Blue Coat Systems, Inc. Secure Web Gateway Virtual Appliance-V100 Software Version: 6.5.2.8 FIPS 140-2 Non-Proprietary Security Policy FIPS Security Level: 1 Document Version: 0.5 Prepared for: Prepared by: Blue Coat Systems, Inc. Corsec Security, Inc. 420 N. Mary Avenue 13135 Lee Jackson Memorial Highway, Suite 220 Sunnyvale, CA 94085 Fairfax, VA 22033 United States of America United States of America Phone: +1 866 30 BCOAT (22628) Phone: +1 703 267 6050 Email: usinfo@bluecoat.com Email: info@corsec.com http://www.bluecoat.com http://www.corsec.com Secure Web Gateway Virtual Appliance-V100 Security Policy, Version 0.5 July 25, 2014 Table of Contents 1 INTRODUCTION ................................................................................................................... 4 1.1 PURPOSE ................................................................................................................................................................ 4 1.2 REFERENCES .......................................................................................................................................................... 4 1.3 DOCUMENT ORGANIZATION ............................................................................................................................ 4 2 SWG VA-V100 ......................................................................................................................... 5 2.1 OVERVIEW ............................................................................................................................................................. 5 2.2 MODULE SPECIFICATION..................................................................................................................................... 7 2.2.1 Physical Cryptographic Boundary ...................................................................................................................... 9 2.2.2 Logical Cryptographic Boundary ..................................................................................................................... 10 2.3 MODULE INTERFACES ........................................................................................................................................11 2.4 ROLES AND SERVICES .........................................................................................................................................12 2.4.1 Crypto-Officer Role.............................................................................................................................................. 13 2.4.2 User Role ................................................................................................................................................................ 15 2.4.3 Additional Services............................................................................................................................................... 16 2.4.4 Authentication Mechanism ............................................................................................................................... 16 2.5 PHYSICAL SECURITY ...........................................................................................................................................19 2.6 OPERATIONAL ENVIRONMENT.........................................................................................................................19 2.7 CRYPTOGRAPHIC KEY MANAGEMENT ............................................................................................................20 2.8 SELF-TESTS ..........................................................................................................................................................25 2.8.1 Power-Up Self-Tests ............................................................................................................................................ 25 2.8.2 Conditional Self-Tests ......................................................................................................................................... 25 2.8.3 Critical Function Tests ........................................................................................................................................ 25 2.9 MITIGATION OF OTHER ATTACKS ..................................................................................................................26 3 SECURE OPERATION ......................................................................................................... 27 3.1 SECURE MANAGEMENT .....................................................................................................................................27 3.1.1 Initialization ........................................................................................................................................................... 27 3.1.2 Management ........................................................................................................................................................ 27 3.1.3 Zeroization ............................................................................................................................................................ 28 3.2 USER GUIDANCE ................................................................................................................................................29 3.3 NON-APPROVED MODE ...................................................................................................................................29 4 ACRONYMS .......................................................................................................................... 30 List of Figures FIGURE 1 TYPICAL DEPLOYMENT OF A SWG VA-V100 ....................................................................................................6 FIGURE 2 BLOCK DIAGRAM OF THE DELL POWEREDGE R720 SERVER HARDWARE ................................................... 10 FIGURE 3 SWG VA-V100 CRYPTOGRAPHIC BOUNDARIES............................................................................................ 11 FIGURE 4 KEYRING CREATION MANAGEMENT CONSOLE DIALOGUE BOX ................................................................. 28 FIGURE 5 KEYRING CREATION CLI COMMANDS ............................................................................................................. 28 List of Tables TABLE 1 SECURITY LEVEL PER FIPS 140-2 SECTION............................................................................................................7 TABLE 2 FIPS-APPROVED ALGORITHM IMPLEMENTATIONS – SG VA STARTER ..............................................................8 TABLE 3 FIPS-APPROVED ALGORITHM IMPLEMENTATIONS – SG VA CRYPTO LIBRARY ...............................................8 TABLE 4 FIPS-APPROVED ALGORITHM IMPLEMENTATIONS – SG VA SSH LIBRARY.......................................................9 TABLE 5 FIPS-APPROVED ALGORITHM IMPLEMENTATIONS – SG VA TLS LIBRARY ........................................................9 TABLE 6 VIRTUAL APPLIANCE FIPS 140-2 LOGICAL INTERFACE MAPPINGS ................................................................. 11 TABLE 7 FIPS AND SWG VA-V100 ROLES....................................................................................................................... 13 TABLE 8 CRYPTO-OFFICER ROLE SERVICES AND CSP ACCESS ...................................................................................... 14 Blue Coat Secure Web Gateway Virtual Appliance-V100 Page 2 of 33 © 2014 Blue Coat Systems, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Secure Web Gateway Virtual Appliance-V100 Security Policy, Version 0.5 July 25, 2014 TABLE 9 USER SERVICES AND CSP ACCESS ....................................................................................................................... 15 TABLE 10 AUTHENTICATION MECHANISMS USED BY THE MODULE ............................................................................. 18 TABLE 11 LIST OF CRYPTOGRAPHIC KEYS, CRYPTOGRAPHIC KEY COMPONENTS, AND CSPS................................. 20 TABLE 12 ACRONYMS .......................................................................................................................................................... 30 Blue Coat Secure Web Gateway Virtual Appliance-V100 Page 3 of 33 © 2014 Blue Coat Systems, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Secure Web Gateway Virtual Appliance-V100 Security Policy, Version 0.5 July 25, 2014 1 Introduction 1.1 Purpose This is a non-proprietary Cryptographic Module Security Policy for the Secure Web Gateway Virtual Appliance-V100 (SWG VA-V100) (Software Version: 6.5.2.8) from Blue Coat Systems, Inc. This Security Policy describes how the Secure Web Gateway Virtual Appliance-V100 meets the security requirements of Federal Information Processing Standards (FIPS) Publication 140-2, which details the U.S. and Canadian Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the National Institute of Standards and Technology (NIST) and the Communications Security Establishment Canada (CSEC) Cryptographic Module Validation Program (CMVP) website at http://csrc.nist.gov/groups/STM/cmvp. This document also describes how to run the appliance in the Approved mode of operation. This policy was prepared as part of the Level 1 FIPS 140-2 validation of the module. The Secure Web Gateway Virtual Appliance-V100 is referred to in this document as SWG VA-V100, crypto module, or module. 1.2 References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-2 cryptographic module security policy. More information is available on the module from the following sources:  The Blue Coat website (www.bluecoat.com) contains information on the full line of products from Blue Coat.  The CMVP website (http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm) contains contact information for individuals to answer technical or sales-related questions for the module. 1.3 Document Organization The Security Policy document is one document in a FIPS 140-2 Submission Package. In addition to this document, the Submission Package contains:  Vendor Evidence document  Finite State Model document  Validation Submission Summary  Other supporting documentation as additional references This Security Policy and the other validation submission documentation were produced by Corsec Security, Inc. under contract to Blue Coat. With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Submission Package is proprietary to Blue Coat and is releasable only under appropriate non- disclosure agreements. For access to these documents, please contact Blue Coat. Blue Coat Secure Web Gateway Virtual Appliance-V100 Page 4 of 33 © 2014 Blue Coat Systems, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Secure Web Gateway Virtual Appliance-V100 Security Policy, Version 0.5 July 25, 2014 2 SWG VA-V100 2.1 Overview The Blue Coat Secure Web Gateway Virtual Appliance (SWG VA-V100) combines the market-leading security capabilities of Blue Coat ProxySG with the flexibility of virtualization to provide a cost-effective enterprise branch office solution. With the new Blue Coat Secure Web Gateway Virtual Appliance, businesses can support Web security and other critical remote office infrastructure on a common platform, reducing costs and IT resource requirements. The Blue Coat SWG VA-V100 is a powerful yet flexible tool for providing security and control, threat prevention, and accelerated disaster recovery in an easy-to-deploy virtual appliance:  Web 2.0 Security and Control – The Blue Coat Unified Security Solution is uniquely designed to offer a comprehensive, enterprise-wide web security solution that can help close network security gaps and protect users wherever they work. SWG VA-V100 extends the same rich policy controls in ProxySG to the branch environment. With unified reporting that provides a single pane of glass visibility across all users, and centralized management through the Blue Coat Director, the SWG VA-V100 solution allows enterprises to seamlessly extend full protection and control to their branch offices  Threat Prevention – Integrating with Blue Coat WebPulse, the SWG VA-V100 is able to protect against zero-day attacks through ‘negative day’ defense. Blue Coat WebPulse is constantly monitoring over 500 malware delivery networks to identify and proactively block attacks at the origin.  Disaster Recovery – With SWG VA-V100, enterprises can quickly bring up an SWG deployment in case of disaster recovery, and even leverage a backup image of the solution.  Simplified Deployment – The Blue Coat SWG VA-V100 greatly simplifies the deployment by enabling hardware consolidation and alleviating much of the IT administrative overhead. Running on VMWare ESX and ESXi, SWG VA-V100 shares the same server hardware with other virtual appliances, which significantly streamlines and accelerates the SWG deployment process. As a result, deployment that once took days can now be completed in just hours See Figure 1 below for a typical deployment scenario for SWG VA-V100s. Blue Coat Secure Web Gateway Virtual Appliance-V100 Page 5 of 33 © 2014 Blue Coat Systems, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Secure Web Gateway Virtual Appliance-V100 Security Policy, Version 0.5 July 25, 2014 Figure 1 Typical Deployment of a SWG VA-V100 The security provided by the SWG VA-V100 can be used to control, protect, and monitor the Internal Network’s use of controlled protocols on the External Network. The controlled protocols implemented in the evaluated configurations are:  Windows Media Optimization (Microsoft Media Streaming (MMS))  Microsoft Smooth Streaming Optimization  Real Media Optimization  Real-Time Streaming Protocol (RTSP) Optimization  Real-Time Messaging Protocol (RTMP) Optimization  QuickTime Optimization (Apple HTTP Live Streaming)  Adobe Flash Optimization (Adobe HTTP Dynamic Streaming)  Bandwidth Management  DNS proxy  Advanced DNS Access Policy  Hypertext Transfer Protocol (HTTP)/Secure Hypertext Transfer Protocol (HTTPS) Acceleration  File Transfer Protocol (FTP) Optimization  Secure Sockets Layer (SSL) Termination/Protocol Optimization  TCP1 tunneling protocols (Secure Shell (SSH))  Secure Shell  Telnet Proxy  ICAP Services  Netegrity SiteMinder  Oblix COREid  Peer-To-Peer  User Authentication  Onbox Content Filtering (3rd Party or BCWF2) 1 TCP – Transmission Control Protocol Blue Coat Secure Web Gateway Virtual Appliance-V100 Page 6 of 33 © 2014 Blue Coat Systems, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Secure Web Gateway Virtual Appliance-V100 Security Policy, Version 0.5 July 25, 2014  Offbox Content Filtering (via ICAP)  SOCKS3 Access control is achieved by enforcing configurable policies on controlled protocol traffic to and from the Internal Network users. The policy may include authentication, authorization, content filtering, and auditing. The SWG VA-V100 is validated at the following FIPS 140-2 Section levels in Table 1. Table 1 Security Level Per FIPS 140-2 Section Section Section Title Level 1 Cryptographic Module Specification 1 2 Cryptographic Module Ports and Interfaces 1 3 Roles, Services, and Authentication 2 4 Finite State Model 1 5 Physical Security N/A 6 Operational Environment 1 7 Cryptographic Key Management 1 8 Electromagnetic Interference/Electromagnetic Compatibility 1 9 Self-tests 1 10 Design Assurance 1 11 Mitigation of Other Attacks N/A 2.2 Module Specification The Secure Web Gateway Virtual Appliance-V100 is a multi-chip standalone software module that meets overall Level 1 FIPS 140-2 requirements. The module was tested and found compliant on a Dell PowerEdge R720 Server using VMware ESXi v5.1 hypervisor to provide the virtualization layer. The SWG VA-V100 software consists of Blue Coat’s proprietary operating system, SGOS v6.5.2.50. Acting as the guest OS in a VMware ESXi virtual machine, this full-featured operating system includes both OS-level functions as well as the application-level functionality that provides the appliance’s optimization and proxying services. Cryptographic services are provided by the Blue Coat SG VA Starter v4.5, Blue Coat SG VA Crypto Library v3.1.2, Blue Coat SG VA SSH Library v1.0, and Blue Coat SG VA TLS Library v1.0 (which are all part of SGOS). The module implements the FIPS-Approved algorithms listed in below in Table 2, Table 3, Table 4, and Table 5. 2 BCWF – Blue Coat Web Filter SOCKS – SOCKet Secure 3 Blue Coat Secure Web Gateway Virtual Appliance-V100 Page 7 of 33 © 2014 Blue Coat Systems, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Secure Web Gateway Virtual Appliance-V100 Security Policy, Version 0.5 July 25, 2014 Table 2 FIPS-Approved Algorithm Implementations – SG VA Starter Algorithm Certificate Number Hashing Functions #2306 SHA -1 4 MAC Functions HMAC5 with SHA-1 #1715 Table 3 FIPS-Approved Algorithm Implementations – SG VA Crypto Library Algorithm Certificate Number Symmetric Key Algorithms AES: ECB6, CBC7, OFB8, CFB9-128 bit mode for 128-, 192-, and 256-bit key #2737 sizes #1648 3DES10: ECB, CBC, CFB-64, OFB mode for keying option 1 (3 different keys) Asymmetric Key Algorithms RSA (ANSI X9.31) Key Generation – 2048, 3072, 4096-bit #1427 RSA PKCS11#1 signature generation – 2048, 3072, and 4096-bit RSA PKCS#1 signature verification – 1024, 1536, 2048, 3072, and 4096-bit Hashing Functions SHA-1 #2307 SHA-224, SHA-256, SHA-384, SHA-512 Message Authentication Code (MAC) Functions HMAC with SHA-1 #1716 HMAC with SHA-224, SHA-256, SHA-384, SHA-512 Deterministic Random Bit Generator (DRBG) SP12 800-90 CTR_DRBG (AES-256) #458 NOTE: As of December 31, 2010, the following algorithm listed in the table above is considered “legacy-use” only.  Digital signature verification using RSA key sizes of 1024 and 1536-bits are approved for legacy use only. SHA – Secure Hash Algorithm 4 HMAC – Hash-Based Message Authentication Code 5 ECB – Electronic Codebook 6 CBC – Cipher Block Chaining 7 OFB – Output Feedback 8 CFB – Cipher Feedback 9 3DES – Triple Data Encryption Standard 10 PKCS – Public Key Cryptography Standard 11 SP – Special Publication 12 Blue Coat Secure Web Gateway Virtual Appliance-V100 Page 8 of 33 © 2014 Blue Coat Systems, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Secure Web Gateway Virtual Appliance-V100 Security Policy, Version 0.5 July 25, 2014 Table 4 FIPS-Approved Algorithm Implementations – SG VA SSH Library Algorithm Certificate Number Key Derivation Function (KDF) SSH KDF #182 NOTE: While the SSH KDF has been validated by the CAVP, this protocol has not been reviewed or tested by the CAVP and CMVP. Table 5 FIPS-Approved Algorithm Implementations – SG VA TLS Library Algorithm Certificate Number KDF TLS KDF #328 NOTE: While the TLS KDF has been validated by the CAVP, this protocol has not been reviewed or tested by the CAVP and CMVP. The module utilizes the following non-FIPS-Approved algorithms:  RSA PKCS#1 wrap/unwrap (key-wrapping) – 2048, 3072, and 4096–bit sizes providing 112, 130, and 150-bits of security.  Diffie-Hellman for key agreement during TLS and SSH: 2048-bit keys (provides 112 bits of security).  Non-Deterministic RNG (NDRNG) for seeding the non-Approved Entropy PRNG  Non-Approved Entropy PRNG for seeding the FIPS-Approved DRBG (SP800-90A CTR_DRBG (using AES-256)) 2.2.1 Physical Cryptographic Boundary As a software module, the virtual appliance has no physical characteristics; however, the physical boundary of the cryptographic module is defined by the hard enclosure around the Dell PowerEdge R720 Server on which it runs. Figure 2 shows the block diagram of the Dell PowerEdge R720 Server (the dashed line surrounding the hardware components represents the module’s physical cryptographic boundary, which is the outer case of the hardware platform), and identifies the hardware with which the Dell PowerEdge R720 Server’s processor interfaces. Blue Coat Secure Web Gateway Virtual Appliance-V100 Page 9 of 33 © 2014 Blue Coat Systems, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Secure Web Gateway Virtual Appliance-V100 Security Policy, Version 0.5 July 25, 2014 DVD Hardware Network RAM Management Interface HDD Clock SCSI/SATA Generator Controller LEDs/LCD North Bridge Serial CPU(s) Audio South Bridge Cache PCI/PCIe Slots USB PCI/PCIe Power Graphics Slots Interface BIOS Controller External Power Supply KEY: BIOS – Basic Input/Output System PCIe – PCI express Plaintext data CPU – Central Processing Unit HDD – Hard Disk Drive Encrypted data SATA – Serial Advanced Technology Attachment DVD – Digital Video Disc Control input SCSI – Small Computer System Interface USB – Universal Serial Bus Status output PCI – Peripheral Component Interconnect RAM – Random Access Memory Crypto boundary Figure 2 Block Diagram of the Dell PowerEdge R720 Server hardware The module’s physical cryptographic boundary is further illustrated by the black dotted line in Figure 3 below. The module makes use of the physical interfaces of the tested platform hosting the virtual environment upon which the module is installed. The hypervisor controls and directs all interactions between the SWG VA-V100 and the operator, and is responsible for mapping the module’s virtual interfaces to the GPC’s physical interfaces. These interfaces include the integrated circuits of the system board, processor, network adapters, RAM13, hard disk, device case, power supply, and fans. Figure 2 shows the block diagram of the Dell PowerEdge R720 Server (the dashed line surrounding the hardware components represents the module’s physical cryptographic boundary, which is the outer case of the hardware platform), and identifies the hardware with which the Dell PowerEdge R720 Server’s processor interfaces. 2.2.2 Logical Cryptographic Boundary The logical cryptographic boundary of the module (shown by the red dotted line in Figure 3) consists of the Blue Coat SGOS v6.5.2.50, which contains the Blue Coat SG VA Starter v4.5, Blue Coat SG VA Crypto Library v3.1.2, Blue Coat SG VA SSH Library v1.0, and Blue Coat SG VA TLS Library v1.0. RAM – Random Access Memory 13 Blue Coat Secure Web Gateway Virtual Appliance-V100 Page 10 of 33 © 2014 Blue Coat Systems, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Secure Web Gateway Virtual Appliance-V100 Security Policy, Version 0.5 July 25, 2014 SGOS (application-level functions) SGOS (OS-level functions) VMware ESXi v5.1 Plaintext data Encrypted data Control input Status output Dell PowerEdge R720 Server Logical boundary Physical boundary Figure 3 SWG VA-V100 Cryptographic Boundaries 2.3 Module Interfaces The module’s physical ports can be categorized into the following logical interfaces defined by FIPS 140-2:  Data input  Data output  Control input  Status output As a software module, the virtual appliance has no physical characteristics. The module’s physical and electrical characteristics, manual controls, and physical indicators are those of the host system (Dell PowerEdge R720 Server). The VMware hypervisor provides virtualized ports and interfaces for the module. Interaction with the virtual ports created by the hypervisor occurs through the host system’s Ethernet port. Management, data, and status traffic must all flow through the Ethernet port. Direct interaction with the module via the host system is possible over the serial port; however, the Crypto Officer must first map the physical serial port to the SWG VA-V100 using vSphere Client. The mapping of the module’s logical interfaces in the software to FIPS 140-2 logical interfaces is described in Table 6 below. Table 6 Virtual Appliance FIPS 140-2 Logical Interface Mappings Physical Logical FIPS 140-2 Interface Port/Interface Port/Interface  Host System Ethernet Virtual Ethernet Ports, Data Input (10/100/1000) Ports Virtual Serial Ports  Data Output  Control Input  Status Output Blue Coat Secure Web Gateway Virtual Appliance-V100 Page 11 of 33 © 2014 Blue Coat Systems, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Secure Web Gateway Virtual Appliance-V100 Security Policy, Version 0.5 July 25, 2014 Physical Logical FIPS 140-2 Interface Port/Interface Port/Interface  Host System Serial Port Virtual Serial Port Control Input  Status Output Data input and output are the packets utilizing the services provided by the modules. These packets enter and exit the module through the Virtual Ethernet ports. Control input consists of Configuration or Administrative data entered into the modules. Control input enters the module the Virtual Ethernet and Virtual Serial Port interfaces (GUI, SSH CLI, and Serial CLI). Status output consists of the status provided or displayed via the user interfaces (such as GUI, SSH CLI, and Serial CLI) or available log information. Status output exits the module via the user interfaces (such as GUI , SSH CLI, and Serial CLI) over the Virtual Ethernet or Virtual Serial Ports. 2.4 Roles and Services The module supports role-based authentication. There are two authorized roles in the module that an operator may assume: a Crypto-Officer (CO) role and a User role. Before accessing the modules for any administrative services, COs and Users must authenticate to the module according to the methods specified in Table 10. The modules offer two management interfaces:  CLI – accessible only remotely via the Console Tab (within VMware vCenter Server, provides access to the Setup Console portion of the CLI which requires the additional “Setup” password to gain access) or using SSH. This interface is used for management of the modules. This interface must be accessed via the Console Tab to perform the initial module configurations (IP address, DNS server, gateway, and subnet mask) and placing the modules into the Approved mode. When the module has been properly configured, this interface can be accessed via SSH. Management of the module may take place via SSH or via the Console Tab. Authentication is required before any functionality will be available through the CLI.  Management Console – a graphical user interface accessible remotely with a web browser that supports TLS. This interface is used for management of the modules. Authentication is required before any functionality will be available through the Management Console. When managing the module over the CLI, COs and Users both log into the modules with administrator accounts entering the “standard”, or “unprivileged” mode on the SWG VA-V100. Unlike Users, COs have the ability to enter the “enabled”, or “privileged” mode after initial authentication to the CLI by supplying the “enabled” mode password. Additionally, COs can only enter the “configuration” mode from the “enabled” mode via the CLI, which grants privileges to make configuration level changes. Going from the “enabled” mode to the “configuration” mode does not require additional credentials. The details of these modes of operation are found below in Table 7. Blue Coat Secure Web Gateway Virtual Appliance-V100 Page 12 of 33 © 2014 Blue Coat Systems, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Secure Web Gateway Virtual Appliance-V100 Security Policy, Version 0.5 July 25, 2014 Table 7 FIPS and SWG VA-V100 Roles FIPS Roles SWG VA-V100 Roles and Privileges CO The CO is an administrator of the module that has been granted “enabled” mode access while using the CLI and “read/write” access while using the Management Console. When the CO is using the CLI, and while in the “enabled” mode of operation, COs may put the module in its Approved mode, reset to the factory state (Console Tab only) and query if the module is in Approved mode. In addition, COs may do all the services available to Users while not in “enabled” mode. Once the CO has entered the “enabled” mode, the CO may then enter the “configuration” mode via the CLI. The “configuration” mode provides the CO management capabilities to perform tasks such as account management and key management. When the CO is administering the module over the Management Console, they can perform all the same services available in CLI (equivalent to being in the “configuration” mode in the CLI) except the CO is unable to put the module into Approved mode. The CO may monitor the health and status of the modules using SNMPv3. SNMPv3 privacy and authentication keys are assigned to a CO and are not tied to the CO’s CLI and Management Console credentials. User The User is an administrator of the module that operates only in the “standard” or “unprivileged” mode and has not been granted access to the “enabled” mode in the CLI and has been given “read-only” privileges when using the Management Console. The User will access the CLI and Management Console interfaces for management of the module. When the User is administering the module over the Management Console, they perform all the same services available in CLI (“standard” mode only services). The User may monitor the health and status of the modules using SNMPv3. SNMPv3 privacy and authentication keys are assigned to a User and are not tied to the User’s CLI and Management Console credentials. Descriptions of the services available to a Crypto-Officer and User are described below in Table 8 and Table 9 respectively. For each service listed below, COs and Users are assumed to already have authenticated prior to attempting to execute the service. Please note that the keys and CSPs listed in the table indicate the type of access required using the following notation:  R – The CSP is read  W – The CSP is established, generated, modified, or zeroized  X – Execute: The CSP is used within an Approved or Allowed security function or authentication mechanism. 2.4.1 Crypto-Officer Role Descriptions of the services available to the Crypto-Officer role are provided in the table below. Blue Coat Secure Web Gateway Virtual Appliance-V100 Page 13 of 33 © 2014 Blue Coat Systems, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Secure Web Gateway Virtual Appliance-V100 Security Policy, Version 0.5 July 25, 2014 Table 8 Crypto-Officer Role Services and CSP Access Service Description CSP and Access Required Set up the module Set up the first-time network CO Password – W configuration, CO username and “Enabled” mode password – W password, and enable the module in the “Setup” Password – W Approved mode of operation. For more information, see section 3.1.1 in the Security Policy. Enter the “enabled” mode Manage the module in the “enabled” Enabled” mode password – RX mode of operation, granting access to higher privileged commands * Enter the “configuration” Manage the module in the None mode “configuration” mode of operation, allowing permanent system modifications to be made * Disable FIPS mode Re-initializes the module to a factory MAK – W state (accessible only via the CLI via the SSH Session Key – W Console Tab) SSH Authentication Key – W TLS Session Key – W TLS Authentication Key – W ** Software Load Loads new external software and Integrity Test public key – WRX performs an integrity test using an RSA digital signature. Create remote management Manage the module through the CLI RSA public key – RX session (CLI) (SSH) remotely via Ethernet port. RSA private key – RX SSH Session Key – WRX SSH Authentication Key –WRX Create remote management Manage the module through the RSA public key – RX session (Management Management Console (TLS) remotely via RSA private key – RX Console) Ethernet port, with optional CAC TLS Session Key – WRX authentication enabled. TLS Authentication Key – WRX ** Create, edit, and delete Create, edit and delete operator groups; None operator groups define common sets of operator permissions. ** Create, edit, and delete Create, edit and delete operators (these Crypto-Officer Password – W operators may be COs or Users); define operator’s User Password – W accounts, change password, and assign SNMP Privacy Key – W permissions. SNMP Authentication Key – W ** Create filter rules (CLI) Create filters that are applied to user None data streams. Create filter rules Create filters that are applied to user None (Management Console) data streams. Show FIPS-mode status (CLI) The CO logs in to the module using the None CLI. Entering the command “show version” will display if the module is configured in Approved mode. Show FIPS-mode status The CO logs in to the module using the None (Management Console) Management Console and navigates to the “Configuration” tab that will display if the module is configured in Approved mode. Blue Coat Secure Web Gateway Virtual Appliance-V100 Page 14 of 33 © 2014 Blue Coat Systems, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Secure Web Gateway Virtual Appliance-V100 Security Policy, Version 0.5 July 25, 2014 Service Description CSP and Access Required ** Manage module Backup or restore the module RSA public key – WRX configuration configuration RSA private key – WRX SNMP Privacy Key – WRX SNMP Authentication Key – WRX CO Password – WRX User Password – WRX “Enabled” mode password – WRX * Zeroize keys Zeroize keys by re-initializing the module MAK – W to a factory state (accessible only via the SSH Session Key – W Console Tab). This will zeroize all CSPs. SSH Authentication Key – W The zeroization occurs while the module TLS Session Key – W is still in Approved-mode. TLS Authentication Key – W ** Change password Change Crypto-Officer password Crypto-Officer Password – W * Perform self-test Perform self-test on demand by SSH Session Key – W rebooting the machine SSH Authentication Key – W TLS Session Key – W TLS Authentication Key – W * Reboot the module Reboot the module SSH Session Key – W SSH Authentication Key – W TLS Session Key – W TLS Authentication Key – W Create SNMPv3 session Monitor the module using SNMPv3 SNMP Privacy Key – RX SNMP Authentication Key – RX * - Indicates services that are only available once the CO has entered the “enabled” mode of operation. ** - Indicates services that are only available once the CO has entered the “enabled” mode followed by the “configuration” mode of operation. 2.4.2 User Role Descriptions of the services available to the User role are provided in the table below. Table 9 User Services and CSP Access Service Description CSP and Access Required Create remote management Manage the module through the CLI RSA public key – RX session (CLI) (SSH) remotely via Ethernet port. RSA private key – RX SSH Session Key –WRX SSH Authentication Key –WRX Create remote management Manage the module through the RSA public key – RX session (Management Management Console (TLS) remotely via RSA private key – RX Console) Ethernet port, with optional CAC TLS Session Key – WRX authentication enabled. TLS Authentication Key – WRX Create SNMPv3 session Monitor the health of the module using SNMP Privacy Key – RX SNMPv3 SNMP Authentication Key – RX Blue Coat Secure Web Gateway Virtual Appliance-V100 Page 15 of 33 © 2014 Blue Coat Systems, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Secure Web Gateway Virtual Appliance-V100 Security Policy, Version 0.5 July 25, 2014 Service Description CSP and Access Required Show FIPS-mode status The User logs in to the module using the None (Management Console) Management Console and navigates to the “Configuration” which will display if the module is configured in Approved mode. Show FIPS-mode status (CLI) The User logs in to the module using the None CLI. Entering the command “show version” will display if the module is configured in Approved mode. 2.4.3 Additional Services The module also offers proxying and termination services for the protocols listed in section 2.1. To provide these services, the module utilizes the following cryptographic functions:  Approved o AES o Triple-DES o DSA o RSA o SHA o HMAC o SP800-90A CTR_DRBG o Diffie Hellman  Non-compliant o ANSI X9.31 PRNG  non-Approved o CAST-128 o DES o RC2 o RC4 o Camellia o MD2 o MD5 o HMAC-MD5 o RIPE-MD-160 The use of the non-Approved algorithms listed above is not relevant to the secure operation of the module and the output of their use is equivalent to plaintext. For more information on the non security relevant services of the module, please refer to the Blue Coat® Systems SGOS Administration Guide. 2.4.4 Authentication Mechanism COs and Users must authenticate using a user ID and password, SSH client key (SSH only), or certificates associated with the correct protocol in order to set up the secure session. Secure sessions that authenticate for User services have no interface available to access other services (i.e. Crypto-Officer services). Each CO or User SSH session remains active (logged in) and secured until the operator logs out. Each CO and User Management Console sessions remain active until the operator logs out or inactivity for a configurable amount of time has elapsed. Modules used by the United States Department of Defense (DoD) must meet Homeland Security Presidential Directive (HSPD)-12 requirements regarding the use of FIPS 201 validated Common Access Blue Coat Secure Web Gateway Virtual Appliance-V100 Page 16 of 33 © 2014 Blue Coat Systems, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Secure Web Gateway Virtual Appliance-V100 Security Policy, Version 0.5 July 25, 2014 Card (CAC) authentication for COs and Users connecting to management functionality of the module. Additionally, other agencies may require FIPS 201 validated PIV14 II card authentication. When the module is configured to use CAC authentication, the module will implement specially- configured CPL during administrator authentication in order to facilitate TLS mutual authentication. This is accomplished by modifying the HTTPS-Console service so that it can be configured to validate a client certificate against a chosen certificate authority (CA) list. CAC authentication will take place against a Certificate realm, and CO and User authorization takes place against an LDAP realm. The authentication procedure leverages third-party middleware on the management workstation in order to facilitate two-factor authentication of the user to their CAC using a Personal Identification Number (PIN). This process enables the module to retrieve the X.509 certificate from the microprocessor smart card. The process is as follows: 1. On the management workstation the CO or User opens a browser and establishes a clear-text HTTP connection with the module. 2. Using CPL similar to the VPM NotifyUser action, the CO or User is presented with a DoD warning banner which they must positively acknowledge and accept. 3. NotifyUser redirects the browser to an HTTPS connection with the module that requires mutual authentication. This is made possible by CPL that puts the module in reverse-proxy mode at this point. 4. The TLS handshakes begin. The reverse-proxy service on the module requires a certificate to complete the handshake (i.e. the verify-peer setting has been enabled in the reverse-proxy service). 5. The browser presents the CO or User with a dialog box prompting which certificate to select. 6. The CO or User selects the X.509 certificate on the CAC. 7. The middleware on the management workstation prompts the CO or User for the PIN to unlock the certificate. The CO or User enters the PIN and the certificate is transmitted to the module. 8. The module authenticates the certificate against the CA list that has been configured on the reverse proxy service using local CRLs and OCSP to check for certificate revocation. 9. The CO or User reviews and accepts the certificate issued to the web browser by the module. A mutually authenticated TLS session is now in use. 10. The module extracts the subject name (of the CO or User) from the subjectAltNames extension of the X.509 certificate according to configuration of the certificate realms, Within the subjectAltNames extension is the CO or User’s userPrincipleName (UPN) (When PIV cards are used in place of CACs, the CommonName (CN) field is extracted from the certificate instead). The UPN/CN is what ties the CAC identity to the Principle Name (PN) field of a CO or User record in Active Directory (AD), the LDAP server. 11. The certificate realm is configured to use an LDAP realm for authorization. The LDAP user is determined by LDAP search using the following filter: (userPrincipleName=$(user.name)). The CO or User is granted access to the Management Console if the UPN/CN is found in the LDAP directory. The exchanges with the LDAP server are secured using TLS. Conditions like group= and ldap.attribute may also be used to authorize the CO or User and to specify if the CO or User should have read-only or read-write access. The authentication mechanisms used in the module are listed below in Table 10. PIV – Personal Identity Verification II 14 Blue Coat Secure Web Gateway Virtual Appliance-V100 Page 17 of 33 © 2014 Blue Coat Systems, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Secure Web Gateway Virtual Appliance-V100 Security Policy, Version 0.5 July 25, 2014 Table 10 Authentication Mechanisms Used by the Module Role Type of Authentication Authentication Strength Crypto-Officer Password The modules support password authentication internally. For password authentication done by the modules, passwords are required to be at least 8 characters in length and maximum of 64 bytes (number of characters is dependent on the character set used by system). An 8-character password allowing all printable American Standard Code for Information Interchange (ASCII) characters (95) with repetition equates to a 1: (958), or 1: 6,634,204,312,890,625 chance of false acceptance. The Crypto-Officer may connect locally using the host system’s serial port or remotely after establishing a TLS or SSH session (Management Console, SSH CLI, Console Tab). Password (“Enabled” Mode) The modules support password authentication internally. For password authentication done by the modules, passwords are required to be at least 8 characters in length and maximum of 64 bytes (number of characters is dependent on the character set used by system). An 8-character password allowing all printable American Standard Code for Information Interchange (ASCII) characters (95) with repetition equates to a 1: (958), or 1: 6,634,204,312,890,625 chance of false acceptance. This password is entered by the Crypto- Officer to enter the “enabled” mode; this is entered through the Console Tab or serial port or remotely after establishing an SSH session. Password (“Setup”) The modules support password authentication internally. For password authentication done by the modules, passwords are required to be at least 4 characters in length and maximum of 64 bytes (number of characters is dependent on the character set used by system). A 4-character password allowing all printable American Standard Code for Information Interchange (ASCII) characters (95) with repetition equates to a 1: (954), or 1: 81,450,625 chance of false acceptance. This password is entered by the Crypto-Officer and is required when using the Console Tab to access the Setup Console portion of the CLI. Public keys The module supports using RSA keys for authentication of Crypto-Officers during TLS (when CAC authentication is configured with a local Certificate Realm) or SSH. Using conservative estimates and equating a 2048-bit RSA key to a 112-bit symmetric key, the probability for a random attempt to succeed is 1:2112 or 1: 5.19 x 1033. Blue Coat Secure Web Gateway Virtual Appliance-V100 Page 18 of 33 © 2014 Blue Coat Systems, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Secure Web Gateway Virtual Appliance-V100 Security Policy, Version 0.5 July 25, 2014 Role Type of Authentication Authentication Strength User Password The modules support password authentication internally. For password authentication done by the modules, passwords are required to be at least 8 characters in length and maximum of 64 bytes (number of characters is dependent on the character set used by system). An 8-character password allowing all printable American Standard Code for Information Interchange (ASCII) characters (95) with repetition equates to a 1: (958), or 1: 6,634,204,312,890,625 chance of false acceptance. The User may connect remotely after establishing a TLS or SSH session. Public keys The module supports using RSA keys for authentication of Users during TLS (when CAC authentication is configured with a local Certificate Realm) or SSH. Using conservative estimates and equating a 2048-bit RSA key to a 112-bit symmetric key, the probability for a random attempt to succeed is 1:2112 or 1: 5.19 x 1033. 2.5 Physical Security The Secure Web Gateway Virtual Appliance-V100 is a software module, which FIPS defines as a multi- chip standalone cryptographic module. As such, it does not include physical security mechanisms. Thus, the FIPS 140-2 requirements for physical security are not applicable. 2.6 Operational Environment The module was tested and found to be compliant with FIPS 140-2 requirements on the following operational environment and hardware:  Dell PowerEdge R720 Server appliance o Two Six-Core Intel Xeon 5300 processors (2.5 Ghz clock speed) o VMware ESXi v5.1 with Blue Coat’s SGOS v6.5.2.50 as the guest OS All cryptographic keys and CSPs are under the control of the guest operating system, which protects the CSPs against unauthorized disclosure, modification, and substitution. Blue Coat Secure Web Gateway Virtual Appliance-V100 Page 19 of 33 © 2014 Blue Coat Systems, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Secure Web Gateway Virtual Appliance-V100 Security Policy, Version 0.5 July 25, 2014 2.7 Cryptographic Key Management The module supports the CSPs listed below in Table 11. Table 11 List of Cryptographic Keys, Cryptographic Key Components, and CSPs Key Key Type Generation / Input Output Storage Zeroization Use Master Appliance AES CBC 256-bit Internally generated Never exits the Stored in plaintext By disabling the FIPS Encrypting Crypto- Key (MAK) key via FIPS-Approved module on non-volatile Approved mode of Officer password, DRBG. memory operation and SNMP localized key, returning to factory RSA private key state. Integrity Test Public RSA public key 2048 Externally generated, Never exits the Stored in plaintext Overwritten after Verifying the Key bits Imported in encrypted module on non-volatile upgrade by the key in integrity of the form via a secure TLS memory the newly signed system image during or SSH session image. upgrade or downgrade. RSA Public Key 2048, 3072, and Modules’ public key is Output during Modules’ public key Modules’ public key is Negotiating TLS or TLS/SSH15 4096-bits internally generated is stored on non- deleted by command. SSH sessions via FIPS-Approved negotiation in volatile memory. DRBG. plaintext. Modules’ public key Output during TLS can be imported from negotiation for CAC a back-up authentication configuration. Exits in encrypted format when performing a module configuration backup. 15 SSH session negotiation only uses RSA key pairs of 2048-bits. RSA key pairs of 3072-bits and 4096-bits are only used for TLS session negotiation. Blue Coat Secure Web Gateway Virtual Appliance-V100 Page 20 of 33 © 2014 Blue Coat Systems, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Secure Web Gateway Virtual Appliance-V100 Security Policy, Version 0.5 July 25, 2014 Key Key Type Generation / Input Output Storage Zeroization Use 1024, 1536, 2048, Other entities’ public Never output Other entities’ public Other entities’ public 3072, and 4096-bits keys are sent to the keys reside on keys are cleared by module in plaintext. volatile memory. power cycle. Can be sent to the module as part of an X.509 certificate during CAC authentication. RSA Private Key 2048, 3072, and Internally generated Exits in encrypted Stored in encrypted Made inaccessible by Negotiating TLS or 4096-bits via FIPS-Approved format when form on non-volatile zeroizing the SSH sessions DRBG. performing a module memory encrypting MAK configuration upon leaving FIPS Imported in encrypted backup. mode (returning to form via a secure TLS factory state). or SSH session Enters the module in plaintext via a virtual serial connection. DH public key 2048-bits The module’s Public The module’s Public Stored in plaintext Rebooting the Negotiating TLS or key is internally key exits the module on volatile memory modules; remove SSH sessions generated via FIPS- in plaintext. power Approved DRBG; while public key of a peer enters the module in plaintext. DH private key 224-bits Internally generated Never exits the Stored in plaintext Rebooting the Negotiating TLS or via FIPS-Approved module on volatile memory modules; remove SSH sessions DRBG power Blue Coat Secure Web Gateway Virtual Appliance-V100 Page 21 of 33 © 2014 Blue Coat Systems, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Secure Web Gateway Virtual Appliance-V100 Security Policy, Version 0.5 July 25, 2014 Key Key Type Generation / Input Output Storage Zeroization Use TLS or SSH Session AES CBC 128-, or Internally generated Output in encrypted Stored in plaintext Rebooting the Encrypting TLS or Key 256-bit key via FIPS-Approved form during TLS or on volatile memory modules; remove SSH data DRBG. SSH protocol power 3DES CBC keying handshake option 1 (3 different keys) TLS or SSH Session HMAC SHA-1 key Internally generated Never exits the Resides in volatile Rebooting the Data authentication Authentication Key module memory in plaintext modules; remove for TLS or SSH power sessions Crypto-Officer Minimum of eight Externally generated. Exits in encrypted Stored in encrypted Made inaccessible by Locally Password (8) and maximum of Enters the module in form via a secure form on non-volatile zeroizing the authenticating a CO 64 bytes long encrypted form via a TLS session for memory. encrypting MAK or User for User Password printable character secure TLS or SSH external upon leaving FIPS Management string session authentication. mode (returning to Console or CLI factory state). Enters the module in Exits in encrypted plaintext via a virtual format when serial connection. performing a module configuration backup. “Enabled” mode Minimum of eight Enters the module in Exits in encrypted Stored in encrypted Made inaccessible by Used by the CO to password (8) and maximum of encrypted form via a form via a secure form on non-volatile zeroizing the enter the 64 bytes long secure SSH session. TLS session for memory. encrypting MAK “privileged” or printable character external upon leaving FIPS “enabled” mode string Enters the module in authentication. mode (returning to when using the CLI. plaintext via a virtual factory state). serial connection. Exits in encrypted format when performing a module configuration backup. Blue Coat Secure Web Gateway Virtual Appliance-V100 Page 22 of 33 © 2014 Blue Coat Systems, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Secure Web Gateway Virtual Appliance-V100 Security Policy, Version 0.5 July 25, 2014 Key Key Type Generation / Input Output Storage Zeroization Use “Setup” Password Minimum of four (4) Enters the module in Never exits the Stored in encrypted Made inaccessible by Used by the CO to and maximum of 64 plaintext via a virtual module. form on non-volatile zeroizing the secure access to the bytes long printable serial connection. memory. encrypting MAK CLI when accessed character string. upon leaving FIPS over the virtual serial mode (returning to connection. factory state). SNMP Privacy Key AES CFB 128 -bit Externally generated, Exits the module Stored in encrypted Made inaccessible by Encrypting SNMPv3 key Imported in encrypted encrypted over TLS form on non-volatile zeroizing the packets. form via a secure TLS or encrypted during memory encrypting MAK or SSH session a configuration upon leaving FIPS backup. mode (returning to Enters the module in factory state). plaintext via a virtual serial connection. SNMP HMAC-SHA-1-96 – Externally generated, Exits the module Stored in encrypted Made inaccessible by Authenticating Authentication Key bit key Imported in encrypted encrypted over TLS form on non-volatile zeroizing the SNMPv3 packets. form via a secure TLS or encrypted during memory encrypting MAK or SSH session a configuration upon leaving FIPS backup. mode (returning to Enters the module in factory state). plaintext via a virtual serial connection. SP 800-90A 384-bit random Internally generated Never exits the Plaintext in volatile Rebooting the Seeding material for CTR_DRBG Seed number module memory modules; remove the SP800-90A power CTR_DRBG SP 800-90A 256-bit random Internally generated Never exits the Plaintext in volatile Rebooting the Entropy material for CTR_DRBG number with module memory modules; remove the SP800-90A Entropy16 derivation function power CTR_DRBG 16 The Entropy required by the FIPS-Approved SP 800-90 CTR_DRBG (with AES-256) is supplied by the Entropy PRNG Blue Coat Secure Web Gateway Virtual Appliance-V100 Page 23 of 33 © 2014 Blue Coat Systems, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Secure Web Gateway Virtual Appliance-V100 Security Policy, Version 0.5 July 25, 2014 Key Key Type Generation / Input Output Storage Zeroization Use SP 800-90A Internal state value Internally generated Never Plaintext in volatile Rebooting the Used for the SP 800- CTR_DRBG key memory modules; remove 90A CTR_DRBG value power SP 800-90A Internal state value Internally generated Never exits the Plaintext in volatile Rebooting the Used for the SP 800- CTR_DRBG V value module memory modules; remove 90A CTR_DRBG power NOTE: that some algorithms may be classified as deprecated, restricted, or legacy-use. Please consult NIST SP 800-131A for details. Keys and passwords that exit the module during a configuration backup are encrypted using a FIPS-Approved encryption algorithm. During the backup process, the CO must select the encryption algorithm to use: AES-128 CBC mode, or AES-256 CBC mode. The encryption algorithm selected by the CO should only be used to encrypt keys of less than or equal strength. Blue Coat Secure Web Gateway Virtual Appliance-V100 Page 24 of 33 © 2014 Blue Coat Systems, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Secure Web Gateway Virtual Appliance-V100 Security Policy, Version 0.5 July 25, 2014 2.8 Self-Tests If any of the self-tests fail, an error is printed to the CLI (when being accessed via the Console Tab). When this error occurs, the modules halt operation and provide no functionality. The only way to clear the error and resume normal operation is for the Crypto-Officer to reboot the modules. The status output provided below is shown only over the CLI (when being accessed via the virtual serial port). ********************** SYSTEM ERROR *********************** The SG Appliance has failed the FIPS Self test. System startup cannot continue. ****************** SYSTEM STARTUP HALTED ***************** E)xit FIPS mode and reinitialize system R)estart and retry FIPS self-test Selection: The sections below describe the self-tests performed by the module. 2.8.1 Power-Up Self-Tests The Secure Web Gateway Virtual Appliance-V100 performs the following self-tests at power-up:  Software integrity check using HMAC SHA-1 (performed by SG VA Starter v4.5)  Known Answer Tests (KATs) (performed by SG VA Crypto Library 3.1.2) o AES Encrypt KAT o AES Decrypt KAT o 3DES Encrypt KAT o 3DES Decrypt KAT o RSA digital signature generation KAT o RSA digital signature verification KAT o RSA wrap/unwrap KAT o SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512 KATs o HMAC KAT with SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512 KATs o DRBG KAT No data output occurs via the data output interface until all power-up self tests have completed. 2.8.2 Conditional Self-Tests The SWG VA-V100 performs the following conditional self-tests.  Continuous RNG Test (CRNGT) for FIPS-Approved DRBG  CRNGT for NDRNG  CRNGT for Entropy PRNG  RSA pairwise consistency test upon generation of an RSA keypair  Software Load Test using RSA signature verification 2.8.3 Critical Function Tests The Secure Web Gateway Virtual Appliance implements the SP 800-90A CTR_DRBG as its random number generator. The following critical function tests are implemented by the module: o DRBG Instantiate Critical Function Test o DRBG Reseed Critical Function Test o DRBG Generate Critical Function Test Blue Coat Secure Web Gateway Virtual Appliance-V100 Page 25 of 33 © 2014 Blue Coat Systems, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Secure Web Gateway Virtual Appliance-V100 Security Policy, Version 0.5 July 25, 2014 o DRBG Uninstantiate Critical Function Test 2.9 Mitigation of Other Attacks This section is not applicable. The module does not claim to mitigate any attacks beyond the FIPS 140-2 Level 1 requirements for this validation. Blue Coat Secure Web Gateway Virtual Appliance-V100 Page 26 of 33 © 2014 Blue Coat Systems, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Secure Web Gateway Virtual Appliance-V100 Security Policy, Version 0.5 July 25, 2014 3 Secure Operation The Secure Web Gateway Virtual Appliance-V100 meets Level 1 requirements for FIPS 140-2. The sections below describe how to place and keep the module in FIPS-Approved mode of operation. Caveat: This guide assumes that a virtual environment is already setup and ready for accepting a new virtual appliance installation. 3.1 Secure Management The Crypto-Officer is responsible for initialization and security-relevant configuration and management of the module. Please see the Blue Coat Systems SGOS Administration Guide, Version SGOS 6.5.x for more information on configuring and maintaining the module. Caveat: While the SWG VA-V100 may hold and boot from multiple software images, only the software image documented in this Security Policy (Software Version: 6.5.2.8) may be used for booting in order to remain compliant. Booting from any other software image will result in a non-compliant module. 3.1.1 Initialization Physical access to the module’s host hardware shall be limited to the Crypto-Officer, and the CO shall be responsible for putting the module into the Approved mode. Please read the following sections found in chapters 2 through 4 of the Blue Coat® Systems Secure Web Gateway Virtual Appliance-V100 Initial Configuration Guide, For SGOS 6.4.1 or later, Platform: VMware vSphere Hypervisor:  Chapter 2 o Verify System Requirements o Retrieve Appliance Serial Numbers o Create a Virtual Switch  Chapter 3 o Download the Virtual Appliance Package o Import a SWG VA o Reserve Resources for the SWG VA o Power on the SWG VA  Chapter 4 o Perform Initial Configuration o Complete Initial Configuration Once the module has been configured based on the sections found in Chapters 2 through 4, the CO must place the module in the Approved mode using the Console Tab which provides access to the virtual serial connection. The CO must enter the ‘enabled’ mode (which requires the enable password) and enter the ‘fips-mode enable’ command. Entering this command will reset the configuration performed in Chapter 4 and cause an immediate reboot. Once the module has finished rebooting, the CO must perform the initial configuration as described in Chapter 4, the section titled ‘Perform Initial Configuration.’ The CO will also have to specify a password to secure the ‘Setup Console’ access, available through ‘Console Tab.’ 3.1.2 Management The Crypto-Officer is able to monitor and configure the module via the Management Console (HTTPS over TLS) and the CLI (Console Tab or SSH). Blue Coat Secure Web Gateway Virtual Appliance-V100 Page 27 of 33 © 2014 Blue Coat Systems, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Secure Web Gateway Virtual Appliance-V100 Security Policy, Version 0.5 July 25, 2014 The Crypto-Officer should monitor the module’s status regularly. If any irregular activity is noticed or the module is consistently reporting errors, customers should consult Blue Coat Systems Blue Touch Online (BTO) and the administrative guidance documents to resolve the issues. If the problems cannot be resolved through these resources, Blue Coat Systems customer support should be contacted. The CO must ensure that localized keys used for SNMPv3 authentication and privacy match the key type requirements specified in Table 11. Key sizes less than what is specified shall not be used. The CO password and “enabled” mode password must be at least 8 characters in length. The “Setup” password must be at least 8 characters in length. When creating or importing key pairs, such as during the restoration of an archived SWG VA configuration, the CO must ensure that the “Do not show key pair” option is selected in the Management Console as shown in Figure 4, or the “no-show” argument is passed over the CLI as shown in Figure 5. Please see Section E: Preparing Archives for Restoration on New Devices in the Blue Coat Systems SGOS Administration Guide, Version 6.5 for further reference. Figure 4 Keyring Creation Management Console Dialogue Box Figure 5 Keyring Creation CLI Commands 3.1.3 Zeroization The CO can return the module to an uninitialized state by entering the “enabled” mode on the CLI, followed by the “fips-mode disable” command. This command will automatically reboot the module and zeroize the MAK, which renders all of the following CSPs inaccessible: RSA private key, Crypto-Officer password, User password, “Enabled” mode password, “Setup” password, SNMP Privacy key, and the Blue Coat Secure Web Gateway Virtual Appliance-V100 Page 28 of 33 © 2014 Blue Coat Systems, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Secure Web Gateway Virtual Appliance-V100 Security Policy, Version 0.5 July 25, 2014 SNMP Authentication key. Once the MAK is zeroized, decryption involving the MAK becomes impossible, making these CPSs unobtainable by an attacker. In addition, rebooting the module causes all temporary keys stored in volatile memory (SSH Session key, TLS session key, DRBG entropy values, Entropy PRNG values, and NDRNG entropy values) to be zeroized. The Crypto-Officer must wait until the module has successfully rebooted in order to verify that zeroization has completed. 3.2 User Guidance The User is only able to access the module remotely via SSH (CLI) or HTTPS (Management Console). The User must change his or her password at the initial login. The User must be diligent to pick strong passwords (alphanumeric with minimum 8 characters) that will not be easily guessed, and must not reveal their password to anyone. Additionally, the User should be careful to protect any secret/private keys in their possession, such as TLS or SSH session keys. The User should report to the Crypto-Officer if any irregular activity is noticed. 3.3 Non-Approved Mode When initialized and configured according to the Crypto-Officer guidance in this Security Policy, the module does not support a non-Approved mode of operation. Blue Coat Secure Web Gateway Virtual Appliance-V100 Page 29 of 33 © 2014 Blue Coat Systems, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Secure Web Gateway Virtual Appliance-V100 Security Policy, Version 0.5 July 25, 2014 4 Acronyms This section describes the acronyms used throughout this document. Table 12 Acronyms Acronym Definition AD Active Directory AES Advanced Encryption Standard BTO BlueTouch Online CA Certificate Authority CAC Common Access Card CBC Cipher Block Chaining CFB Cipher Feedback CIFS Common Internet File System CLI Command Line Interface CMVP Cryptographic Module Validation Program CN Common Name CO Crypto-Officer CRNGT Continuous Random Number Generator Test CSEC Communications Security Establishment Canada CSP Critical Security Parameter CX4 Four pairs of twin-axial copper wiring DES Data Encryption Standard DNS Domain Name System DoD Department of Defense DRBG Deterministic Random Bit Generator ECB Electronic Codebook EDC Error Detection Code EMC Electromagnetic Compatibility EMI Electromagnetic Interference FIPS Federal Information Processing Standard FTP File Transfer Protocol HDS HTTP Dynamic Streaming HLS HTTP Live Streaming HMAC Hash-Based Message Authentication Code Blue Coat Secure Web Gateway Virtual Appliance-V100 Page 30 of 33 © 2014 Blue Coat Systems, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Secure Web Gateway Virtual Appliance-V100 Security Policy, Version 0.5 July 25, 2014 Acronym Definition HSPD Homeland Security Presidential Directive HTTP Hypertext Transfer Protocol HTTPS Secure Hypertext Transfer Protocol IM Instant Messaging IMAP Internet Message Access Protocol IP Internet Protocol KAT Known Answer Test LCD Liquid Crystal Display LED Light Emitting Diode MAC Message Authentication Code NIC Network Interface Card NIST National Institute of Standards and Technology OFB Output Feedback OS Operating System P2P Peer-to-Peer PC Personal Computer PCI-e Peripheral Component Interconnect Express PIN Personal Identification Number PIV Personal Identity Verification PN Principle Name POP3 Post Office Protocol version 3 RC2 Rivest Cipher 2 RC4 Rivest Cipher 4 RS-232 Recommended Standard 232 RSA Rivest Shamir Adleman RTMP Real-Time Messaging Protocol RTSP Real-Time Streaming Protocol SFTP Secure File Transfer Protocol SGOS Secure Gateway Operating System SHA Secure Hash Algorithm SMTP Simple Mail Transfer Protocol SNMP Simple Network Management Protocol SOCKS SOCKet Secure SSH Secure Shell Blue Coat Secure Web Gateway Virtual Appliance-V100 Page 31 of 33 © 2014 Blue Coat Systems, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Secure Web Gateway Virtual Appliance-V100 Security Policy, Version 0.5 July 25, 2014 Acronym Definition SSL Secure Sockets Layer TCP Transmission Control Protocol TLS Transport Layer Security UPN User Principle Name VoIP Voice Over Internet Protocol WAN Wide Area Network Blue Coat Secure Web Gateway Virtual Appliance-V100 Page 32 of 33 © 2014 Blue Coat Systems, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Prepared by: Corsec Security, Inc. 13135 Lee Jackson Memorial Highway, Suite 220 Fairfax, VA 22033 United States of America Phone: +1 703 267 6050 Email: info@corsec.com http://www.corsec.com