CCM: Evaluation of Functional Requirements of TOE
Evaluation of Functional requirements of TOE.
1. Audit Function. The Audit Function in the
Microsoft Windows 2000 Server serves as a TSF function to perform the
following basic functions. By default, at installation, only
application logs and error logs are collected and stored by the Audit
function. The server administrator must enable security auditing on the
- Audit Collection.
Every machine has
one security log. The Event Logger service creates the security
event log, which contains the security relevant audit records
collected on a system.
- Audit log Review. The administrator is
able to view all the security log records using an event viewer
administrator tool and differentiate security logs from
application and system logs.
- Audit log overflow
protection. Failure to
log requested events may have severe implications on the server.
It is important that log records are always successful.
Therefore there needs to be some mechanism that will alert the
administrator before the logged records reach full capacity.
- Audit log
restricted access protection.
Audit log viewer is restricted.
2. Security Management Function. Security
Management is performed using several security management functions as
well as roles.
- Roles. Each user is classified in to one or many user
role groups. Roles can be basically distinguished into two states:
authorized administrator role and authorized user role. Administrators
are those users that have the right to take ownership privilege.
- Security Management Functions. The TOE supports several
features that enable appropriate management. The majority of security
management functions are restricted to the authorized administrator
only. The security functions available are: audit policy, account
policy, account database, user rights policy, domain policy, group
policy, IP Security policy, Encrypted File System (EFS) Policy and Disk
3. Resource Utilization Function. Disk space
resources in the computerís storage devices may be controlled using a
disk-space quota management tool. By default this control is disabled.
Users with the administrative rights can enable quota management.
4. User Data Protection Function. Data Protection
for the user is provided through cryptographic and access control
methods. The Controlled Access PP (CAPP) requires that the cryptographic
support be in the form of FIPS compliant encrypting/decrypting
algorithms. The access control has to be Discretionary Access Control.
5. Cryptographic Support. Microsoft Windows 2000
provides an option to use FIPS compliant algorithms for encryption and
decryption. This can be enabled to comply with the requirement.
6. Identification and Authentication Functions.
Identification and authentication are very important security functions.
The requirements put forward are of the following categories:
- Authentication Failure Handling
- User Attribute Definition
- Verification of Secrets
- User Authentication before any Action
- Protected Authentication Feedback
- User Authentication before any Action
- User Subject Binding
7. Authentication. Users that are trying to get
authenticated should have a limited number of attempts. If these
attempts exceed a pre-configured limit then the account they are trying
to log into should be disabled. Windows allows the Administrator to set
the number of attempts that a user can make to authenticate himself,
after which the account can be disabled for some pre-defined time.
8. User Attributes. The userís security attributes
should be stored along with user information. The significant user
attribute are user identity, group memberships, authentication data,
security-relevant roles, private keys, privileges and logon rights.
10. Protected Data Transfer. The Microsoft Windows
systems use IPSec for protected data transfer between different parts of
the system. IPSec settings can be fixed in the Policy editors.
11. Session Locking Functions. Session Locking Functions
fulfill protected session access and management
functions. The functions that the exercises will cover are:
Session Locking. Session locking can be user-initiated or
even done automatically after some duration of idleness. To unlock, the
user authenticates himself with his username and password.
- Session Establishment.
The session ticket expires and automatically the session is closed
after certain duration of idleness.
- Access Banners.
12. Validation Action Guidelines. Evaluation is carried
out by policy configurations of the system. Two methods can be used to
validate all of the above functional requirements.
Registry editor using regedit.exe or regedt32.exe from the
Group policy editor using gpedit.msc from the command prompt.