist• Refinement:allowstheadditionofdetails
ThisSTindicateswhichtextisaffectedbyeachoftheseoperationsinthefollowingmanner:
• AssignmentsandSelectionsspecifiedbytheSTauthorarein[italicizedboldtext]. • Refinementsareidentifiedwith"Refinement:"rightaftertheshortname.AdditionstotheCC
textarespecifiedinitalicizedboldandunderlinedtext. • Iterationsareidentifiedwithadashnumber"-#".Thesefollowtheshortfamilynameandallow
componentstobeusedmorethanoncewithvaryingoperations.“*”referstoalliterationsofacomponent.
• Applicationnotesprovideadditionalinformationforthereader,butdonotspecifyrequirements.Applicationnotesaredenotedbyitalicizedtext.
• ExtendedcomponentsdefinedinSection5havebeendenotedwiththesuffix“_EXT”followingthefamilyname.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 39 of 91
ThefunctionalsecurityrequirementsfortheTOEconsistofthefollowingcomponentstakendirectlyfromPart2oftheCCandtheextendedcomponentsdefinedinSection5andsummarizedinTable6-1below.
SecurityAuditFAU_GEN.1 AuditdatagenerationFAU_GEN.2 UseridentityassociationFAU_SAR.1 AuditreviewFAU_SAR.3 SelectableauditreviewFAU_STG.1 Protectedaudittrailstorage
IdentificationandAuthenticationFIA_ATD.1 UserattributedefinitionFIA_SOS.1 VerificationofSecretsFIA_UAU.5 MultipleauthenticationmechanismFIA_UAU_EXT.2 UserauthenticationbeforeanyactionFIA_UID.2 Useridentificationbeforeanyaction
SecurityManagementFMT_MTD.1 ManagementofTSFdataFMT_SMF.1 SpecificationofmanagementfunctionsFMT_SMR.1 SecurityrolesFMT_MSA.1 ManagementofSecurityAttributesFMT_MSA.3 StaticAttributeInitialization
SecurityFPT_FLS.1 FailurewithPreservationofSecureStateFPT_STM.1 ReliableTimeStamps
DistributedDenialofServiceDDoS_DEF_EXT.1 DDoSDefenceDDoS_NOT_EXT.1 SecurityNotifications
TrustedPath/ChannelsFTP_ITC.1 Inter-TSFtrustedChannelFTP_TRP.1 TrustedPath/Channel
UserDataProtectionFDP_IFC.1 SubsetInformationFlowControlFDP_IFF.1 SimpleSecurityAttributesFDP_ITC.1 ImportofUserDatawithoutSecurityAttributesFDP_ITT.1 TransferofUserData
CryptographicSupportFCS_COP.1a CryptographicoperationFCS_COP.1b CryptographicoperationFCS_COP.1c Cryptographicoperation
TABLE6-1:FUNCTIONALCOMPONENTS
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 40 of 91
6.1.1ClassFAU:SecurityAudit
6.1.1.1FAU_GEN.1AuditDataGeneration Hierarchicalto:Noothercomponents.Dependencies:FPT_STM.1 Reliabletimestamps
FAU_GEN.1.1
TheTSFshallbeabletogenerateanauditrecordofthefollowingauditableevents:
• Start-upandshutdownoftheauditfunctions;• Allauditableeventsforthe[notspecified]levelofaudit;and • [thefollowingauditableevents:eventslistedincolumn3ofTable6-2]
SFRID SFRTitleFAU_GEN.1 NoneFAU_GEN.2 NoneFAU_SAR.1 NoneFAU_SAR.3 NoneFAU_STG.1 Diskusageisgettingfull.FIA_ATD.1 NoneFIA_SOS.1 NoneFIA_UAU.5 NoneFIA_UAU_EXT.2 UserloginandlogoutFIA_UID.2 Userloginandlogout
FMT_MTD.1 ConfigurationorupdatestoanyoftheTOESettings
FMT_SMF.1 AllActionsdefinedinFMT_MTD.1FMT_SMR.1 NoneFPT_FLS.1 FailurewithPreservationofSecureStateFPT_STM.1 NoneDDoS_NOT_EXT.1 SecurityNotificationsFTP_ITC.1 NoneFTP_TRP.1 None
TABLE6-2:FUNCTIONALCOMPONENTS*ApplicationNote:TheTOErecordsDDoSeventsinaseparatelogfile,BlockedHostLog,whichisnotpartoftheaudittrailandisavailabletoviewviaadifferentfunctionintheWebGUI.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 41 of 91
FAU_GEN.1.2
TheTSFshallrecordwithineachauditrecordatleastthefollowinginformation:
• Date and time of the event, type of event, subject identity (if applicable), and the outcome(successorfailure)oftheevent
• Foreachauditeventtype,basedontheauditableeventdefinitionsofthefunctionalcomponentsincludedinthePP/ST:[theadditionalinformationidentifiedinTable6-3].
Information DescriptionUsername Theuserwhomadethechange,or“system”ifitisasystem-generated
change.Sub-System The sub-system that made the change. CLI, hdDeviceUI,
hdDetectionService,hdInspector
LogPrioritylevels There are four priority levels for logs-DEBUG, WARN, ERROR ANDINFO.
Description A description of the change. For example, if a protection group iscreated,thedescriptiondisplaysthesettingsthatareconfigured.TABLE6-3:AUDITRECORDINFORMATION
ApplicationNote:The“…outcome(successorfailure)oftheevent”willonlybeincludedifapplicable.
6.1.1.2FAU_GEN.2UserIdentityAssociation Hierarchicalto:Noothercomponents.Dependencies:FAU_GEN.1 AuditDataGenerationFIA_UID.1 Timingofidentification
FAU_GEN.2.1
Forauditeventsresultingfromactionsofidentifiedusers,theTSFshallbeabletoassociateeachauditableeventwiththeidentityoftheuserthatcausedtheevent.6.1.1.3FAU_SAR.1AuditReview Hierarchicalto:Noothercomponents.Dependencies:FAU_GEN.1 AuditDataGeneration
FAU_SAR.1.1
TheTSFshallprovide[Administrators]withthecapabilitytoread[followingauditdata]fromtheauditrecords:
• CLIlogs• Sysloglogs• Haltdoslogs
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 42 of 91
• Accesslogs• websitelogs• DetectionServicelogs
FAU_SAR.1.2
TheTSFshallprovidetheauditrecordsinamannersuitablefortheusertointerprettheinformation.
6.1.1.4FAU_SAR.3SelectableAuditReview Hierarchicalto:Noothercomponents.Dependencies:FAU_SAR.1 AuditReview
FAU_SAR.3.1
TheTSFshallprovidetheabilitytoapply[searching]ofauditdatabasedon:
Allpossiblecombinationsofthefollowingfields:
• Username• Timestamp• Sub-system
6.1.1.5FAU_STG.1Protectedaudittrailstorage Hierarchicalto:Noothercomponents.Dependencies:FAU_GEN.1 AuditDataGeneration
FAU_STG.1.1
TheTSFshallprotectthestoredrecordsfromunauthorizeddeletion.
FAU_STG.1.2
TheTSFshallbeableto[prevent]unauthorizedmodificationstotheauditrecordsintheaudittrail.
6.1.2ClassFIA:Identificationandauthentication
6.1.2.1FIA_ATD.1UserAttributeDefinition Hierarchicalto:Noothercomponents.Dependencies:Nodependencies.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 43 of 91
FIA_ATD.1.1
TheTSFshallmaintainthefollowinglistofsecurityattributesbelongingtoindividualusers:
• Username• Email• Password• AccessRights(role)
6.1.2.2FIA_SOS.1VerificationofSecrets Hierarchicalto:Noothercomponents.Dependencies:Nodependencies.FIA_SOS.1.1TheTSFshallprovideamechanismtoverifythatsecretsmeet[theparametersoftheTOEPasswordPolicy(SeeTable6-4)].PasswordCriteriamustbeatleast8characterslongmustbenomorethan72characterslongcanincludespecialcharacters,spaces,andquotationmarkscannotbealldigitsmustconsistofatleastonedigitmustconsistofatleastoneuppercaseandonelowercaselettercannotbeonlylettersfollowedbyonlydigits(forexample,abcd123)cannotbeonlydigitsfollowedbyonlyletters(forexample,123abcd)cannotconsistofalternatingletter-digitcombinations(forexample,1a3A4c1ora2B4c1d)
TABLE6-4:TOEPASSWORDPOLICYRULES6.1.2.3FIA_UAU.5MultipleAuthenticationMechanismsHierarchicalto:Noothercomponents.Dependencies:Nodependencies.FIA_UAU.5.1
The TSF shall provide [Local Password Authentication and ability to invoke external authenticationmechanismwhenconfigured]tosupportuserauthentication.
FIA_UAU.5.2
TheTSFshallauthenticateanyuser'sclaimedidentityaccordingtothe[Followingrules]:
• TOE invoke authentication mechanism in the following precedence order: RADIUS, LOCAL. IfauthenticationfromRADIUSsucceeds=LoginSuccess.IfauthenticationfromRADIUSfails,LOCALauthentication is invoked. If local authentication succeeds = Login Success. If the localauthenticationfails=LoginFailure.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 44 of 91
• If RADIUS server is not configured or down, LOCAL authentication is attempted. If LOCALauthenticationfails:Loginfailure.
ApplicationNote:TheTOEonlyclaimscompatibilitywithRADIUSservers.
6.1.2.4FIA_UAU_EXT.2UserAuthenticationBeforeanyActionHierarchicalto:FIA_UAU.1 Timingofauthentication
Dependencies:FIA_UID.1 Timingofidentification
FIA_UAU_EXT.2.1
TSFshall requireeachuser tobesuccessfullyauthenticatedeitherby theTSForbyanauthenticationservice in the Operational Environment invoked by the TSF before allowing any other TSF-mediatedactionsonbehalfofthatuser.6.1.2.5FIA_UID.1TimingofIdentificationHierarchicalto:Noothercomponents.Dependencies:Nodependencies.FIA_UID.1.1TheTSFshallallowlistofTSF-mediatedactionsonbehalfoftheusertobeperformedbeforetheuserisidentified.FollowingisthelistofTSF-mediatedactions:
• ForgotPassword:usercanrequestforresettingtheirpasswords.Anemailvalidationlinkwillbesenttotheregisteredemailaddressed.
• Iamafirsttimeuser:usercanrequestforcreatingtheirpasswords.Anemailvalidationlinkwillbesenttotheregisteredemailaddressed.
FIA_UID.1.2TheTSFshallrequireeachusertobesuccessfullyidentifiedbeforeallowinganyotherTSF-mediatedactionsonbehalfofthatuser.6.1.2.6FIA_UID.2UserIdentificationBeforeanyActionHierarchicalto:FIA_UID.1 Timingofidentification
Dependencies:Nodependencies.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 45 of 91
FIA_UID.2.1
The TSF shall require each user to be successfully identified before allowing any other TSFmediatedactionsonbehalfofthatuser.
6.1.3ClassFMT:SecurityManagement
6.1.3.1FMT_MTD.1ManagementofTSFdataHierarchicalto:Noothercomponents.Dependencies:FMT_SMR.1 SecurityrolesFMT_SMF.1 SpecificationofManagementFunctions
FMT_MTD.1.1TheTSFshallrestricttheabilityto[changedefault,query,modify,delete,and[otheroperationsasspecifiedinTable6-5]the[TSFDataasspecifiedinTable6-5]to[theroleasspecifiedinTable6-5].Operations TSFDataorobject RoleLogintoCLI(Access) hdCLI SystemAdministrator**LogintoWebGUI(Access) hdDeviceUI Administrator,SecurityAnalyst,
NetworkAnalyst,VisitorCapture thenetworkpacketsinrealtime Administrator,SecurityAnalyst,
NetworkAnalystChange theglobalprotectionlevel Administrator,SecurityAnalystConfigure,Run,Restore thebackupandrestoredata SystemAdministratorEdit theuseraccountsattributes Administrator,SecurityAnalyst*
,NetworkAnalyst*,Visitor*Edit theIPinterfaceconfigurationsettings SystemAdministratorEdit thelocaluserandauthentication AdministratorEdit theauthorizationconfiguration
settingsSystemAdministrator,Administrator
Edit theaccountingAAAconfigurationsettings
SystemAdministrator
Edit theDNSconfigurationsettings AdministratorEdit theHTTPconfigurationsettings AdministratorEditandView thelogging,configurationsettings AdministratorView theserverlog SystemAdministratorEdit theNTPconfigurationsettings SystemAdministratorEdit theSSHconfigurationsettings SystemAdministratorEdit thesystemattributes SystemAdministratorEditandApply theIPaccessrules(Policy) SystemAdministrator,
AdministratorExplore historicalblockedhostslog SystemAdministrator
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 46 of 91
Installanduninstall softwarepackages Administrator,SystemAdministrator
Edit theTOEsystemfiles SystemAdministratorManage theGeneralConfigurationSettings AdministratorManage theIn-lineActiveStateSetting AdministratorManage thenotificationconfigurationsettings Administrator,SecurityAnalyst,
NetworkAnalystManage thesystemeventsconfiguration
settingsAdministrator,SecurityAnalyst,NetworkAnalyst
Manage theSSHkeys SystemAdministratorManage thesystemdisks SystemAdministratorView theTOEsystemfiles SystemAdministratorRestore Restoredevicestatefrombackup SystemAdministratorSet thesystemclock SystemAdministratorShow therunningorsavedconfiguration
settingsAdministrator,SecurityAnalyst,NetworkAnalyst
Shutdown theTOEsystem SystemAdministratorStartandStop theTOEservices SystemAdministratorView Accessrightsconfigurationsettings Administrator
TABLE6-5:MANAGEMENTOFTSFDATA*VISITORcanonlyeditownaccountattributesforupdatingpasswordorusernameattributes.AVISITORcannotchangehisownauthorityassignmentorhisregisteredemailid.
*SECURITYANALYSTcanonlyeditownaccountattributesforupdatingpasswordorusernameattributes.ASECURITYANALYSTcannotchangehisownauthorityassignmentorhisregisteredemailid.
*NETWORKANALYSTcanonlyeditownaccountattributesforupdatingpasswordorusernameattributes.ANETWORKANALYSTcannotchangehisownauthorityassignmentorhisregisteredemailid.
**SYSTEMADMINISTRATORisLINUXOSuserswithrootprivilegesontheTOEappliance.TheseuserscanlogontotheapplianceviaSSHtorunsystemcommandsandaccesstheCLItomaintainandconfiguretheTOE.SomeCLIcommandmakesAPIcallstoGUI.
6.1.3.2FMT_SMF.1SpecificationofManagementFunctionsHierarchicalto:Noothercomponents.Dependencies:Nodependencies. FMT_SMF.1.1
TheTSFshallbecapableofperformingthefollowingsecuritymanagementfunctions:
• OperationsasspecifiedinTable6-5ontheTSFDataasspecifiedinTable6-5(SeeFMT_MTD.1)
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 47 of 91
6.1.3.3FMT_SMR.1SecurityRolesHierarchicalto:Noothercomponents.Dependencies:FIA_UID.1 TimingofIdentification
FMT_SMR.1.1
TheTSFshallmaintaintheroles[ADMINISTRATOR,SECURITYANALYST,NETWORKANALYST,VISITORANDSYSTEMADMINISTRATOR].
FMT_SMR.1.2
TheTSFshallbeabletoassociateuserswithroles.
6.1.3.4FMT_MSA.1ManagementofSecurityAttributesHierarchicalto:Noothercomponents.Dependencies:FDP_IFC.1 SubsetofInformationFlowControlFMT_SMR.1 SecurityRolesFMT_SMF.1 SpecificationofManagement
FMT_MSA.1.1
TheTSFshallenforcethe[PacketFilterSFP]torestricttheabilityto[modify,[nootheroperations]]thesecurityattributes[networktrafficfilterrulesandconfigurationdata]to[theroleadministrator].
6.1.3.5FMT_MSA.3StaticAttributeInitializationHierarchicalto:Noothercomponents.Dependencies:FMT_MSA.1 ManagementofSecurityAttributesFMT_SMR.1 SecurityRoles
FMT_MSA.3.1
TheTSFshallenforcethe[PacketFilterSFP]toprovide[restrictive]defaultvaluesforsecurityattributesthatareusedtoenforcetheSFP.
FMT_MSA.3.2
TheTSFshallallowthe[noroles]tospecifyalternativeinitialvaluestooverridethedefaultvalueswhenanobjectorinformationiscreated.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 48 of 91
6.1.4ClassFPT:ProtectionofTSF
6.1.4.1FPT_FLS.1FailurewithPreservationofSecureStateHierarchicalto:Noothercomponents.Dependencies:Nodependencies.
FPT_FLS.1.1
TheTSFshallpreserveasecurestatewhenthefollowingtypesoffailuresoccur:
• PowerFailure• HardwareFailure• SoftwareFailure
6.1.4.2FPT_STM.1ReliableTimeStampsHierarchicalto:Noothercomponents.Dependencies:Nodependencies.
FPT_STM.1.1TheTSFshallbeabletoprovidereliabletimestampsforitsownuse.
6.1.5ClassDDoS:DistributedDenialofService
6.1.5.1DDoS_DEF_EXT.1DDoSDefenceHierarchicalto:Noothercomponents.Dependencies:Nodependencies. DDoS_DEF_EXT.1.1
TheTSFshallbeabletodetectthefollowingtypesofDDoSattacks
• Botnet• GenericBandwidth• SlowHTTP• MalformedHTTP
DDoS_DEF_EXT.1.2
TheTSFshallbeabletomitigatethedetectedDDoSattacks.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 49 of 91
DDoS_DEF_EXT.1.3
TheTSFshallprovidethefollowingadditionalinformationflowcontrolcapabilities
Capabilityto:
• Configure TOE to function in inline active (with filtering), off-line (onlymonitoring) or in-linebypassmodes
• ConfigurableDetectionLevel(low,medium,high).
Note: See Section 8 for terminology and more details on inline active (with filtering), off-line (onlymonitoring)orin-linebypassmodesWhitelist,Blacklist,ServiceDefinitionsandTCPSYNRateConfigetc.
ForadditionaldetailsondescriptionofDDoSattacktypesandmitigationmechanisms,seeSection7.6.
6.1.5.2DDoS_NOT_EXT.1Explicit:SecurityNotifications Hierarchicalto:Noothercomponents.Dependencies:DDoS_DEF_EXT.1 DDoSDefence
DDoS_NOT_EXT.1.1
TheTSFshallsendavisualnotificationto[hdDeviceUI]when[theevents)listedinTable6-6]occursduringtheassessmentprocess.DDoS_NOT_EXT.1.2TheTSFshallsenda[emailandlogmessage]notificationto[theassignedeventnotificationrecipient’sEmailId,configuredSNMPmanager,configuredsyslogserver]when[theAlerttype(s)listedinTable6-6]occursduringtheassessmentprocess.AlertType Causes UIEvent Log Email
System Systemsettingsarechanged Yes Yes No
Configuration Someonechangesthesecuritysettings. Yes Yes No
Attack DDoSattackdetected Yes Yes Yes
Alarm Userdefinedrulesgettriggered Yes Yes Yes
User Userpermissions,roleoradditionorremovalofusers
Yes Yes No
Report Systemreportisgenerated Yes Yes Yes
Operational Licenseexpiryorsystemfailurenotifications
Yes Yes Yes
DiskUsage Diskusagerunninghigh Yes Yes Yes
TABLE6-6:SECURITYNOTIFICATIONS
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 50 of 91
6.1.6ClassFTP:TrustedPath/Channels
6.1.6.1FTP_ITC.1Inter-TSFTrustedChannel Hierarchicalto:Noothercomponents.Dependencies:Nodependencies.
FTP_ITC.1.1
TheTSF shallprovidea communicationchannelbetween itself andanother trusted ITproduct that islogicallydistinctfromothercommunicationchannelsandprovidesassuredidentificationofitsendpointsandprotectionofthechanneldatafrommodificationordisclosure.
FTP_ITC.1.2
TheTSFshallpermit[theTSF]toinitiatecommunicationviathetrustedchannel.
FTP_ITC.1.3
TheTSFshallinitiatecommunicationviathetrustedchannelfor[authenticationdecisionhandling].
6.1.6.2FTP_TRP.1TrustedPath Hierarchicalto:Noothercomponents.Dependencies:Nodependencies.
FTP_TRP.1.1
TheTSFshallprovideacommunicationpathbetweenitselfand[remote]usersthatislogicallydistinctfromothercommunicationpathsandprovidesassuredidentificationofitsendpointsandprotectionofthecommunicateddatafrom[modificationanddisclosure].
FTP_TRP.1.2
TheTSFshallpermit[remoteusers]toinitiatecommunicationviathetrustedpath.
FTP_TRP.1.3TheTSFshallrequiretheuseofthetrustedpathfor[initialuserauthentication,[andallremoteuseractions]].
6.1.7ClassFDP:UserDataProtection
6.1.7.1FDP_IFC.1SubsetInformationFlowControl Hierarchicalto:Noothercomponents.Dependencies:FDP_IFF.1 SimpleSecurityAttributes
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 51 of 91
FDP_IFC.1.1
TheTSFshallenforcethe[PacketFilterSFP]on[Subjects:users(externalentities)thatsendand/orreceiveinformationthroughtheTOEtooneanother;Information:datasentfromonesubjectthroughtheTOEtooneanother;Operation:passthedata].ApplicationNote:ThePacketFilterSFPisgiveninFDP_IFF.ThesubjectdefinitioninFDP_IFC.1.1belongstoaformerCCversion.Thusthesubjectsareidenticaltotheusersdefinedintheexternalentitiesdefinitioninchap.3.3.
6.1.7.2FDP_IFF.1SimpleSecurityAttributes Hierarchicalto:Noothercomponents.Dependencies:FDP_IFC.1 SubsetInformationFlowControlFMT_MSA.3 StaticAttributeInitialization
FDP_IFF.1.1
TheTSFshallenforce the [PacketFilterSFP]basedon the following typesof subjectand informationsecurityattributes:[Subjects:users(externalentities)thatsendand/orreceiveinformationthroughtheTOEtooneanother;Subjectsecurityattributes:none;Information:datasentfromonesubjectthroughtheTOEtooneanother;Informationsecurityattributes:sourceaddressofsubject,destinationaddressofsubject,transportlayerprotocol,interfaceonwhichthetrafficarrivesanddeparts,port,time]. FDP_IFF.1.2
TheTSFshallpermitaninformationflowbetweenacontrolledsubjectandcontrolledinformationviaacontrolledoperationifthefollowingruleshold:[SubjectsonanetworkconnectedtotheTOEcancauseinformationtoflowthroughtheTOEtoasubjectonanotherconnectednetworkonlyifalltheinformationsecurityattributevaluesarepermittedbyallinformationpolicyrules].FDP_IFF.1.3
TheTSFshallenforcethe[reassemblyoffragmentedIPdatagramsbeforeinspection]. FDP_IFF.1.4
TheTSFshallexplicitlyauthoriseaninformationflowbasedonthefollowingrules:[none].FDP_IFF.1.5
TheTSFshallexplicitlydenyaninformationflowbasedonthefollowingrules:• TheTOEshallrejectrequestsofaccessorserviceswheretheinformationarrivesonanetwork
interfaceandthesourceaddressoftherequestingsubjectisfoundmaliciousaccordingtoconfiguredpolicyrulesontheTOE.
ApplicationNote:ThesubjectdefinitioninFDP_IFF.1.1belongstoaformerCCversion.Thusthesubjectsareidenticaltotheusersdefinedintheexternalentitiesdefinitioninchap.3.3.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 52 of 91
6.1.7.3FDP_ITC.1ImportofUserDatawithoutSecurityAttributes Hierarchicalto:Noothercomponents.Dependencies:FDP_IFC.1 SubsetInformationFlowControlFMT_MSA.3 StaticAttributeInitialization
FDP_ITC.1.1
TheTSFshallenforcethe[UserDataSFP]whenimporting[GeoIPdatabase,TORIPfeeds,IPReputationandSoftwareUpdates]fromoutsideoftheTOE.FDP_ITC.1.2
TheTSFshallignoreanysecurityattributesassociatedwiththeuserdatawhenimportedfromoutsidetheTOE.FDP_ITC.1.3
TheTSFshallenforcethefollowingruleswhenimportinguserdatacontrolledundertheSFPfromoutsidetheTOE:[none].6.1.7.4FDP_ITT.1BasicInternetTransferProtection Hierarchicalto:Noothercomponents.Dependencies:FDP_IFC.1 SubsetInformationFlowControl
FDP_ITT.1.1
TheTSFshallenforcethe[UserDataSFP]topreventthemodificationofuserdatawhenitistransmittedbetweenphysically-separatedpartsoftheTOE.
6.1.8ClassFCS:CryptographicSupport
6.1.8.1FCS_COP.1CryptographicOperation(a) Hierarchicalto:Noothercomponents.Dependencies:FDP_ITC.1 ImportofUserDatawithoutSecurityAttributes
FCS_COP.1.1a
TheTSFshallperformsymmetricencryptionanddecryptioninaccordancewithaspecifiedcryptographicalgorithmAESandcryptographickeysizes256bitsthatmeetthefollowing:FIPS197.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 53 of 91
6.1.8.2FCS_COP.1CryptographicOperation(b) Hierarchicalto:Noothercomponents.Dependencies:FDP_ITC.1 ImportofUserDatawithoutSecurityAttributes
FCS_COP.1.1b
TheTSFshallperformasymmetricencryptionanddecryptioninaccordancewithaspecifiedcryptographicalgorithmRSAandcryptographickeysizesupto2048bitsthatmeetthefollowing:PKCS#1v2.1.6.1.8.3FCS_COP.1CryptographicOperation(c) Hierarchicalto:Noothercomponents.Dependencies:FDP_ITC.1 ImportofUserDatawithoutSecurityAttributes
FCS_COP.1.1c
TheTSFshallperformcryptographichashinginaccordancewithaspecifiedcryptographicalgorithmSHA1andcryptographickeysizesnotapplicablethatmeetthefollowing:FIPS180-36.2SecurityAssuranceRequirementsfortheTOE TheSecurityAssuranceRequirementsfortheTOEaretheassurancecomponentsofEvaluationAssuranceLevel2+ taken fromPart3of theCommonCriteria. Noneof theassurance componentsare refined,ALC_CMC.3andALC_CMS.3areaddedinsteadofALC_CMC.2andALC_CMS.2foraugmentingEAL2.TheassurancecomponentsarelistedinTable6-7.
AssuranceClass Assurancecomponents
ADV:Development
ADV_ARC.1Securityarchitecturedescription
ADV_FSP.2Security-enforcingfunctionalspecificationADV_TDS.1Basicdesign
AGD:Guidancedocuments AGD_OPE.1OperationaluserguidanceAGD_PRE.1Preparativeprocedures
ALC:Life-cyclesupport
ALC_CMC.3AuthorisationcontrolsALC_CMS.3ImplementationrepresentationCMcoverageALC_DEL.1DeliveryproceduresALC_DVS.1IdentificationofsecuritymeasuresALC_LCD.1Developerdefinedlife-cyclemodel
ASE:SecurityTarget ASE_CCL.1Conformanceclaims
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 54 of 91
evaluation ASE_ECD.1ExtendedcomponentsdefinitionASE_INT.1STintroductionASE_OBJ.2SecurityobjectivesASE_REQ.2DerivedsecurityrequirementsASE_SPD.1SecurityproblemdefinitionASE_TSS.1TOEsummaryspecification
ATE:Tests
ATE_COV.1EvidenceofcoverageATE_FUN.1FunctionaltestingATE_IND.2Independenttesting-sample
AVA:VulnerabilityassessmentAVA_VAN.2Vulnerabilityanalysis
TABLE6-7:EAL2ASSURANCECOMPONENTSFurtherinformationontheseassurancecomponentscanbefoundintheCommonCriteriaforInformationTechnologySecurityEvaluation(CCITSE)Part3.
6.2.1ADV_ARC.1SecurityArchitectureDescription
Developeractionelements:ADV_ARC.1.1DThedevelopershalldesignand implement theTOEsothat thesecurity featuresof theTSFcannotbebypassed.ADV_ARC.1.2DThedevelopershalldesignandimplementtheTSFsothatitisabletoprotectitselffromtamperingbyuntrustedactiveentities.ADV_ARC.1.3DThedevelopershallprovideasecurityarchitecturedescriptionoftheTSF.Contentandpresentationelements:ADV_ARC.1.1CThesecurityarchitecturedescriptionshallbeatalevelofdetailcommensuratewiththedescriptionoftheSFR-enforcingabstractiondescribedintheTOEdesigndocument.ADV_ARC.1.2CThe security architecture description shall describe the security domain maintained by the TSFconsistentlywiththeSFRs.ADV_ARC.1.3CThesecurityarchitecturedescriptionshalldescribehowtheTSFinitializationprocessissecure.ADV_ARC.1.4CThesecurityarchitecturedescriptionshalldemonstratethattheTSFprotectsitselffromtampering.ADV_ARC.1.5CThesecurityarchitecturedescriptionshalldemonstratethattheTSFpreventsbypassoftheSFR-enforcingfunctionality.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 55 of 91
6.2.2ADV_FSP.2Security-enforcingfunctionalspecification
Developeractionelements:ADV_FSP.2.1DThedevelopershallprovideafunctionalspecification.ADV_FSP.2.2DThedevelopershallprovideatracingfromthefunctionalspecificationtotheSFRs.Contentandpresentationelements:ADV_FSP.2.1CThefunctionalspecificationshallcompletelyrepresenttheTSF.ADV_FSP.2.2CThefunctionalspecificationshalldescribethepurposeandmethodofuseforallTSFI.ADV_FSP.2.3CThefunctionalspecificationshallidentifyanddescribeallparametersassociatedwitheachTSFI.ADV_FSP.2.4CFor each SFR-enforcing TSFI, the functional specification shall describe the SFR-enforcing actionsassociatedwiththeTSFI.ADV_FSP.2.5CForeachSFR-enforcingTSFI, the functional specificationshalldescribedirecterrormessages resultingfromprocessingassociatedwiththeSFR-enforcingactions.ADV_FSP.2.6CThetracingshalldemonstratethattheSFRstracetoTSFIsinthefunctionalspecification.
6.2.3ADV_TDS.1Basicdesign
Developeractionelements:ADV_TDS.1.1DThedevelopershallprovidethedesignoftheTOE.ADV_TDS.1.2DThedevelopershallprovideamappingfromtheTSFIofthefunctionalspecificationtothelowestlevelofdecompositionavailableintheTOEdesign.Contentandpresentationelements:ADV_TDS.1.1CThedesignshalldescribethestructureoftheTOEintermsofsubsystems.ADV_TDS.1.2CThedesignshallidentifyallsubsystemsoftheTSF.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 56 of 91
ADV_TDS.1.3CThedesignshalldescribethebehaviourofeachSFR-supportingorSFR-non-interferingTSFsubsysteminsufficientdetailtodeterminethatitisnotSFR-enforcing.ADV_TDS.1.4CThedesignshallsummarizetheSFR-enforcingbehaviouroftheSFR-enforcingsubsystems.ADV_TDS.1.5CThedesignshallprovideadescriptionoftheinteractionsamongSFR-enforcingsubsystemsoftheTSF,andbetweentheSFR-enforcingsubsystemsoftheTSFandothersubsystemsoftheTSF.ADV_TDS.1.6CThemappingshalldemonstratethatallTSFIstracetothebehaviourdescribedintheTOEdesignthattheyinvoke.
6.2.4AGD_OPE.1Operationaluserguidance
Developeractionelements:AGD_OPE.1.1DThedevelopershallprovideoperationaluserguidance.Contentandpresentationelements:AGD_OPE.1.1CThe operational user guidance shall describe, for each user role, the user-accessible functions andprivilegesthatshouldbecontrolledinasecureprocessingenvironment,includingappropriatewarnings.AGD_OPE.1.2CThe operational user guidance shall describe, for each user role, how to use the available interfacesprovidedbytheTOEinasecuremanner.AGD_OPE.1.3CTheoperationaluserguidanceshalldescribe,foreachuserrole,theavailablefunctionsandinterfaces,inparticularallsecurityparametersunderthecontroloftheuser,indicatingsecurevaluesasappropriate.AGD_OPE.1.4CTheoperationaluser guidance shall, for eachuser role, clearlypresenteach typeof security-relevanteventrelativetotheuser-accessiblefunctionsthatneedtobeperformed,includingchangingthesecuritycharacteristicsofentitiesunderthecontroloftheTSF.AGD_OPE.1.5CThe operational user guidance shall identify all possible modes of operation of the TOE (includingoperation following failureoroperationalerror), their consequencesand implications formaintainingsecureoperation.AGD_OPE.1.6CTheoperationaluserguidanceshall,foreachuserrole,describethesecuritymeasurestobefollowedinordertofulfilthesecurityobjectivesfortheoperationalenvironmentasdescribedintheST.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 57 of 91
AGD_OPE.1.7CTheoperationaluserguidanceshallbeclearandreasonable.
6.2.5AGD_PRE.1Preparativeprocedures
Developeractionelements:AGD_PRE.1.1DThedevelopershallprovidetheTOEincludingitspreparativeprocedures.Contentandpresentationelements:AGD_PRE.1.1CThepreparativeproceduresshalldescribeallthestepsnecessaryforsecureacceptanceofthedeliveredTOEinaccordancewiththedeveloper'sdeliveryprocedures.AGD_PRE.1.2CThepreparativeproceduresshalldescribeallthestepsnecessaryforsecureinstallationoftheTOEandforthesecurepreparationoftheoperationalenvironmentinaccordancewiththesecurityobjectivesfortheoperationalenvironmentasdescribedintheST. 6.2.6ALC_CMC.3Authorisationcontrols
Developeractionelements:ALC_CMC.3.1DThedevelopershallprovidetheTOEandareferencefortheTOE.ALC_CMC.3.2DThedevelopershallprovidetheCMdocumentation.ALC_CMC.3.3DThedevelopershalluseaCMsystem.Contentandpresentationelements:ALC_CMC.3.1CTheTOEshallbelabelledwithitsuniquereference.ALC_CMC.3.2CTheCMdocumentationshalldescribethemethodusedtouniquelyidentifytheconfigurationitems.ALC_CMC.3.3CTheCMsystemshalluniquelyidentifyallconfigurationitems.ALC_CMC.3.4CTheCMsystemshallprovidemeasuressuchthatonlyauthorisedchangesaremadetotheconfigurationitems.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 58 of 91
ALC_CMC.3.5CTheCMdocumentationshallincludeaCMplan.ALC_CMC.3.6CTheCMplanshalldescribehowtheCMsystemisusedforthedevelopmentoftheTOE.ALC_CMC.3.7CTheevidenceshalldemonstratethatallconfigurationitemsarebeingmaintainedundertheCMsystem.ALC_CMC.3.8CTheevidenceshalldemonstratethattheCMsystemisbeingoperatedinaccordancewiththeCMplan.
6.2.7ALC_CMS.3ImplementationrepresentationCMcoverage
Developeractionelements:ALC_CMS.3.1DThedevelopershallprovideaconfigurationlistfortheTOE.Contentandpresentationelements:ALC_CMS.3.1CTheconfigurationlistshallincludethefollowing:theTOEitself;theevaluationevidencerequiredbytheSARs;thepartsthatcomprisetheTOE;andtheimplementationrepresentation.ALC_CMS.3.2CTheconfigurationlistshalluniquelyidentifytheconfigurationitems.ALC_CMS.3.3CForeachTSFrelevantconfigurationitem,theconfigurationlistshallindicatethedeveloperoftheitem.
6.2.8ALC_DEL.1Deliveryprocedures
Developeractionelements:ALC_DEL.1.1DThe developer shall document and provide procedures for delivery of the TOE or parts of it to theconsumer.ALC_DEL.1.2DThedevelopershallusethedeliveryprocedures.Contentandpresentationelements:ALC_DEL.1.1CThedeliverydocumentationshalldescribeallproceduresthatarenecessarytomaintainsecuritywhendistributingversionsoftheTOEtotheconsumer.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 59 of 91
6.2.10ALC_DVS.1Identificationofsecuritymeasures
Developeractionelements:ALC_DVS.1.1DThedevelopershallproduceandprovidedevelopmentsecuritydocumentation.Contentandpresentationelements:ALC_DVS.1.1CThedevelopmentsecuritydocumentationshalldescribeallthephysical,procedural,personnel,andothersecuritymeasuresthatarenecessarytoprotecttheconfidentialityandintegrityoftheTOEdesignandimplementationinitsdevelopmentenvironment.6.2.11ALC_LCD.1Developerdefinedlife-cyclemodel
Developeractionelements:ALC_LCD.1.1DThedevelopershallestablishalife-cyclemodeltobeusedinthedevelopmentandmaintenanceoftheTOE.ALC_LCD.1.2DThedevelopershallprovidelife-cycledefinitiondocumentation.Contentandpresentationelements:ALC_LCD.1.1CThelife-cycledefinitiondocumentationshalldescribethemodelusedtodevelopandmaintaintheTOE.ALC_LCD.1.2CThelife-cyclemodelshallprovideforthenecessarycontroloverthedevelopmentandmaintenanceoftheTOE.
6.2.12ASE_CCL.1Conformanceclaims
Developeractionelements:ASE_CCL.1.1DThedevelopershallprovideaconformanceclaim.ASE_CCL.1.2DThedevelopershallprovideaconformanceclaimrationale.Contentandpresentationelements:ASE_CCL.1.1CTheconformanceclaimshallcontainaCCconformanceclaimthatidentifiestheversionoftheCCtowhichtheSTandtheTOEclaimconformance.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 60 of 91
ASE_CCL.1.2CTheCCconformanceclaimshalldescribe theconformanceof theST toCCPart2aseitherCCPart2conformantorCCPart2extended.ASE_CCL.1.3CTheCC conformance claim shall describe the conformanceof the ST toCCPart 3 as eitherCCPart 3conformantorCCPart3extended.ASE_CCL.1.4CTheCCconformanceclaimshallbeconsistentwiththeextendedcomponentsdefinition.ASE_CCL.1.5CTheconformanceclaimshallidentifyallPPsandsecurityrequirementpackagestowhichtheSTclaimsconformance.ASE_CCL.1.6CThe conformance claim shall describe any conformance of the ST to a package as either package-conformantorpackage-augmented.ASE_CCL.1.7CTheconformanceclaimrationaleshalldemonstratethattheTOEtypeisconsistentwiththeTOEtypeinthePPsforwhichconformanceisbeingclaimed.ASE_CCL.1.8CTheconformanceclaimrationaleshalldemonstratethatthestatementofthesecurityproblemdefinitionisconsistentwiththestatementofthesecurityproblemdefinitioninthePPsforwhichconformanceisbeingclaimed.ASE_CCL.1.9CTheconformanceclaimrationaleshalldemonstratethatthestatementofsecurityobjectivesisconsistentwiththestatementofsecurityobjectivesinthePPsforwhichconformanceisbeingclaimed.ASE_CCL.1.10CThe conformance claim rationale shall demonstrate that the statement of security requirements isconsistent with the statement of security requirements in the PPs for which conformance is beingclaimed.
6.2.13ASE_ECD.1Extendedcomponentsdefinition
Developeractionelements:ASE_ECD.1.1DThedevelopershallprovideastatementofsecurityrequirements.ASE_ECD.1.2DThedevelopershallprovideanextendedcomponentsdefinition.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 61 of 91
Contentandpresentationelements:ASE_ECD.1.1CThestatementofsecurityrequirementsshallidentifyallextendedsecurityrequirements.ASE_ECD.1.2CTheextendedcomponentsdefinition shalldefineanextendedcomponent foreachextended securityrequirement.ASE_ECD.1.3CThe extended components definition shall describe how each extended component is related to theexistingCCcomponents,families,andclasses.ASE_ECD.1.4CThe extended components definition shall use the existing CC components, families, classes, andmethodologyasamodelforpresentation.ASE_ECD.1.5CTheextendedcomponentsshallconsistofmeasurableandobjectiveelementssuchthatconformanceornon-conformancetotheseelementscanbedemonstrated.
6.2.14ASE_INT.1STintroduction
Developeractionelements:ASE_INT.1.1DThedevelopershallprovideanSTintroduction.Contentandpresentationelements:ASE_INT.1.1CTheSTintroductionshallcontainanSTreference,aTOEreference,aTOEoverviewandaTOEdescription.ASE_INT.1.2CTheSTreferenceshalluniquelyidentifytheST.ASE_INT.1.3CTheTOEreferenceshallidentifytheTOE.ASE_INT.1.4CTheTOEoverviewshallsummarizetheusageandmajorsecurityfeaturesoftheTOE.ASE_INT.1.5CTheTOEoverviewshallidentifytheTOEtype.ASE_INT.1.6CTheTOEoverviewshallidentifyhardware/software/firmwarerequiredbytheTOE.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 62 of 91
ASE_INT.1.7CTheTOEdescriptionshalldescribethephysicalscopeoftheTOE.ASE_INT.1.8CTheTOEdescriptionshalldescribethelogicalscopeoftheTOE.
6.2.15ASE_OBJ.2Securityobjectives
Developeractionelements:ASE_OBJ.2.1DThedevelopershallprovideastatementofsecurityobjectives.ASE_OBJ.2.2DThedevelopershallprovideasecurityobjectivesrationale.Contentandpresentationelements:ASE_OBJ.2.1CThestatementofsecurityobjectivesshalldescribethesecurityobjectivesfortheTOEandthesecurityobjectivesfortheoperationalenvironment.ASE_OBJ.2.2CThesecurityobjectivesrationaleshalltraceeachsecurityobjectivefortheTOEbacktothreatscounteredbythatsecurityobjectiveandOSPsenforcedbythatsecurityobjective.ASE_OBJ.2.3CThesecurityobjectivesrationaleshalltraceeachsecurityobjectivefortheoperationalenvironmentbacktothreatscounteredbythatsecurityobjective,OSPsenforcedbythatsecurityobjective,andassumptionsupheldbythatsecurityobjective.ASE_OBJ.2.4CThesecurityobjectivesrationaleshalldemonstratethatthesecurityobjectivescounterallthreats.ASE_OBJ.2.5CThesecurityobjectivesrationaleshalldemonstratethatthesecurityobjectivesenforceallOSPs.ASE_OBJ.2.6CThe security objectives rationale shall demonstrate that the security objectives for the operationalenvironmentupholdallassumptions.
6.2.16ASE_REQ.2Derivedsecurityrequirements
Developeractionelements:ASE_REQ.2.1DThedevelopershallprovideastatementofsecurityrequirements.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 63 of 91
ASE_REQ.2.2DThedevelopershallprovideasecurityrequirementsrationale.Contentandpresentationelements:ASE_REQ.2.1CThestatementofsecurityrequirementsshalldescribetheSFRsandtheSARs.ASE_REQ.2.2CAllsubjects,objects,operations,securityattributes,externalentitiesandothertermsthatareusedintheSFRsandtheSARsshallbedefined.ASE_REQ.2.3CThestatementofsecurityrequirementsshallidentifyalloperationsonthesecurityrequirements.ASE_REQ.2.4CAlloperationsshallbeperformedcorrectly.ASE_REQ.2.5CEach dependency of the security requirements shall either be satisfied, or the security requirementsrationaleshalljustifythedependencynotbeingsatisfied.ASE_REQ.2.6CThesecurityrequirementsrationaleshalltraceeachSFRbacktothesecurityobjectivesfortheTOE.ASE_REQ.2.7CThesecurityrequirementsrationaleshalldemonstratethattheSFRsmeetallsecurityobjectivesfortheTOE.ASE_REQ.2.8CThesecurityrequirementsrationaleshallexplainwhytheSARswerechosen.ASE_REQ.2.9CThestatementofsecurityrequirementsshallbeinternallyconsistent.
6.2.17ASE_SPD.1Securityproblemdefinition
Developeractionelements:ASE_SPD.1.1DThedevelopershallprovideasecurityproblemdefinition.Contentandpresentationelements:ASE_SPD.1.1CThesecurityproblemdefinitionshalldescribethethreats.ASE_SPD.1.2CAllthreatsshallbedescribedintermsofathreatagent,anasset,andanadverseaction.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 64 of 91
ASE_SPD.1.3CThesecurityproblemdefinitionshalldescribetheOSPs.ASE_SPD.1.4CThesecurityproblemdefinitionshalldescribetheassumptionsabouttheoperationalenvironmentoftheTOE.
6.2.18ASE_TSS.1TOEsummaryspecification
Developeractionelements:ASE_TSS.1.1DThedevelopershallprovideaTOEsummaryspecification.Contentandpresentationelements:ASE_TSS.1.1CTheTOEsummaryspecificationshalldescribehowtheTOEmeetseachSFR.
6.2.19ATE_COV.1Evidenceofcoverage
Developeractionelements:ATE_COV.1.1DThedevelopershallprovideevidenceofthetestcoverage.Contentandpresentationelements:ATE_COV.1.1CThe evidence of the test coverage shall show the correspondence between the tests in the testdocumentationandtheTSFIsinthefunctionalspecification.
6.2.20ATE_FUN.1Functionaltesting
Developeractionelements:ATE_FUN.1.1DThedevelopershalltesttheTSFanddocumenttheresults.ATE_FUN.1.2DThedevelopershallprovidetestdocumentation.Contentandpresentationelements:ATE_FUN.1.1CThetestdocumentationshallconsistoftestplans,expectedtestresultsandactualtestresults.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 65 of 91
ATE_FUN.1.2CThetestplansshall identifytheteststobeperformedanddescribethescenariosforperformingeachtest.Thesescenariosshallincludeanyorderingdependenciesontheresultsofothertests.ATE_FUN.1.3CTheexpectedtestresultsshallshowtheanticipatedoutputsfromasuccessfulexecutionofthetests.ATE_FUN.1.4CTheactualtestresultsshallbeconsistentwiththeexpectedtestresults.
6.2.21ATE_IND.2Independenttesting-sample
Developeractionelements:ATE_IND.2.1DThedevelopershallprovidetheTOEfortesting.Contentandpresentationelements:ATE_IND.2.1CTheTOEshallbesuitablefortesting.ATE_IND.2.2CThedevelopershallprovideanequivalentsetofresourcestothosethatwereused inthedeveloper'sfunctionaltestingoftheTSF.
6.2.22AVA_VAN.2Vulnerabilityanalysis
Developeractionelements:AVA_VAN.2.1DThedevelopershallprovidetheTOEfortesting.Contentandpresentationelements:AVA_VAN.2.1CTheTOEshallbesuitablefortesting.6.3SecurityRequirementsRationale
6.3.1AssuranceRationale
EAL 2+ was chosen to provide a low to moderate level of assurance that is consistent with goodcommercialpractices.Assuch,minimaladditionaltasksareplaceduponthevendorassumingthevendorfollowsreasonablesoftwareengineeringpracticesandcanprovidesupporttotheevaluationfordesignand testing efforts. The chosen assurance level is appropriate with the threats defined for theenvironment.While theTOEmaymonitorahostileenvironment, it isexpectedtobe inanon-hostile
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 66 of 91
positionandprotectedbyotherproductsdesignedtoaddressthreatsthatcorrespondwiththeintendedenvironment.
HaltdoshaschosentoaugmentEAL2byaddingtheassurancecomponentALC_CMC.3andALC_CMS.3,toassurethatallthecomponentsoftheTOEareunderasecureandreliableprocessfortherefinementandmodification, this provides an assurance that the functionalworking of the components are notcompromisedduringdeployment/updating.
6.3.2DependenciesSatisfactionRationale
Table 6-8 shows the dependencies between the functional requirements including the extendedcomponentsdefinedinSection5.
SFRID SFRTitle DependenciesSecurityAudit
FAU_GEN.1 Auditdatageneration FPT_STM.1FAU_GEN.2 Useridentityassociation FAU_GEN.1
FIA_UID.1FAU_SAR.1 Auditreview FAU_GEN.1FAU_SAR.3 Selectableauditreview FAU_GEN.1FAU_STG.1 Protectedaudittrailstorage FAU_SAR.1
IdentificationandAuthenticationFIA_ATD.1 Userattributedefinition NoneFIA_SOS.1 VerificationofSecrets NoneFIA_UAU.5 Multipleauthenticationmechanism NoneFIA_UAU_EXT.2 Userauthenticationbeforeanyaction FIA_UID.1FIA_UID.2 Useridentificationbeforeanyaction None
SecurityManagementFMT_MTD.1 ManagementofTSFdata FMT_SMF.1
FMT_SMR.1FMT_SMF.1 Specificationofmanagementfunctions NoneFMT_SMR.1 Securityroles FIA_UID.1FMT_MSA.1 ManagementofSecurityAttributes FDP_IFC.1
FMT_SMF.1FMT_SMR.1
FMT_MSA.3 StaticAttributeInitialization FMT_MSA.1FMT_SMR.1
SecurityFPT_FLS.1 FailurewithPreservationofSecureState NoneFPT_STM.1 ReliableTimeStamps None
DistributedDenialofServiceDDoS_DEF_EXT.1 DDoSDefence NoneDDoS_NOT_EXT.1 SecurityNotifications DDoS_DEF_EXT.1
TrustedPath/ChannelsFTP_ITC.1 Inter-TSFtrustedChannel None
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 67 of 91
FTP_TRP.1 TrustedPath/Channel NoneUserDataProtection
FDP_IFC.1 SubsetInformationFlowControl FDP_IFF.1FDP_IFF.1 SimpleSecurityAttributes FDP_IFC.1
FMT_MSA.3FDP_ITC.1 ImportofUserDatawithoutSecurityAttributes FDP_IFC.1
FMT_MSA.3FDP_ITT.1 TransferofUserData FDP_IFC.1
CryptographicSupportFCS_COP.1a Cryptographicoperation FDP_ITC.1FCS_COP.1b Cryptographicoperation FDP_ITC.1FCS_COP.1c Cryptographicoperation FDP_ITC.1
TABLE6-8:TOEDEPENDENCIESSATISFIED 6.3.3FunctionalRequirementsvsObjectivesSatisfactionRationale
Table6-9traceseachSFRbacktothesecurityobjectivesfortheTOEdemonstratingthatALLSFRsmaptoALLsecurityobjectivesfortheTOE.
SFRID SFRTitle ObjectivesSecurityAudit
FAU_GEN.1 Auditdatageneration O.AUDITFAU_GEN.2 Useridentityassociation O.AUDITFAU_SAR.1 Auditreview O.AUDITFAU_SAR.3 Selectableauditreview O.AUDITFAU_STG.1 Protectedaudittrailstorage O.AUDIT
IdentificationandAuthenticationFIA_ATD.1 Userattributedefinition O.IDAUTHFIA_SOS.1 VerificationofSecrets O.IDAUTHFIA_UAU.5 Multipleauthenticationmechanism O.IDAUTHFIA_UAU_EXT.2 Userauthenticationbeforeanyaction O.IDAUTHFIA_UID.2 Useridentificationbeforeanyaction O.IDAUTH
SecurityManagementFMT_MTD.1 ManagementofTSFdata O.MANAGEFMT_SMF.1 Specificationofmanagementfunctions O.MANAGEFMT_SMR.1 Securityroles O.MANAGEFMT_MSA.1 ManagementofSecurityAttributes O.MANAGEFMT_MSA.3 StaticAttributeInitialization O.DDoSMITIGATE
SecurityFPT_FLS.1 FailurewithPreservationofSecureState O.FAILSAFEFPT_STM.1 ReliableTimeStamps O.AUDIT
DistributedDenialofServiceDDoS_DEF_EXT.1 DDoSDefence O.DDoSMITIGATEDDoS_NOT_EXT.1 SecurityNotifications O.DDoSALERT
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 68 of 91
TrustedPath/ChannelsFTP_ITC.1 Inter-TSFtrustedChannel O.PROCOM
O.IDAUTHFTP_TRP.1 TrustedPath/Channel O.PROCOM
O.MANAGEUserDataProtection
FDP_IFC.1 SubsetInformationFlowControl O.DDoSMITIGATEFDP_IFF.1 SimpleSecurityAttributes O.DDoSMITIGATEFDP_ITC.1 ImportofUserDatawithoutSecurityAttributes O.MANAGEFDP_ITT.1 TransferofUserData O.AUDIT
CryptographicSupportFCS_COP.1a Cryptographicoperation O.PROCOMFCS_COP.1b Cryptographicoperation O.PROCOMFCS_COP.1c Cryptographicoperation O.PROCOM
O.MANAGETABLE6-9:MAPPINGOFTOESFRSTOTOESECURITYOBJECTIVES
TheTable6-10providestherationaleforhoweachobjectiveissatisfiedbytheTOE.
ObjectiveID SFRID/Title Rationale
O.AUDIT
The TOE must provide a means torecord, store and review securityrelevanteventsinauditrecordstotracethe responsibility of all actionsregardingsecurity.
FAU_GEN.1Auditrecordsaregeneratedforsecurity-relevantevents.
FAU_GEN.2Theuser/sourceisassociatedwiththeauditeventsisrecorded.
FAU_SAR.1TheTOEprovidestheabilitytoreviewandmanagetheaudittrailofthesystem.
FAU_SAR.3
TheTOEiscapableofprovidingsearchingcapabilitiesoftheauditrecords.TheTOEiscapableofprovidingselectioncapabilitiesforauditingtoincludeorexcludeauditableeventsfromthesetofauditedevents.
FAU_STG.1TheTOEisabletoprotectauditrecordsstoredinternally.
FPT_STM.1
TheTOEprovidesthetimestamprequiredfortheauditrecord.TheTOEsupportsthesettingofthetimemanuallyorconfiguringanexternalNTPserver.
FDP_ITT.1
TheTOEvalidatesunauthorizedmodificationofuserdatasuchasGeoIP,TORIP,IPReputationfeedsandsoftwareupdateswhenitisdownloadedfromexternalenvironment.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 69 of 91
O.DDoSALERT
TheTOEwillprovidethecapabilitytoalertadministratorswhenDDoSattacksaredetectedandothercustomizableevents,conditions,andsystemerrors.
DDoS_NOT_EXT.1
TheTOEiscapableofgeneratingnotificationsbased upon administratively defined set ofevents, conditions, or system errors. Thenotificationscanbesentviaemailor loggingmessage.
O.DDoSMITIGATE
TheTOEmustlimitresourceusagetoanacceptablelevel(stoplegitimate/illegitimateclientsfromoverusingresourcesandstopDDoSattacks).TheTOEmustbeabletoserveasaratebasedcontrollerandpolicebothmalicioususerswhoattempttofloodthenetworkwithDDoSattacks,andauthorizeduserswhomayoveruseresources.
DDoS_DEF_EXT.1
The TOE protects Internet Protocol (IP)networksagainstDDoSattacksbysuccessfullyidentifying and mitigating attacks viamechanisms such as filtering, Whitelists,Blacklists,TCPSYNratemonitoring,etc.
FDP_IFC.1
TheTOEprotectsthenetworkbyfilteringoutmalicious DDoS attack packets therebyensuringavailabilityofnetwork resources tolegitimateusers.
FDP_IFF.1
The TOE protects the network from filteringout known malicious IP addresses, andpackets thatmatch configuredpolicy on theTOE.
FMT_MSA.3
TheTOEallowslegitimateuserswithsufficientprivilegestoupdatesecuritypolicyontheTOEto adjust the type of traffic to be allowed /disallowedinandoutofthenetwork.
O.FAILSAFE
The failure of the TOE must notinterrupttheflowoftrafficthroughtheTOEbetweennetworks.
FPT_FLS.1
FPT_FLS.1ensuresthattheTOEpreservesasecurestatewhenthereisahardware,softwareorpowerfailure.
O.IDAUTH
The TOE must uniquely identify andauthenticatetheclaimedidentityofalladministrativeusers,beforegrantinganadministrative user access to TOEfunctions.
FIA_ATD.1UserattributesrequiredforidentificationandauthenticationarestoredbytheTOE.
FIA_UAU.5
Providesforlocalauthenticationandtheinvocationofanexternalauthenticationmechanism(onlyclaimingtheabilitytointerfacewithRADIUSservers).
FIA_UAU_EXT.2All authorized users are successfullyauthenticated before allowing anymanagementactionsonbehalfofthatuser.
FIA_UID.2All users are successfully identified beforeallowing any other TSF-mediated actions onbehalfofthatuser.
FIA_SOS.1Provides the enforced password policy fornativepasswordauthentication.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 70 of 91
FTP_ITC.1
Provides trusted communications to theexternalauthenticationmechanismsthatcanoptionally be used to identify andauthenticatetherequestinguser.
O.MANAGE
The TOE will provide all the functionsand facilities necessary to support theadministratorsintheirmanagementofthe security of the TOE, and restrictthese functions and facilities fromunauthorizeduse.
FMT_MTD.1The TOE allows for the appropriatemanagement TSF data within each Securityfunction.
FMT_SMF.1Ensures that the TOE security Function datamayonlybemodifiedbyanauthorizeduser.
FMT_SMR.1
This objective is met by supporting multiplemanagement roles (ADMINISTRATOR,VISITOR, SECURITY ANALYST, NETWORKANALYSTandSYSTEMADMINISTRATOR).
FMT_MSA.1
The TOE provides a set of default securitypolicy which can be configured only byauthorizedusersof theTOEwithsufficientprivileges.
FTP_TRP.1Provides for the trusted path required forremotemanagementoftheTOE.
FDP_ITC.1
TheTOEperiodicallydownloadsupdates(GeoIP, TOR IP, IP Reputation feeds & softwareupdates)fromtrusteddeveloperrepositoryatupdate.haltdos.com. This periodic updateallows the TOE to be up to date with latestmalicious IPs and enables continuousprotectionagainstknownattacksources.
FCS_COP.1c
TheTOEvalidatesperiodicupdates(TORIP,IPReputation feeds & software updates) byvalidating its hash value to detectunauthorizedmodificationduringtransit.
O.PROCOM
The TOEwill provide a secure sessionfor communication between the TOEand the remote administrator’sbrowser trying to access thehdDeviceUIorremoteaccesstotheCLI.
FTP_ITC.1
TheTOErequirestheestablishmentofanSSL/TLSconnectionfromtheTOEusers’browserwhenconnectingtohdUIoverHTTPS.
FTP_TRP.1
TheTOErequirestheestablishmentofanSSHconnectioninordertoaccesstheTOEremotelytousetheCLI.
FCS_COP.1a
TheTOErequirestheestablishmentofanSSL/TLSconnectionfromtheTOEusers’browserwhenconnectingtohdUIover
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 71 of 91
HTTPS.HTTPSusesasymmetric&symmetricencryptionforcreatingSSLtunnel.
FCS_COP.1b
TheTOErequirestheestablishmentofanSSL/TLSconnectionfromtheTOEusers’browserwhenconnectingtohdUIoverHTTPS.HTTPSusesasymmetric&symmetricencryptionforcreatingSSLtunnel.
FCS_COP.1c
TheTOEvalidatesperiodicupdates(GeoIP,TORIPandIPReputationfeeds)byvalidatingitshashvaluetodetectunauthorizedmodificationduringtransit.
TABLE6-10:ALLTOEOBJECTIVESMETBYSECURITYFUNCTIONALREQUIREMENTS
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 72 of 91
7TOESummarySpecification
Section 7 describes the specific Security Functions of the TOE that meet the criteria of the securityfeaturesthataredescribedinSection1.4.9LogicalScopeoftheTOE.
ThefollowingsubsectionsdescribehowtheTOEmeetseachSFRlistedinSection6.
SecurityClass SFRs SecurityFunctionsSecurityaudit FAU_GEN.1
SA-1FAU_GEN.2FAU_SAR.1
SA-2FAU_SAR.3FAU_STG.1 SA-3
ProtectionofTSF
FPT_FLS.1 FPT-1FPT_STM.1 FPT-2
Identificationandauthentication
FIA_ATD.1 IA-1FIA_SOS.1
IA-2
FIA_UAU.5FIA_UAU_EXT.2
FIA_UID.2SecurityManagement
FMT_MTD.1SM-1FMT_MSA.3
FMT_MSA.1FMT_SMF.1 SM-2FMT_SMR.1 SM-3
TrustedCommunication FTP_ITC.1TC-1
FCS_COP.1aFCS_COP.1c
TC-2FDP_ITC.1FDP_ITT.1FCS_COP.1a TC-3FTP_TRP.1
TC-4FCS_COP.1aFCS_COP.1b
ResourceUtilization(DDoSProtection)
DDoS_DEF_EXT.1DDoS-1DDoS-2FDP_IFC.1
FDP_IFF.1 DDoS_NOT_EXT.1 DDoS-3
TABLE7-1:SECURITYFUNCTIONALREQUIREMENTSMAPPEDTOSECURITYFUNCTIONS
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 73 of 91
7.1SecurityAudit
7.1.1SA-1:AuditGeneration
TheTOE’saudit trailequates to theTOEaudit logsandsyslog (2different fileswithoverlap)which isstoredontheappliance.
AuditrecordsaregeneratedwithintheTOEbytheTSFfortheeventslistedinFAU_GEN.1.Auditrecordscontainatimestamp,theinformationoftheentitytriggeringtheevent(usernameorsystem),theevent(e.g. Configuration changes,CLI commandusage,Deploymentmode changes), anda summaryof theeventaswellastheadditionalinformationlistedinTable6-2andTablelistedinSectionTable6-3.
7.1.2SA-2:AuditReview
AnauthorizedSYSTEMADMINISTRATORusercanreadallthelogs(auditdata)generated.TheWebGUIADMINISTRATOR user can also view events on the event page with the ability to search on variousinformationisprovided.
FollowingisthelistoffiltersthatcanbeappliedontheWebGUI(hdDeviceUI)forviewingtheeventsontheeventspage(inWebGUIeventscannotbefilteredbasedonsub-systemsdefinedinsection6.1.1.1):
Information DescriptionUsername Theuserwhomadethechange,or“system”ifitisasystem-generatedchange.
CreatedAfter ThedateafterwhichthechangehashappenedCreatedbefore Thedatebeforewhichchangewasmade
Eventtype Typeoftheevent
Searchbox Allowsusertosearchondatafromanycolumnonthepageexceptthedate.
TABLE7-2:AUDITSEARCHFIELDSTheTOEdisplayssearchresultsinchronologicalorderwiththemostrecenteventdisplayedfirst.Auditlogsintheapplianceareavailablein/var/log/haltdos/folder.Thesub-systemsdefinedinsection6.1.1.1generate their respective logswith the assigned name and timestamp in the folder /var/log/haltdos.TheselogscanbeviewedandfilteredbyusingstandardUNIXcommandssuchasgrep/tail/less.
Sub-System CommandhdCLI less/var/log/haltdos/website.<yyyy-MM-dd>.log
hdDeviceUI less/var/log/haltdos/website.<yyyy-MM-dd>.loghdDetectionService less/var/log/haltdos/detection.<yyyy-MM-dd>.log
hdInspector less/var/log/haltdos/haltdos.log
TABLE7-3:SUB-SYSTEMLOGS 7.1.3SA-3:AuditProtection
TheTSFprotectsthestoredauditrecordsontheTOEfromunauthorizeddeletionandmodificationsviatheTSFIs.TheAuditdataresidesontheTOEPlatformandcanonlybeaccessedusingtheWebGUIorif
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 74 of 91
theuserisaSYSTEMADMINISTRATORontheTOEappliance.TheWebGUIdoesnotprovideanoptionforuserstodeleteormodifythechangeLog(akaauditlog)butallowsuserstosearchandviewlogsonly.TheTOEdoesautomaticallydeleteoldestauditdatalogfile(syslogandchangelog)whenthemaximumnumberofrotatedsyslogfilestoberetainedismet(i.e.maxlimitissetto5thenon6throllovertheoldestrotatedfileisdeleted.ThemaxlimitisconfigurableviaWebGUItoamaxlimitof6months.ItishighlyrecommendedthattheTOEbeconfiguredtouseanexternalftpservertocontinuallyoffloadtheauditfor long termstorage.TheTOEsupports themanualexportingof the syslog files via theCLI / serviceloggingremote<IPaddress>.
TheTOEalsosupportsthemanualexportingofthesyslogfilesviaremoteaccess.TheTOEdoesnotallowforthemodificationordeletionofanyoftheTOE’sauditdata(ChangeLogorsyslog)viatheCLIcommandsortheWebGUI.
7.2ProtectionofTSF
7.2.1FPT-1:Failurewithpreservationofsecurestate
SecureStateforthisproductisdefinedasthestatewhentheTOEPlatformprovidesuninterruptedaccessto resources on the Internal Network to intended users. The failure of the TOEmust not make theresourcesunavailable.
Theflowofnetworktrafficisnotinterferedwith,monitored,orfiltered,duringthebootcycleastheTOEisinbypassmode.TheTOEmustinitializesuccessfullyinorderfortheTOEtobeplacedoutofbypassmodeforoperationaluse.
TheappliancerunningtheTOEmustbebypasscapable.Ifpowerfailures,hardwarefailures,orsoftwareissuesaffecttheTOEduringoperationaluse,theTOEisplacedinbypassmodeandthenetworktrafficispassedthroughtheapplianceunaffectedthuspreventingresourcesbeingmadeunavailable.
Inthecaseofapowersupplyfailure,theredundantpowerarchitecture(ifconfigured)willtakeoverandmaintainsafeoperation. Incaseofcompletepowersupplyfailure,theTOEpassestrafficwithoutanymonitoringorfilteringinanuninterruptedmanner.
7.2.2FPT-2:ReliableTimeStamps
AnadministratorcansetorresettheclockinappliancerunningtheTOEbyremotelyaccessingitusingSSH.
AnadministratorcanoptionallyconfiguretheappliancerunningtheTOEtouseanNTPserverusingtheSSH.TheTOEcanprovideitsowntimestampthroughasystemcalltothesupportingoperatingsystemwhichispartoftheappliance.ItishighlyrecommendedthattheenterprisenetworkbeingprotectedhaveitstimesynchronizedwithaNTPserver.TheTOEsupportstheuseofanNTPservertoupdatethesystem’stimeclock.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 75 of 91
7.3IdentificationandAuthentication
7.3.1IA-1:UserAttributes
TheTSFmaintainsthefollowingsecurityattributesforeachindividualTOEuserforusewithlocalpasswordauthenticationonly:
• Username• Password• Authority• Email
7.3.2IA-2:UserI&A
TheTSFrequireseachusertoself-identifybeforebeingallowedtoperformanyotheractions.TheTSFrequiresanadministrator tobe successfullyauthenticatedwithapasswordbeforebeingallowedanyothermanagementactions.AuthenticationishandledvialocalpasswordprotectionortheTOEinvokesan external authentication mechanism (RADIUS) for the authentication decision. The TOE tries eachmethodaccordingtothefollowingprecedenceorder:RADIUS(ifconfigured),LOCAL.Belowisatableofscenariostohelpinunderstandingtheauthenticationenforcementdescribedabove.
Thetopleftcornersetsthescenario.TheMethodStatusisindicatingwhetheranyexternalauthenticationmechanismsareAvailable(operationalandnetworkreachable)orareNOTavailable(notreachableonnetwork).Theprecedenceordersetshowstheorderinwhichauthenticationmethodmaybecalled.TheFinalOutcome/MethodrowshowsthefinaldecisiontheTOEwouldenforceandwhichauthenticationserverwasthefinaldecisionmaker.
MethodStatus:AvailablePrecedenceOrderSet:R,L Scenario1 Scenario2 Scenario3
1 RADIUS Success Stops Failure Next Failure Next2 LOCAL Success Stops Failure Stops
OverallOutcome/Method Success RADIUS Success LOCAL Failure LOCAL
MethodStatus:NOTAvailablePrecedenceOrderSet:R,L Scenario1 Scenario2
Scenario3
1 RADIUSNetworkError
NetworkError N/A
2 LOCAL Success Stops Failure Stops
OverallOutcome/Method Success LOCAL Failure LOCAL
TABLE7-4:AUTHENTICATIONSCENARIOEXAMPLES
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 76 of 91
TOEPasswordPolicyLocal passwords have a software enforced password policy. The password policy is within the usermanual.Therequirementsare:
• mustbeatleast8characterslong• mustbenomorethan72characterslong• canincludespecialcharacters,spaces,andquotationmarks• cannotbealldigits• mustconsistofatleastoneuppercaseandonelowercaseletter• Mustconsistofatleastonedigit• cannotbeonlylettersfollowedbyonlydigits(forexample,abcd123)• cannotbeonlydigitsfollowedbyonlyletters(forexample,123abcd)• cannot consist of alternating letter-digit combinations (for example, 1a3A4c1 or a2B4c1d)
Additionallyinformation:
WARNING:DefaultusernameandpasswordForaccessingtheCLIfortheveryfirsttime,onemustusethedefaultusernameandpassword.Thedefaultusernameishaltdos.ThedefaultpasswordisH@ltd0s#1.Itisimperativeforsecuritypurposesthatthispasswordbechangedafterthefirst-timeloggingintothesystem.
7.4SecurityManagement 7.4.1SM-1:ManagementofTSFData
TheallowedoperationsonTSFDataandtheadministrativerolesrequiredtoexecutethemaredefinedinTable6-5:ManagementofTSFData(SeeSection6.1.3.1FMT_MTD.1ManagementofTSFdata).
7.4.2SM-2:SpecificationofManagementFunctions
The TOE is capable of performing the security management functions as defined in Table 6-5:ManagementofTSFDataofSection6.1.3.1FMT_MTD.1ManagementofTSFdata.ThefunctionsdefinedforFMT_SMFareexactlythesameasthefunctionsdefinedintheFMT_MTDrequirement.
Allmanagementfunctionsandaccessrightsarelimitedbyrole-basedmanagementasdefinedinSection7.4.3SM-3:SecurityRolesbelow.
WhenaccessingthemanagementfunctionsviatheWebGUI:
Asuccessfullyauthenticatedusercannavigatemenusandpagesbyusingtypicalnavigationalcontrols.TheWebGUImenubarindicateswhichmenuisactiveorinactiveandonlyallowstheusertoaccessthosemenusbasedontheprivilegesinheritedfromtheuser’sassignedgroup.
The menu bar is divided into the following menus: Home, Events, Dashboard, Action, Alarms, WebAnalyticsandSettings(detailsofwhichweregivenintheintroductionsection).AnADMINISTRATORhas
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 77 of 91
accesstoallthewebmenus.AVISITORonlyhasaccesstotheAdministrationmenufunctionsthatallowtheusertochangehis/herownpasswordandemailaddress.Auserwithoutloggingwon’thaveaccesstoanyofthemenusandispushedbacktotheloginpage.ThefunctionsdefinedintheFMT_MTD.1Table6-5aredividedamongstthe7webmenus(predominantlyintheAdministration)andareeithersubmenus(providefurtherdivision)orpagesthatdisplaytheactualdatasuchaslistofusersorapageofaparticularuser’sattributes.
Additionally,therearesomeadministrativefunctionsthatcanonlybehandledbyusingCLIs.Typically,theCLIisusedforinstallingandupgradingthesoftwareandcompletingtheinitialconfiguration.However,thereareadditionaladvancedfunctionsthatcanonlybeconfiguredusingtheCLI.
7.4.3SM-3:SecurityRoles
TheTOEsupportsthefollowing4userauthorities(roles):
• ADMINISTRATOR:UsersinthisgrouphavefullreadandwriteaccessonallpagesoftheWebGUI.OnehavingADMINISTRATORrightscanaddotherusers.
• VISITOR:Usersinthisgrouphaveread-onlyaccesstomostoftheWebGUIpagesandcaneditandupdatetheirownuseraccountsettings.Usersinthisgroupcannotchangeanysettings.
• NETWORKANALYST:UsersinthisgrouphavereadandwriteaccesstoallthenetworksettingsoftheTOE.TheyhavereadandwriteaccesstoAlarmsettings,Dashboards,andWebsiteanalytics.
• SECURITYANALYST:UsersinthisgrouphavereadandwriteaccesstoallthesecuritysettingsoftheTOE.TheyhavereadandwriteaccesstoAlarmsettings,DashboardsandActionsettings.
• SYSTEMADMINISTRATOR: this is a Linux root user for appliance running the TOE. This user cannot login to the hdDeviceUI since the user is not registered with hdDeviceUI in the database.
The TOE runs on LinuxOS platform and therefore also supports LinuxOS users. LinuxOS userswithadministrative privileges have access to run CLI commands to manage and configure the TOE. ThisdocumentrefersadministrativeLinuxOSusersasSYSTEMADMINISTRATOR
See Section 6.1.3.1 FMT_MTD.1 Management of TSF data table for details on the specific functionavailabletoeachrole.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 78 of 91
7.5TrustedCommunications
7.5.1TC-1:TrustedChannelforAuthentication
CommunicationbetweentheTOEandRADIUSServerrequirethattheentiredatapayloadofthepacketisencrypted, leavingonly thestandardRADIUSheader inclear textandencrypts theuser’spasswordbetweentheTOEandRADIUSServer.
7.5.2TC-2:TrustedChannelforIPReputation,TorIP&SoftwareUpdates
DuringanIPReputationandTorIPUpdates,HaltDosWebServiceusesHTTPS(Port443)todownloadthelatest IPReputationandTor IP lists threat feedbycommunicationwithHaltDosUpdateRepositoryatupdates.haltdos.com.Thehashofeachdownloadedfileisvalidatedtoensurethatthefileshavenotbeenmodifiedduringtransit.Bydefault,thisupdaterunautomaticallyevery24hours.
7.5.3TC-3:TrustedPathforCLIAccess
TheTOEalsorequirestheestablishmentofanSSHconnectioninordertoaccesstheTOEremotelytouse theCLI. The remoteplatformconnects to theTOEusing the standard SSH-2protocol throughOpenSSHversion7.2whichprovidesconfidentialityandintegrityofdataoveraninsecurenetwork.Theremoteuser’shostplatformmustthereforebeonanetworkwhereitcanaccessTCPPort22,oracustomconfiguredportsuchas8022.ThecryptociphersuitessupportedbyOpenSSHaredefaultcryptosuitesintheOpenSSHutilityandcanbecustomizedasnecessary.
7.5.4TC-4:TrustedPathforhdDeviceUI
The TOE also requires the establishment of a HTTPS connection in order to access the TOE frommanagementinterfaceonawebbrowser.hdDeviceUIrunsontheTomcatserverwhichlistensonTCPport8443.Communicationbetweentheuser (browser)andtheTOEhappensoverencryptedpathoverSSLprotocol.
7.6ResourceUtilization(DDoSProtection)
7.6.1DDoS-1:DDoSDetect
BOTNETattacksADDoSbotnet isa largesetofcompromisedcomputersthatarecontrolledremotelybyaserver.ThecontrollingserverisknownasaCnC(command-and-control)server.Usually,thecomputersinabotnet,whichareknownasbots,becomecompromisedwithouttheirusers’knowledge.Thebotsareinfectedwithmalware thatenables themtogenerateahigh-volumetrafficattack that targetsavictimserver.VictimserverscanincludeWeb,DNS,andSMTPservers.The bots can use a variety of protocols, including HTTP, IRC, and other proprietary protocols, tocommunicatewiththeCnCserverandotherbots.Forexample,abotcansendinformationaboutitself,receiveattackcommandsfromtheCnCserver,orshare"hello"messagesbetweenitselfandotherbots.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 79 of 91
Dependingonthebotnetfamily,themessagesthemselvescanbeinplaintextorencoded.Thebotnetfamilyalsodeterminesthetypeofattacksthataresupported.Theseattackscanincludeoneormoreofthefollowingtypesoffloods:HTTP,UDP,TCP,andICMP.WhenthebotsreceivecommandsfromtheCnCserver,suchastheattackmethodandtargetIPaddresses,theycollectivelyengageinDDoSattacksagainstthespecifiedtargets.Somebotnetsareavailableforhire,wherebyanindividualcanpurchasetheservicesofabotnetforaspecific period. The service allows the individual to chooseoneormore target servers for the entirebotnettoattack.Avoluntarybotnetisoneinwhichusersallowtheircomputerstobecomepartofthebotnetwiththeintentionofattackingavictimserver.Whenacomputerbecomesamemberof thebotnet, itacceptscommandsfromtheCnCserver;forexample,theattackmethodandtargetIPaddress.Thebotjoinstherestofthebotnettofloodthevictimserverwithtraffic.Some of the tools that attackers use contains a featurewhereby users can allow their computers tobecomepartofabotnet.Topreventbotnetattacks,theTOEperformsthefollowingtests:
• BasicBotnetPreventionfiltering:Whenenabled,theTOEchecksthepacketheadersforincompletefields,knownasmalformedpackets.IncaseofHTTPtraffic,theHTTPheaderscanalsobeincomplete.TheTOEblockspacketsthat are malformed (not conforming to RFC) packets. For certain types of malformed orincompletepackets,theTOEtemporarilyblocksthesourcehostiftheconfiguredthresholdsarebreached.
• BotnetSignaturesfiltering
Whenenabled,theTOEusestheIPreputationandTORIPFeedtodetectDDoSbotnetattacks,voluntarybotnetattacksandattacksfrommalicious IPaddresses. It isessentialtokeeptheIPreputationandTORIPfeedsupdatedinordertomitigateanddetectemergingDDoSattacks.TheTOEalsoimplementfeatureoftrafficshaping.TheTOEanalysesallthetrafficassignthemsuspicion score based on their various fields like source port, destination port and other andbasedonthesuspicionscorerelevantactionsaretaken.
• PreventSlowRequestAttacksfilteringDuring a slowHTTP attack, the attackermakes several connections and, on each connection,sendsapartialrequestfordatatothevictimserver.Inresponse,theserverallocatesresourcessuchasmemorytoeachconnectionandwaitsforsubsequentrequeststoarrive.Theattackersendsaverysmallportionoftherequestataratealmostequalto,but lessthan,theserver’stimeoutsetting.Therefore,theserverstaysbusyprocessingthesmallrequestsbutittakesalongtimetotimeout.Eventually,theserverstartstodenylegitimateconnectionrequestsfromotherclients.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 80 of 91
Forexample,iftheserver’stimeoutperiodis300seconds,theattackersends5bytesofa500byterequestevery299seconds(justbeforetheservertimesout).Theattackoccupiestheserver'sresourcesonthatconnectionfor29,900seconds(299*500/5).Whenenabled,theTOEchecksforHTTPrequeststhatcontainlessthanconfigurableTCPpayloadfields(inbytes).TheTOEblocksthoserequeststhatbreachthislimitandtemporarilyblocksthesourcehostofanyrequeststhatmatchthesecriteriabecausetheyarelikelytobepartofaslowHTTPattack.The Prevention of Slow Request Attacks is enhanced when it works in conjunction with theaggressiveagingsettingswhichtracksestablishedTCPconnectionsandblocksthetrafficwhenaconnectionremainsidlefortoolong.TrafficisalsoblockedwhenthebitrateforasinglerequestdropsbelowaconfiguredminimumwithminimumTCPpayloadsetting.
• GenericBandwidthFloodAttacks
HTTP flood is a continuous submission of the same HTTP request or a set of HTTP requestmessagestoavictimWebserver’sresources.Typically,theattackersendstherequestsatahighrateandforcestheWebservertorespondtoeachrequest.Asaresult,theWebserverremainsbusyanddeniesservicetolegitimaterequests.
Floodscanoriginatefrommalwareorfromanattacktoolthatusesunderlyingoperatingsystemfacilities toconnect to thevictim,createHTTPrequests,andperformtheattack.Someattackmethodscanprovideflexibilityincreatingatrafficpattern(forexample,randomizedpayloads),whileotherscanprovidebetterperformanceintermsofspeed.Themethodthattheattackerusestoconstructtherequestsdeterminesthenatureoftheattack,whichinturnaffectshowtheDDoStrafficismitigated.
Manyoftheprotectionsettingshelptopreventthistypeofattack.Examplesofthesesettingsareasfollows:• TheICMPFloodDetectionsettingsdetectICMP(ping)floodattacks.• TheRate-basedBlockingsettingsprotectagainstfloodsbyenforcingtrafficthresholds.• The Connection Proxy settings and the TCP SYN Flood Detection settings detect certain
connectionfloodattacks.
7.6.2DDoS-2AdditionalFilterControl
The TOE monitors the network traffic and mitigates attacks by using the configurational settingsconfiguredbyuseranddetectionprofiles.Detection profile helps user to configure different sensitivity levels for different protocols and theirrespectivetriggershelpingtheTOEtoidentifyvariousfloodattacks.The TOE canbeput into 3differentmodes In-line active(with filtering), In-linebypass(In-linewithoutfiltering)andoff-line.TheIn-lineactivemodeisastatewithinthein-linedeploymentmode,inwhichTheTOEmonitorstraffic,detectsandmitigatesDDoSattacks.TheIn-linebypassmodeisastatewithinthein-linedeploymentmode,inwhichtheTOEmonitorstrafficanddetectsDDoSattackbutdoesnotmitigate
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 81 of 91
(filter) them. The off-line mode is a deployment mode, in which the TOE analyses traffic withoutforwardingitandonlydetectsDDoSattacks.Keypointsforthetrafficfiltering:
a) TheTOEsupportALLprotocolonEthernet-theyeithergetforwardedordropped.b) ProductinspectsforDDoSinthefollowing:TCP,UDP,ICMPandDNS.c) PacketsinspectedmustbeIPv4.d) ARParealwaysforwarded.e) Allothertrafficcanbedroppedorforwardedbasedonconfiguration.f) ThereisnofilteringfromtheLANtotheWANnetworktraffic.
Thefollowingtabledescribesthefiltertypes,settings,andDDoSclassificationthatthefiltersupports.SettingsList Setting:Description
BlacklistCountries
Countrybox:TypethenameorselectoneormultipleCountrieswhoseIPistobeblacklist.IntheBlacklistedCountriesselectionlist,thecountriesarelistedalphabetically.
Blacklist IntheBlacklistedPrefixbox,anadministratorcantypeaIPprefixormultiplesourceIPprefixes.AllthetrafficwiththissourceIPorDestinationIPwillbedropped.AllowedPrefixesare8–32Ex.-192.168.1.0/24
Whitelist IntheWhitelistHostsbox,anadministratorcantypeanIPprefixormultiplesourceIPprefixes.AllthetrafficwiththissourceIPorDestinationIPwillbebypassesdirectlytoserverwithoutpassingthroughrestofthemitigationsevenifitwasblacklisted.AllowedPrefixare24–32Ex.-192.168.1.3/25
OnlineIPReputationFeed
NOACTION:-DisableCheckingforMaliciousIPs.ADDSUSPICION:-AddSuspiciontotrafficwhosesourceIPispresentintheIPReputationfeed.DROP:-DropthetrafficwhosesourceIPispresentintheIPReputationfeed.
BlacklistTorsIP EnabledandDisabledbuttons:Clickoneofthesebuttonstoenableordisablethiscategory.IfEnabledallthetrafficwhosesourceIPispresentinthetorIPfeedwillbedropped.
MinimumTCPPayloadLength
PayloadLengthbox:TypetheminimumTCPpayloadlengthtobeallowed.Todisablethissetting,putvalueas0.ConsecutiveThresholdbox:-IftheMinimumpayloadlengthisbreachedconsecutivetimesforthespecifiedthresholdthenthesourcewillbetemporarilysuspended.
MinimumHTTPincompleteheaderlength
Minimumincompleteheaderlengthbox:SettheminimumincompletehttpheaderlengthoftheincomingTCPPacket,belowwhichtheconnectionwillbedropped.Todisablethissetting,enterthevalue0.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 82 of 91
NXdomainpersource
Thresholdbox:SetthemaximumnumberofNXDomainDNSqueriespersourceIPtobeallowed.Todisablethissetting,putvalueas0.Durationbox:-Iftheabovethresholdisbreachedforasourcewithinthespecifieddurationthenthesourcewillbetemporarilysuspended
DNSQueryLockDown
EnabledandDisabledbuttons:Clickoneofthesebuttonstoenableordisablethiscategory.IfEnabledonlyvalidquerieswillbeallowedandrestwillbedropped.
Maxconcurrentconnections
Valuebox:SetsthemaximumconcurrentTCPconnections,protectedapplicationserverscanhandle.
Concurrentconnectionspersource
Valuebox:LimitsthemaximumnumberofsimultaneousTCPconnectionsanysourceIPcanestablishwithprotectedapplicationserverswhennotunderattack.Set0todisablemitigation.
Concurrentconnectionspersource(underattack)
Valuebox:LimitsthemaximumnumberofsimultaneousTCPconnectionsanysourceIPcanestablishwithprotectedapplicationserverswhenunderattack.Set0todisablemitigation.
AggressiveAging EnabledandDisabledbuttons:Clickoneofthesebuttonstoenableordisablethiscategory.IfEnabledstaleconnectionsolderthanConnectionExpiryDurationwillbeterminated.
Connectionexpiryduration
Valuebox:TimeafterwhichtheTCPconnectionwillbeconsideredstaleandwillbescheduledfordeletion.DisableAggressiveAgingtodisablethismitigation.
Connectionproxy
EnabledandDisabledbuttons:Clickoneofthesebuttonstoenableordisablethiscategory.IfEnabledprovidesprotectionagainstTCPFloodattackssuchasTCPSYNFlood,etc.
Connectionproxytriggerthreshold
Valuebox:IfConnectionProxyisenabled,specifythenumberofactiveconnectionsafterwhichtheproxywillbeenabledforallsubsequentconnectionrequests.DisableConnectionProxytodisablethismitigationorsetitsvalueas0.
HTTPrequestspersource
Valuebox:SetthenumberofHTTPrequestspersecondpersourcetobeallowed.Ifanysourceexceedsthisthreshold,thenthatsourceistemporarilysuspended.Set0todisablemitigation.
Progressivechallengethreshold
Valuebox:SetthenumberofHTTPrequestspersecondpersourcetobeallowedbeforetheprogressivechallengeissent.Ifthechallengeisnotsuccessfulthensourceissuspended.Set0todisablemitigation.
HTTPfloodprotection
EnabledandDisabledbuttons:Clickoneofthesebuttonstoenableordisablethiscategory.IfEnableditturnsonprotectionagainstHTTPFloods.
HTTPrequestlimitbyURL
ValueBox:EnterthenumberofHTTPrequestsperparticularURLtobeallowedpersecond.AHTTPrequestisanytypeofrequestsuchasGET,POST,HEAD,orOPTIONS.Todisablethissetting,disableHTTPFloodProtection
DefaultHTTPrequestspersecond
Method:SelectamethodoutofGET,POST,PUT,DELETE,orHEADforwhichyouwanttoenableHTTPFloodProtectionHost:EntertheHTTPHostforwhichyouwanttoenableHTTPFloodProtection
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 83 of 91
URL:EnterthespecificURLtoenabletheHTTPFloodProtectionforit
Threshold:EnterthethresholdwhichifbreachedbyasourceforthespecifiedURL,HostandMethodwillbetemporarilysuspended.
TrafficShapingOverallLimits
MaximumInboundbpsbox(inmbps):Typethemaximumamountofinboundtraffic(inmbps)toallowMaximumOutboundbpsbox(inmbps):Typethemaximumamountofoutboundtraffic(inmbps)toallow
TrafficShapingTCPLimits
MaximumTCPInboundbpsbox(inmbps):TypethemaximumamountofinboundTCPtraffic(inmbps)toallowSet0todisablethismitigationMaximumTCPOutboundbpsbox(inmbps):TypethemaximumamountofoutboundTCPtraffic(inmbps)toallowSet0todisablethismitigation
TrafficShapingUDPLimits
MaximumUDPInboundbpsbox(inmbps):TypethemaximumamountofinboundUDPtraffic(inmbps)toallowSet0todisablethismitigationMaximumUDPOutboundbpsbox(inmbps):TypethemaximumamountofoutboundUDPtraffic(inmbps)toallowSet0todisablethismitigation
TrafficShapingICMPLimits
MaximumICMPInboundbpsbox(inmbps):TypethemaximumamountofinboundICMPtraffic(inmbps)toallowSet0todisablethismitigationMaximumICMPOutboundbpsbox(inmbps):TypethemaximumamountofoutboundICMPtraffic(inmbps)toallowSet0todisablethismitigation
TrafficShapingDNSLimits
MaximumDNSInboundbpsbox(inmbps):TypethemaximumamountofinboundDNStraffic(inmbps)toallowSet0todisablethismitigationMaximumDNSOutboundbpsbox(inmbps):TypethemaximumamountofoutboundDNStraffic(inmbps)toallowSet0todisablethismitigation
TABLE7-5:AVAILABLEPROTECTIONSETTINGSFOREACHSTANDARDSERVERTYPE
7.6.3DDoS-3Notification
WhentheTOEdetectsevents,attacks,changeinconfiguration,addingauseroreditingauseraccess,triggerofalarmsinthesystem,itcreatesalertstoinformtheuser.TheTOEcanbeconfiguredtosendnotificationmessagestospecificdestinationstocommunicatecertainalerts.Thealerttypespecifiestheeventcategorythatcantriggeraspecificnotification.Anadministratorcanassociateeachnotificationdestinationwithoneormoreofthesealerttypes.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 84 of 91
AlertType Causes
SystemHardwareorsystemcomponenteventsandothereventsthataffectthesystem’shealth.Forexample,changeinconfiguration,addinganewuser,generationofreport,editingauseraccess
Attack AlertsaregeneratediftheTOEdetectsanyattack
Alarm Alertsaregeneratedifusercreatedalarmsaretriggered
TABLE7-6:ALERTTYPESTheTOEsupportsfollowingtypesofnotifications:
• Email:TheTOEsendsemailnotificationstotheuserswiththeauthorizedaccessdecidedbytheadministrator.Thenotificationsappeartocomefromthesenderaddressthatisspecified.
• NotificationAlerts:UseralsogetanotificationalertinitsprofilepageinWEBGUITheTOEalsovisuallydisplaysthealerteventon2differentlocationsintheWebGUI.ThefirstvisualalertisontheEventspage.TheEventspagedisplaysalltheeventsallowingusertofilteramongthoseeventsaccordingtoitsneed.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 85 of 91
8GlossaryofTerms
aAAA (Authentication, Authorization, & Accounting) — An acronym that describes the process ofauthorizingaccesstoasystem,authenticatingtheidentityofusers,andloggingtheirbehaviours.activemode— A state within the in-line deploymentmode, in which the TOEmitigates attacks inadditiontomonitoringtrafficanddetectingattacks.address—Acodedrepresentationthatuniquelyidentifiesaparticularnetworkidentity.alert—Amessage informing theuser that certainevents, conditions, or errors in the systemhaveoccurred.anomaly—Aneventorconditioninthenetworkthatisidentifiedasanabnormalitywhencomparedtoapredefinedillegaltrafficpattern.API (Application Programming Interface) — A well-defined set of function calls providing high-levelcontrolsforunderlyingservices.ASCII (American Standard Code for Information Interchange)—A coded representation for standardalphabetic,numeric,andpunctuationcharacters,alsoreferredtoas“plaintext”.authentication—Anidentityverificationprocess.
bblacklist—Alistofhostsanddestinationsblock—Topreventtrafficfrompassingtothenetwork,ortopreventahostfromsendingtraffic.bot—AprogramthatrunsrunautomatedtasksovertheInternet.botnet—Asetofcompromisedcomputers(bots)thatrespondtoacontrollingservertogenerateattacktrafficagainstavictimserver.bps—Bitspersecond.bypassmode—AstateinwhichtheTOEjustdetectsandanalysethetrafficandnotmitigateit.
cCA(CertificateAuthority)—Athirdpartythatissuesdigitalcertificatesforusebyotherparties.CAsarecharacteristicofmanypublickeyinfrastructure(PKI)schemes.CDN(ContentDeliveryNetwork)—AcollectionofWebserversthatcontainduplicatedcontentandaredistributedacrossmultiplelocationstodelivercontenttousersbasedonproximity.CIDR(ClasslessInter-DomainRouting)—MethodforclassifyingandgroupingInternetaddresses.CLI(commandlineinterface)—Auserinterfacethatusesacommandline,suchasaterminalorconsole(asopposedtoagraphicaluserinterface).client—Thecomponentofclient/servercomputingthatusesaserviceofferedbyaserver.cloud—AmetaphorfortheInternet.CSV(comma-separatedvalues)file—Afilethatstoresspreadsheetordatabaseinformationinplaintext,withonerecordoneachline,andeachfieldwithintherecordseparatedbyacomma.customeredge—Thelocationatthecustomerpremisesoftherouterthatconnectstotheprovideredgeofoneormoreserviceprovidernetworks.customeredgerouter—Arouterwithinacustomer'snetworkthatisconnectedtoanISP'scustomerpeeringedge.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 86 of 91
dDarkIP—RegionsoftheIPaddressspacethatarereservedorknowntobeunused.data center — A centralized facility that houses computer systems and associatedcomponents,suchastelecommunicationsandstoragesystems,andisusedforprocessingortransmittingdata.DDoS(DistributedDenialofService)—Aninterruptionofnetworkavailabilitytypicallycausedbymany,distributedmalicioussources.Deploymentmode—IndicateshowtheTOEisinstalledinthenetwork:in-lineoroff-linethroughaspanportornetworktap(monitor).DNS(DomainNameSystem)—AsystemthattranslatesnumericIPaddressesintomeaningful,humanconsumablenamesandvice-versa.DNSserver—AserverthatusestheDomainNameSystem(DNS)totranslateorresolvehuman-readabledomainnamesandhostnamesintothemachine-readableIPaddresses.DoS(DenialofService)—Aninterruptionofnetworkavailabilitytypicallycausedbymalicioussources.eedge—Theouterperimeterofanetwork.encryption—Theprocessbywhichplaintextisscrambledinsuchawayastohideitscontent.Ethernet—Aseriesoftechnologiesusedforcommunicationonlocalareanetworks.exploit— Tools intended to take advantage of security holes or inherent flaws in the design of networkapplications,devices,orinfrastructures.
ffailover—Aconfigurationoftwodevicessothatifonedevicefails,theseconddevicetakesoverthedutiesofthefirst,ensuringcontinuedservice.FCAP—Afingerprintexpressionlanguagethatdescribesandmatchestrafficinformation.FibreChannel—Gigabit-speednetworktechnologyprimarilyusedforstoragenetworking.fingerprint—Apatternorprofileoftrafficthatsuggestsorrepresentsanattack.Alsoknownasasignature.firewall— A securitymeasures thatmonitors and controls the types of packets allowed in and out of anetwork,basedonasetofconfiguredrulesandfilters.FQDN(FullyQualifiedDomainName)—Acompletedomainname,includingboththeregistereddomainnameandanyprecedingnodeinformation.FTP(FileTransferProtocol)—ATCP/IPprotocolfortransferringfilesacrossanetwork.gGb—Gigabit.GB—Gigabyte.Gbps—Gigabitspersecond.globalprotectionlevel—Determineswhichprotectionsettingsareinusefortheentiresystem.GMT(GreenwichMeanTime)—AworldtimestandardthatisdeprecatedandreplacedbyUTC.GRE(GenericRoutingEncapsulation)—Aprotocolthatisusedtotransportpacketsfromonenetworkthroughanothernetwork.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 87 of 91
GREtunnel — A logical interface whose endpoints are the tunnel source address and tunnel destinationaddress.
hhandshake — The process or action that establishes communication between two telecommunicationsdevices.header—Thedata thatappearsat thebeginningofapacket toprovide informationabout the fileor thetransmission.heartbeat—Aperiodicsignalgeneratedbyhardwareorsoftwaretoindicatethatitisstillrunning.host—Anetworkedcomputer(clientorserver);incontrasttoarouterorswitch.HTTP(HyperTextTransferProtocol)—AprotocolusedtotransferorconveyinformationontheWorldWideWeb.ItsoriginalpurposewastoprovideawaytopublishandretrieveHTMLpages.HTTPS (HyperText Transfer Protocol over SSL)— The combination of a normal HTTP interaction over anencryptedSecureSocketsLayer(SSL)orTransportLayerSecurity(TLS)transportmechanism.
iICMP(InternetControlMessageProtocol)—AnIPprotocolthatdeliverserrorandcontrolmessagesbetweenTCP/IPenablednetworkdevices,forexample,pingpackets.IMAP(InternetMessageAccessProtocol)—AnapplicationlayerInternetprotocolthatallowsalocalclienttoaccessemailonaremoteserver.(AlsoknownasInternetMailAccessProtocol,InteractiveMailAccessProtocol,andInterimMailAccessProtocol.)interface—Aninterconnectionbetweenrouters,switches,orhosts.IP(InternetProtocol)—AconnectionlessnetworklayerprotocolusedforpacketdeliverybetweenhostsanddevicesonaTCP/IPnetwork.IPaddress—AuniqueidentifierforahostordeviceonaTCP/IPnetwork.IPS (Intrusion Prevention System)— A computer security device that exercises access control to protectcomputersfromexploitation.ISP(InternetServiceProvider)—AbusinessororganizationthatprovidestoconsumersaccesstotheInternetandrelatedservices.
lLAN(LocalAreaNetwork)—Atypicallysmallnetworkthatisconfinedtoasmallgeographicspace.
kKbps—Kilobitspersecond.
mmalformed—ReferstorequestsorpacketsthatdonotconformtotheRFCstandardsforInternetprotocol.SuchrequestsorpacketsareoftenusedinDDoSattacks.Mbps—Megabitspersecond.MBps—Megabytespersecond.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 88 of 91
MIB (Management Information Base)— A database used by the SNMP protocol to manage devices in anetwork.mitigation—Theprocessofusingrecommendationstoapplypoliciestothenetworktoreducetheeffectsofanattack.monitormode—AdeploymentmodeinwhichtheTOEisdeployedout-of-linethroughaspanportornetworktap.theTOEmonitorstrafficanddetectsattacksbutdoesnotmitigatetheattacks.MSSP(ManagedSecurityServiceProvider)—AnInternetserviceprovider(ISP)thatprovidesanorganizationwithnetworksecuritymanagement,multicast—ProtocolsthataddressmultipleIPaddresseswithasinglepacket(asopposedtounicastandbroadcastprotocols).
nnetmask—Adottedquadnotationnumberthatroutersusetodeterminewhichpartoftheaddressisthenetworkaddressandwhichpartisthehostaddress.networktap—Ahardwaredevicethatsendsacopyofnetworktraffictoanotherattacheddeviceforpassivemonitoring.NIC (Network Interface Card)—A hardware component thatmaintains a network interface connection.notification—Anemailmessage, SNMP trap,or syslogmessage that is sent to specifieddestinations tocommunicatecertainalerts.NXDomain—AresponsethatresultswhenDNSisunabletoresolveadomainname.NTP (Network Time Protocol)— A protocol that synchronizes clock times in a network ofcomputers.
ooff-linemode—Astatewithinthein-linedeploymentmode,inwhichtheTOEanalysestrafficanddetectsattackswithoutperformingmitigations. In-linemode—Adeploymentmode inwhichtheTOEactsasaphysicalconnectionbetweentwoendpoints.AllofthetrafficthattraversesthenetworkflowsthroughtheTOE.out-of-band—Communicationsignalsthatoccuroutsideofthechannelsthatarenormallyusedfordata.
ppacket—Aunitofdatatransmittedacrossthenetworkthatincludescontrolinformationalongwithactualcontent.password—Asecretcodeusedtogainaccesstoacomputersystem.payload—ThedatainapacketthatfollowstheTCPandUDPheaderdata.PCAP(packetcapture)file—Afilethatconsistsofdatapacketsthathavebeensentoveranetwork.pps—Packetspersecond.ping—AnICMPrequesttodetermineifahostisresponsive.policy—Thesetofrulesthatnetworkoperatorsdeterminetobeacceptableorunacceptablefortheirnetwork.POP(PostOfficeProtocol)—ATCP/IPemailprotocolforretrievingmessagesfromaremoteserver.PoP(PointofPresence)—Aphysicalconnectionbetweentelecommunicationsnetworks.port—A field inTCPandUDPpacketheaders thatcorresponds toanapplication level service (forexampleTCPport80correspondstoHTTP).prefix—Theinitialpartofanetworkaddress,whichisusedinaddressdelegationandrouting.protectioncategory—Agroupofrelatedprotectionsettingsthatdetectaspecifictypeofattacktraffic.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 89 of 91
protectiongroup—Acollectionofoneormoreprotectedhoststhatareassociatedwithaspecifictypeofserver.protectionlevel—Definesthestrengthofprotectionagainstanetworkattackandtheassociatedintrusivenessandriskofblockinglegitimatetraffic.Theprotectionlevelcanbesetgloballyorforspecificprotectiongroups.protectionmode—Astatewithinthein-linedeploymentmode,inwhichthemitigationsareeitherin-liveactiveoroff-line.protocol—Awell-definedlanguageusedbynetworkingentitiestocommunicatewithoneanother.
rradius—RemoteAuthenticationDial-InUserServiceisaclient/serverprotocolandsoftwarethatenablesremoteaccessserverstocommunicatewithacentralservertoauthenticatedial-inusersandauthorizetheiraccesstotherequestedsystemorservice.ratelimit—Thenumberofrequests,packets,bits,orothermeasurementofdatathatahostisallowedtosendwithinaspecifiedamountoftime.RDN(RegisteredDomainName)—Adomainnameasregistered,withoutanyprecedingnodeinformationrealtime—Whensystemsrespondordataissuppliedaseventshappen.redundancy—Theduplicationofdevices, services,orconnectionsso that, in theeventofa failure, theduplicate item can perform thework of the item that failed. refinement— The process of continuallygatheringinformationaboutanomalousactivitythatisobservedonanetwork.regularexpression—Astandardsetofrulesformatchingaspecifiedpatternintext.Oftenabbreviatedasregexorregexp.report—Aninformationalpagethatpresentsdataaboutatraffictypeorevent.route—Apaththatapackettakesthroughanetwork.router—Adevicethatconnectsonenetworktoanother.Packetsareforwardedfromoneroutertoanotheruntiltheyreachtheirultimatedestination.ssecretkey—Asecretthatissharedonlybetweenasenderandreceiverofdata.servertype—AclassofserversthattheTOEprotectsandthatisassociatedwithoneormoreprotectiongroups.SIP(StandardInitiationProtocol)—AnIPnetworkprotocolthatisusedforVoIP(VoiceOverIP)telephony.signature—Apatternorprofileoftrafficthatsuggestsorrepresentsanattack.Alsoknownasafingerprint.SMTP(SimpleMailTransferProtocol)—ThedefactostandardprotocolforemailtransmissionsacrosstheInternet.SNMP (Simple NetworkManagement Protocol)— A standard protocol that allows routers and othernetworkdevicestoexportinformationabouttheirroutingtablesandotherstateinformation.spanport—Adesignatedportonanetworkswitchontowhichtrafficfromotherportsismirrored.spoofing—Asituationinwhichonepersonorprogramsuccessfullymasqueradesasanotherbyfalsifyingdata(usuallyanIPaddress)andtherebygainsanillegitimateadvantage.SSH(SecureShell)—Acommandlineinterfaceandprotocolforsecurelyaccessingaremotecomputer.SSHisalsoknownasSecureSocketShell.SSL(SecureSocketsLayer)—AprotocolforsecurecommunicationsontheInternetforsuchthingsasWebbrowsing,email,instantmessaging,andotherdatatransfers.SSLcertificate—AfilethatisinstalledonasecureWebservertoidentifyaWebsiteandverifythattheWebsiteissecureandreliable.syslog—Afilethatrecordscertaineventsoralloftheeventsthatoccurinaparticularsystem.Also,aserviceforloggingdata.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 90 of 91
ttarget—Avictimhostornetworkofamaliciousdenialofservice(DoS)attack.TCP(TransmissionControlProtocol)—Aconnection-based,transportprotocolthatprovidesreliabledeliveryofpacketsacrosstheInternet.TCP/IP—AsuiteofprotocolsthatcontrolsthedeliveryofmessagesacrosstheInternet.throughput—Thedatatransferrateofanetworkordevice.TLS(TransportLayerSecurity)—AnencryptionprotocolforthesecuretransmissionofdataovertheInternet.TLSisbasedon,andhassucceeded,SSL.uUDP(UserDatagramProtocol)—Anunreliable,connectionless,communicationprotocol.unblock— To remove a source or destination from the temporarily blocked list without adding it to thewhitelist.UNC(UniversalNamingConvention)—AstandardwhichoriginatedfromUNIXforidentifyingservers,printers,andotherresourcesinanetwork.URI (UniformResource Identifier)—A protocol, login, host, port, path, etc. in a standard format used toreferenceanetworkresource,(forexamplehttp://haltdos.com).URL(UniformResourceLocator)—UsuallyasynonymforURI.UTC (UniversalTimeCoordinated)—Thetimezoneatzerodegrees’ longitude,whichreplacesGMTastheworldtimestandard.vVLAN(VirtualLocalAreaNetwork)—Hostsconnectedinaninfrastructurethatsimulatesalocalareanetwork,whenthehostsareremotelylocated,ortosegmentaphysicallocalnetworkintosmaller,virtualpieces.VoIP (Voice over Internet Protocol)— Routing voice communications (such as phone calls) through an IPnetwork.volumetricattack—AtypeofDDoSattackthatisgenerallyhighbandwidthandthatoriginatesfromalargenumberofgeographicallydistributedbots.VPN(VirtualPrivateNetwork)—Aprivatecommunicationsnetworkthatisoftenusedwithinacompany,orbyseveralcompaniesororganizations,tocommunicateconfidentiallyoverapublicnetworkusingencryptedtunnels.vulnerability—Asecurityweaknessthatcouldpotentiallybeexploited.wWAN (WideAreaNetwork)—Acomputernetworkthatcoversabroadarea.(AlsoWirelessAreaNetwork,meaningawirelessnetwork.)WebUI(UserInterface)—AWeb-basedinterfaceforusinganHaltDosNetworksproduct.whitelist—Alistofhostswhosetrafficispassedwithoutfurtherinspection.Toaddahosttothewhitelist.
widget—Agraphicalelementinauserinterfacethatdisplaysinformationaboutanapplicationandallowstheusertointeractwiththeapplication.
Security Target: HaltDos Mitigation Platform version 1.1 (Haltdos.com Private Limited)
Page 91 of 91
xXML(eXtensibleMarkupLanguage)—AmetalanguagewritteninStandardGeneralizedMarkupLanguage(SGML)thatallowsonetodesignamarkuplanguageforeasyinterchangeofdocumentsontheWorldWideWeb.
top related