CCM: Evaluation of Functional Requirements of TOE

Evaluation of Functional requirements of TOE. 

1.  Audit Function.  The Audit Function in the Microsoft Windows 2000 Server serves as a TSF function to perform the following basic functions.  By default, at installation, only application logs and error logs are collected and stored by the Audit function. The server administrator must enable security auditing on the machine.

  • Audit Collection.  Every machine has one security log. The Event Logger service creates the security event log, which contains the security relevant audit records collected on a system.
  • Audit log Review.  The administrator is able to view all the security log records using an event viewer administrator tool and differentiate security logs from application and system logs.
  • Audit log overflow protection.  Failure to log requested events may have severe implications on the server. It is important that log records are always successful. Therefore there needs to be some mechanism that will alert the administrator before the logged records reach full capacity.
  • Audit log restricted access protection.  Audit log viewer is restricted.

2.  Security Management Function.  Security Management is performed using several security management functions as well as roles.

  • Roles.  Each user is classified in to one or many user role groups. Roles can be basically distinguished into two states: authorized administrator role and authorized user role. Administrators are those users that have the right to take ownership privilege.
  • Security Management Functions.  The TOE supports several features that enable appropriate management. The majority of security management functions are restricted to the authorized administrator only. The security functions available are: audit policy, account policy, account database, user rights policy, domain policy, group policy, IP Security policy, Encrypted File System (EFS) Policy and Disk Quota.

3.  Resource Utilization Function.  Disk space resources in the computerís storage devices may be controlled using a disk-space quota management tool. By default this control is disabled. Users with the administrative rights can enable quota management.

4.  User Data Protection Function.  Data Protection for the user is provided through cryptographic and access control methods. The Controlled Access PP (CAPP) requires that the cryptographic support be in the form of FIPS compliant encrypting/decrypting algorithms. The access control has to be Discretionary Access Control.

5.  Cryptographic Support.  Microsoft Windows 2000 provides an option to use FIPS compliant algorithms for encryption and decryption. This can be enabled to comply with the requirement.

6.  Identification and Authentication Functions.  Identification and authentication are very important security functions. The requirements put forward are of the following categories:

  • Authentication Failure Handling
  • User Attribute Definition
  • Verification of Secrets
  • User Authentication before any Action
  • Protected Authentication Feedback
  • User Authentication before any Action
  • User Subject Binding

7.  Authentication.  Users that are trying to get authenticated should have a limited number of attempts. If these attempts exceed a pre-configured limit then the account they are trying to log into should be disabled. Windows allows the Administrator to set the number of attempts that a user can make to authenticate himself, after which the account can be disabled for some pre-defined time.

8.  User Attributes.  The userís security attributes should be stored along with user information. The significant user attribute are user identity, group memberships, authentication data, security-relevant roles, private keys, privileges and logon rights.

10. Protected Data Transfer.  The Microsoft Windows systems use IPSec for protected data transfer between different parts of the system. IPSec settings can be fixed in the Policy editors.

11. Session Locking Functions.  Session Locking Functions fulfill protected session access and management
functions. The functions that the exercises will cover are:

  • Session Locking.  Session locking can be user-initiated or even done automatically after some duration of idleness. To unlock, the user authenticates himself with his username and password. 
  • Session Establishment.  The session ticket expires and automatically the session is closed after certain duration of idleness.
  • Access Banners.

12. Validation Action Guidelines.  Evaluation is carried out by policy configurations of the system. Two methods can be used to validate all of the above functional requirements.

  • Registry editor using regedit.exe or regedt32.exe from the command prompt.
  • Group policy editor using gpedit.msc from the command prompt.