122-B
COMMON CRITERIA CERTIFICATION REPORT No. CRP237
Juniper Networks M/T/J Series of Service Routers
running JUNOS 8.1R1
Version 8.1R1
Issue 1.0
April 2007
© Crown Copyright 2007
Reproduction is authorised provided the report is copied in its entirety
UK Certification Body
CESG, Hubble Road
Cheltenham, GL51 0EX
United Kingdom
ARRANGEMENT ON THE
RECOGNITION OF COMMON CRITERIA CERTIFICATES
IN THE FIELD OF INFORMATION TECHNOLOGY SECURITY
The Certification Body of the UK IT Security Evaluation and Certification Scheme is a member of the above
Arrangement and as such this confirms that the Common Criteria certificate has been issued by or under the
authority of a Party to this Arrangement and is the Party’s claim that the certificate has been issued in
accordance with the terms of this Arrangement.
The judgements contained in the certificate and Certification Report are those of the Qualified Certification
Body which issued it and of the Evaluation Facility which carried out the evaluation. There is no implication of
acceptance by other Members of the Agreement Group of liability in respect of those judgements or for loss
sustained as a result of reliance placed upon those judgements by a third party.
CRP237 – Juniper Networks M/T/J Series of
Service Routers running JUNOS 8.1R1
Page 2 of 22 Issue 1.0 April 2007
CERTIFICATION STATEMENT
The product detailed below has been evaluated under the terms of the UK IT
Security Evaluation and Certification Scheme and has met the specified Common
Criteria requirements. The scope of the evaluation and the assumed usage
environment are specified in the body of this report.
Sponsor and Developer Juniper Networks
Product and Version Juniper Networks M/T/J Series of Service Routers
running JUNOS 8.1R1
Description The evaluated version of this product routes IP traffic over a
network with increasing scalability of the traffic volume with
each router model. Each packet is scanned and then
compared against a set of rules to determine where the traffic
should be routed.
CC Part 2 Conformant
CC Part 3 Conformant
EAL EAL3 augmented by ALC_FLR.3
CLEF BT
Date authorised 20 April 2007
The evaluation was carried out in accordance with the requirements of the UK IT Security Evaluation and Certification
Scheme as described in United Kingdom Scheme Publication 01 (UKSP 01) and UKSP 02 ([a] - [c]). The Scheme
has established a Certification Body, which is managed by CESG on behalf of Her Majesty’s Government.
The purpose of the evaluation was to provide assurance about the effectiveness of the TOE in meeting its Security
Target [d], which prospective consumers are advised to read. To ensure that the Security Target gave an appropriate
baseline for a CC evaluation, it was first itself evaluated. The TOE was then evaluated against this baseline. Both
parts of the evaluation were performed in accordance with CC Part 1 [e] and CC Part 3 [g], the Common Evaluation
Methodology (CEM) [h], and relevant Interpretations.
The issue of a Certification Report is a confirmation that the evaluation process has been carried out properly and
that no exploitable vulnerabilities have been found. It is not an endorsement of the product.
Trademarks:
All product or company names are used for identification purposes only and may be trademarks of their
respective owners.
CRP237 – Juniper Networks M/T/J Series of
Service Routers running JUNOS 8.1R1
April 2007 Issue 1.0 Page 3 of 22
TABLE OF CONTENTS
CERTIFICATION STATEMENT......................................................................................2
TABLE OF CONTENTS..................................................................................................3
I. EXECUTIVE SUMMARY ........................................................................................4
Introduction .......................................................................................................................4
Evaluated Product and TOE Scope...................................................................................4
Security Claims .................................................................................................................4
Strength of Function Claims ..............................................................................................5
Evaluation Conduct ...........................................................................................................5
Conclusions and Recommendations .................................................................................5
II. PRODUCT SECURITY GUIDANCE .......................................................................7
Introduction .......................................................................................................................7
Delivery.............................................................................................................................7
Installation and Guidance Documentation .........................................................................8
III. EVALUATED CONFIGURATION ...........................................................................9
TOE Identification..............................................................................................................9
TOE Documentation..........................................................................................................9
TOE Scope .......................................................................................................................9
TOE Configuration........................................................................................................... 10
Environmental Requirements ..........................................................................................11
Test Configuration........................................................................................................... 11
IV. PRODUCT SECURITY ARCHITECTURE ............................................................14
Introduction .....................................................................................................................14
Product Description and Architecture ..............................................................................14
Design Subsystems......................................................................................................... 14
Hardware and Firmware Dependencies .......................................................................... 17
Product Interfaces ........................................................................................................... 17
V. PRODUCT TESTING............................................................................................18
IT Product Testing........................................................................................................... 18
Vulnerability Analysis ...................................................................................................... 19
Platform Issues ...............................................................................................................19
VI. REFERENCES......................................................................................................20
VII. ABBREVIATIONS ................................................................................................22
CRP237 – Juniper Networks M/T/J Series of
Service Routers running JUNOS 8.1R1
Page 4 of 22 Issue 1.0 April 2007
I. EXECUTIVE SUMMARY
Introduction
1. This Certification Report states the outcome of the Common Criteria security
evaluation of Juniper Networks M/T/J Series of Service Routers running JUNOS 8.1R1
to the Sponsor, Juniper Networks, and is intended to assist prospective consumers
when judging the suitability of the IT security of the product for their particular
requirements.
2. Prospective consumers are advised to read this report in conjunction with the
Security Target [d], which specifies the functional, environmental and assurance
requirements.
Evaluated Product and TOE Scope
3. The version of the product evaluated was:
Juniper Networks M/T/J Series of Service Routers running JUNOS 8.1R1.
It should be noted that the actual release number for the TOE is 8.1R1.5. However, as
the ‘fifth’ spin of the 8.1R1 build was the only build released, the two versions are
synonymous and can be referred to as JUNOS 8.1R1.
4. The Developer was Juniper Networks.
5. The Juniper Networks M/T/J Series of Service Routers run the same JUNOS
software (version 8.1R1) in order to provide IP routing, together with both management
and control functions. The architecture separates routing and control functions from
packet forwarding functions, thereby permitting the routers to maintain a high level of
performance.
6. The evaluated subset and configuration of this product is described in this
report as the Target of Evaluation (TOE). Details of the TOE Scope, its assumed
environment, and the evaluated configuration are given in Chapter III ‘Evaluated
Configuration’.
7. An overview of the product and its security architecture can be found in Chapter
IV ‘Product Security Architecture’.
Security Claims
8. The Security Target [d] fully specifies the TOE’s security objectives, the threats
that these objectives counter, and the Security Functional Requirements (SFRs) and
security functions to elaborate the objectives. All of the SFRs are taken from CC
Part 2 [f]; use of this standard facilitates comparison with other evaluated products.
9. The TOE Security Policy is detailed in the Security Target [d].
CRP237 – Juniper Networks M/T/J Series of
Service Routers running JUNOS 8.1R1
April 2007 Issue 1.0 Page 5 of 22
10. The Security Target [d] states that there are no organisational security policies
with which the TOE must comply.
Strength of Function Claims
11. The minimum Strength of Function (SoF) was SoF-Medium. This was
claimed for SFR FIA_SOS.1, in respect of the authentication mechanism using
passwords. The Certification Body has determined that this claim was met.
12. The password must be at least 6 characters in length and contain at least one
change of character set (upper, lower, numeric, punctuation, other).
Evaluation Conduct
13. The Certification Body monitored the evaluation, which was carried out by the
BT Commercial Evaluation Facility (CLEF). The evaluation addressed the requirements
specified in the Security Target [d]. The results of this work, completed in April 2007,
were reported in the ETR [i].
Conclusions and Recommendations
14. The conclusions of the Certification Body are summarised in the Certification
Statement on page 2.
15. Prospective consumers of Juniper Networks M/T/J Series of Service
Routers running JUNOS 8.1R1 should understand the specific scope of the
certification by reading this report in conjunction with the Security Target [d]. The
TOE should be used in accordance with the environmental assumptions specified in the
Security Target. Prospective consumers are advised to check that this matches their
identified requirements, and to give due consideration to the recommendations and
caveats of this report.
16. This Certification Report is only valid for the evaluated TOE. This is
specified in Chapter III ‘Evaluated Configuration’.
17. The TOE should be used in accordance with the supporting guidance
documentation included in the evaluated configuration. Chapter II ‘Product Security
Guidance’ below includes a number of recommendations relating to the secure receipt,
installation, configuration and operation of the TOE.
18. The product provides some features that were not within the scope of the
evaluation, as identified in Chapter III ‘Evaluated Configuration’. Those features
should therefore not be used if the TOE is to comply with its evaluated
configuration.
19. If any changes are proposed to the TOE’s functionality, or to components that
were examined during the evaluation, such changes should be handled under the
Assurance Continuity Scheme. If the change falls outside the scope of Assurance
Continuity, a partial or complete re-evaluation of the product should be performed.
CRP237 – Juniper Networks M/T/J Series of
Service Routers running JUNOS 8.1R1
Page 6 of 22 Issue 1.0 April 2007
20. Certification is not a guarantee of freedom from security vulnerabilities:
there remains a small probability (smaller with greater assurance) that exploitable
vulnerabilities may be discovered after a certificate has been awarded. This Certification
Report reflects the Certification Body’s view at the time of certification. Consumers (both
prospective and existing) should check regularly for themselves whether any security
vulnerabilities have been discovered since this report was issued, and, if appropriate,
should check with the Vendor to see if any patches exist for the product, and whether
these patches have further assurance. The installation of patches for security
vulnerabilities, whether or not they have further assurance, should improve the security
of the product.
CRP237 – Juniper Networks M/T/J Series of
Service Routers running JUNOS 8.1R1
April 2007 Issue 1.0 Page 7 of 22
II. PRODUCT SECURITY GUIDANCE
Introduction
21. The following sections note considerations that are of particular relevance to
purchasers of the product.
Delivery
22. On receipt of the TOE, the consumer is recommended to check that the
evaluated version has been supplied, and to check that the security of the TOE
has not been compromised in delivery.
23. Consumers must download the TOE from Juniper Networks’ website at
www.juniper.net, as detailed in the Security Configuration Guide [j]. All administration
guidance for the TOE is also on the website. A consumer is required to have a
username and password in order to be able to access the secure area of the site. A
username and password is provided to the user when they purchase the TOE.
24. When consumers have downloaded the TOE they are required to validate the
MD5 checksum, which is provided both on the juniper.net website and in the Security
Configuration Guide [j].
25. Although the TOE is the same whichever router it is installed on, there are two
different download packages: one for the J Series Router and one for the M and T
series routers. This is because by default the M and T Series download packages do
not include the optional J-Web software. This package (making the M and T series
installation the same as that of the J Series) should also be downloaded from the
juniper.net website.
26. Consumers should also download the Security Configuration Guide [j] and the
following guidance from the juniper.net website:
a. JUNOS Internet Software – Software Installation and Upgrade Guide,
Release 8.1 [k];
b. JUNOS Internet Software System Basics Configuration Guide, Release 8.1
[l];
c. J-Series Services Router Administration Guide, Release 8.1 [m];
d. JUNOS Internet Software CLI User Guide, Release 8.1 [n];
e. JUNOS Routing Protocols Configuration Guide, Release 8.l [o];
f. JUNOS Internet Software JUNOS XML API Configuration Reference,
Release 8.1 [p];
g. JUNOS Internet Software System log Messages Reference, Release 8.1[q].
CRP237 – Juniper Networks M/T/J Series of
Service Routers running JUNOS 8.1R1
Page 8 of 22 Issue 1.0 April 2007
Installation and Guidance Documentation
27. Guidance is provided in the documents detailed in paragraph 26.
28. The Security Configuration Guide [j] describes the procedures that must be
followed to install and configure the product in its evaluated configuration, and to
operate it securely. It also describes the procedures that must be followed to configure
the environment. Hence it is recommended that these procedures are read first.
29. The intended audience of the installation and guidance documents is the
administrator.
CRP237 – Juniper Networks M/T/J Series of
Service Routers running JUNOS 8.1R1
April 2007 Issue 1.0 Page 9 of 22
III. EVALUATED CONFIGURATION
TOE Identification
30. The TOE is identified as:
Juniper Networks M/T/J Series of Service Routers running JUNOS 8.1R1
31. The TOE consists of software implementing the Routing Engine, and firmware
running on ASICs implementing the Packet Forwarding Engine.
32. The figure below shows the components and scope of the TOE:
CLI
JUNOS Internet Software
I/O Card
I/O Card
I/O Card
I/O Card
Forwarding
Table
Forwarding
Table
Routing
Table
Routing
Process
Interface
Process
Chassis
Process
Management Process
Routing
Engine
Packet
Forwarding
Engine
Kernel
TOE Boundary
Figure 1: Components and Scope of the TOE
TOE Documentation
33. The relevant guidance documentation for the evaluated configuration is
identified in Chapter II ‘Product Security Guidance’.
TOE Scope
34. The TOE is identified above under ‘TOE Identification’.
CRP237 – Juniper Networks M/T/J Series of
Service Routers running JUNOS 8.1R1
Page 10 of 22 Issue 1.0 April 2007
35. The logical boundaries of the TOE are defined by the functions that can be
carried out at the TOE external interfaces. These functions include network information
flow control, identification and authentication for the administrative functions, access
control for administrative functions, management of the security configurations, audit
and protection of the TOE itself.
36. There are no security functionality claims relating to the following items:
a. All hardware, including that associated with forwarding interfaces PICs, PIMs,
FPCs;
b. External servers (audit, NTP, authentication, FTP Servers);
c. Encryption and integrity checking functionality;
d. High availability functionality.
37. The following items are out of the scope of the evaluation:
a. Use of the auxiliary port;
b. Use of Telnet;
c. Use of SNMP;
d. Use of out-of-band management ports (Management Ethernet Interfaces) on
M-Series and T-Series;
e. Packet Filtering (other than simple access control to restrict the source
address for management traffic);
f. Media use (other than during installation of the TOE).
TOE Configuration
38. The evaluated TOE configuration comprises any of the following Juniper
Routers running JUNOS 8.1R1:
J2300 M7i T320
J4350 M10i T640
J6350 M20 TX Matrix
M40e
M120
M320
39. The router hardware is part of the environment.
40. In the evaluated configuration an external authentication server (either Radius
or TACACS+) can be used in order to authenticate administrative connections.
CRP237 – Juniper Networks M/T/J Series of
Service Routers running JUNOS 8.1R1
April 2007 Issue 1.0 Page 11 of 22
Environmental Requirements
41. The Security Target [d] identifies the threats that are met by the environment, or
are met collectively by the TOE and the environment.
42. The Security Target [d] makes physical, personnel and connectivity
assumptions as follows:
a. (A.LOCATE): The processing resources of the TOE will be located within
controlled access facilities, which will prevent unauthorised physical access;
b. (A.NOEVIL): The authorised users will be competent, and not careless,
willfully negligent, or hostile, and will follow and abide by the instructions provided
by the TOE documentation;
c. (A.EAUTH): External authentication services will be available, via either
RADIUS, TACACS+ or both;
d. (A.TIME): External NTP services will be available;
e. (A.CRYPTO): In-band management traffic will be protected using SSL and
SSH.
Test Configuration
43. The environmental configuration used by the developer and the evaluators to
test the TOE is summarised below and in Figure 2 on page 13.
Router 1 not under test (Hay):
Juniper Networks J4350 Services router
Router 2 not under test (Waite):
Juniper Networks J6350 Services router
Machine running the JUNOScope server:
O/S Sun Solaris Sparc edition 5.8
RAM 4 GB
JUNOScope 8.2R2.2
Machine running the RADIUS/TACACS+/NTP server:
O/S FreeBSD 4.11
RAM 1.4 GB
Machine hosting the bthost1 client:
O/S FreeBSD 4.11
RAM 1.4 GB
CRP237 – Juniper Networks M/T/J Series of
Service Routers running JUNOS 8.1R1
Page 12 of 22 Issue 1.0 April 2007
Machine hosting the bthost4 client:
O/S FreeBSD 4.11
RAM 1.4 GB
Machine hosting the bt-winxp client
O/S Windows XP Professional SP1
RAM 256 MB
Test Laptop 1
O/S Windows XP Professional SP1
RAM 512 MB
Test Laptop 2
O/S Windows XP Professional SP1
RAM 512 MB
CRP237 – Juniper Networks M/T/J Series of
Service Routers running JUNOS 8.1R1
April 2007 Issue 1.0 Page 13 of 22
Figure 2: TOE Configuration Tested
CRP237 – Juniper Networks M/T/J Series of
Service Routers running JUNOS 8.1R1
Page 14 of 22 Issue 1.0 April 2007
IV. PRODUCT SECURITY ARCHITECTURE
Introduction
44. This Chapter gives an overview of the main product architectural features.
Other details of the scope of evaluation are given in Chapter III ‘Evaluated
Configuration’.
Product Description and Architecture
45. The product consists of two main architectural features (see Figure 1):
a. The Routing Engine, which provides layer 3 routing services and network
management;
b. The Packet Forwarding Engine, which provides all operations necessary for
packet forwarding.
46. The TOE forwards network packets from source network entities to destination
network entities based on available routing information. This routing information is
either provided directly by TOE users, or indirectly from other network entities (outside
the TOE).
47. The TOE requires users to provide unique identification and authentication data
before any administrative access to the TOE is granted. Authentication can be handled
either internally (user selected passwords), or through a Radius or TACACS+
authentication server in the environment.
48. The Routers can be managed using XML RPCs (JUNOScript), either through J-
Web (over HTTPS), JUNOScope (over SSL), or through a Command Line Interface
protected by SSH. These interfaces all provide equivalent management functionality,
and allow all management and configuration of the router.
49. Auditable events (as defined in the Security Target [d]) are stored in local syslog
files. An accurate timestamp is gained by the router ntp daemon, acting as a client from
an NTP Server in the environment.
50. This Chapter gives an overview of the main product architectural features.
Other details of the scope of evaluation are given in Chapter III ‘Evaluated
Configuration’.
Design Subsystems
51. The high-level design subsystems of the TOE are:
a. Chassid. This is the daemon that is responsible for initialising and
maintaining the state of the hardware including the physical interfaces;
CRP237 – Juniper Networks M/T/J Series of
Service Routers running JUNOS 8.1R1
April 2007 Issue 1.0 Page 15 of 22
b. DCd. The DCd initialises and maintains the state of the logical
interfaces;
c. Packet Forwarding Engine (PFE). Through packets (with a presumed
destination address different to that of the router) are forwarded by the PFE, based
on information in the forwarding table;
d. RPD. The Routing Protocol Daemon (RPD) exchanges routing
information with network peers. This daemon also accepts local configuration
changes from the MGD, and is responsible for building the forwarding table;
e. MGD. The MGD interprets all user commands. Each time a user enters
a command the MGD parses the command and checks whether the user has the
correct permissions. If so, the MGD allows the user to update the configuration;
f. JUNOS Kernel. The JUNOS Kernel is responsible for mediating all
access between daemons, and for keeping track of all listening sockets;
g. INETD. INETD opens sockets bound to ports for HTTPS, SSH and SSL
connections. It then performs a ‘listen’ system call to tell the JUNOS Kernel that it
will accept new connections on these sockets;
h. HTTPD. The HTTPD daemon is started by INETD, and receives J-Web
management connections from the JUNOS Kernel;
i. SSHD. The SSHD daemon is started by INETD, and receives SSH
management connections from the JUNOS Kernel;
j. Stunnel. Stunnel is started by INETD, and receives SSL JUNOScope
management connections from the JUNOS Kernel;
k. PAM. PAM (Portable Authentication Module) is responsible for
performing the actual authentication of users. This is either a local password
authentication, or communication with an external Radius or TACACS+ server;
l. Access Daemons. This subsystem consists of three access daemons:
Jade, Checklogin and Login. Jade is responsible for managing the authentication
of JUNOScript connections over SSL (JUNOScope), Checklogin is responsible for
managing the authentication of J-Web connections, and Login handles console
connections;
m. Syslogd. The syslog daemon manages the audit logs and is responsible for
generating audit records for all auditable events as detailed in the Security Target
[d];
n. NTPD. The Network Time Protocol Daemon receives NTP packets from
an external NTP Server, and uses them to synchronise the local clock.
CRP237 – Juniper Networks M/T/J Series of
Service Routers running JUNOS 8.1R1
Page 16 of 22 Issue 1.0 April 2007
Figure 3: TOE High-Level Design Subsystems
Console/
SSH
(through
CLI)
JUNOScope/
J-Web
Management Process (MGD)
Stunnel (SSL/
JUNOScope
connections)
PAM
SSHD (SSH
connections)
HTTPD (J-Web
connection)
Access
Daemons
NTPD
Chassisd
RPD
INETD
DCd
Syslogd
JUNOS Kernel
Packet Forwarding Engine (PFE)
TOE
Network Packets (Conforming to IP
or IP over MPLS standards)
Logical XML Admin
Key
Subsystem
Interface
External
CRP237 – Juniper Networks M/T/J Series of
Service Routers running JUNOS 8.1R1
April 2007 Issue 1.0 Page 17 of 22
Hardware and Firmware Dependencies
52. The TOE is software and firmware only, it has no hardware components.
53. One function can be provided by the environment – namely the environment
should provide an external server (Radius or TACACS+) in order to support user
authentication.
Product Interfaces
54. The external interfaces (i.e. the TOE Security Functions Interface (TSFI)) are:
a. External traffic interface to the Packet Forwarding Engine: All traffic whether
management traffic to the TOE, or packets to be routed through the TOE, is
received at this interface;
b. Logical XML Administrative Interface to the MGD: This interface is described
by the user commands available to an administrator, and the XML generated by
the Command Line Interface.
CRP237 – Juniper Networks M/T/J Series of
Service Routers running JUNOS 8.1R1
Page 18 of 22 Issue 1.0 April 2007
V. PRODUCT TESTING
IT Product Testing
55. During their on-site testing, the evaluators used the JUNOS Internet Software –
Software Installation and Upgrade Guide [k] and the Security Configuration Guide for
Common Criteria and JUNOS-FIPS [j] in order to install and generate a secure
configuration, and to start-up the TOE. The evaluators performed these tasks on the
J2300 platform.
56. The environmental configuration used by the evaluators to test the TOE was
equivalent to that used by the developers to test the TOE, as summarised in ‘Test
Configuration’ above (Figure 2).
57. The TOE was tested against the set of external interfaces that comprise the
TSFI, as listed above under Chapter IV ‘Product Interfaces’.
58. The developer performed tests against all aspects of the TSFI. Those tests
also exercised:
a. all related security functions specified in the Security Target [d];
b. all high-level design subsystems identified above under Chapter IV ‘Design
Subsystems’.
59. All developer tests were automated and driven through a set of scripts. Other
than this no specialist tools or techniques were used.
60. The evaluators performed the following independent testing:
a. A sample of the developer’s tests was repeated to validate the developer’s
testing. The sample included developer tests on the J2300, M20 and TX Matrix
platforms;
b. For each functional area a test that was different from those performed by the
developer was devised, wherever possible.
61. The evaluators also devised and performed penetration tests to confirm the
non-exploitability of potential vulnerabilities that had been noted during the evaluation,
and to confirm the developer’s vulnerability analysis.
62. The evaluators used the following tools in order to perform the functional and
penetration tests:
a. Nmap version 3.48;
b. IRPAS version 1;
c. Ethereal version 0.9.13;
CRP237 – Juniper Networks M/T/J Series of
Service Routers running JUNOS 8.1R1
April 2007 Issue 1.0 Page 19 of 22
d. OpenSSL version 0.9.7c.
Vulnerability Analysis
63. The Evaluators’ vulnerability analysis, which preceded penetration testing, was
based on both public domain sources and the visibility of the TOE given by the
evaluation deliverables.
Platform Issues
64. Chapter III ‘TOE Configuration’ lists the hardware platforms that are within the
scope of the evaluation.
65. Developer tests were performed on all hardware platforms. The evaluators
repeated developer tests on the J2300, M20 and TX Matrix platforms. The evaluators
performed all their functional and penetration testing on a J2300 platform, and a sample
of the functional and penetration tests on a M20 and TX platform.
66. The evaluators also performed a number of tests on the M20 and TX Matrix
platforms with different types of PICs (Portable Interface Controllers) installed.
67. The range of testing performed both by the developer and evaluator across the
range of platforms and using different PICs produced exactly the same results, and the
evaluators did not identify any parts of the TSF that behaved differently on different
hardware platforms.
CRP237 – Juniper Networks M/T/J Series of
Service Routers running JUNOS 8.1R1
Page 20 of 22 Issue 1.0 April 2007
VI. REFERENCES
[a] Description of the Scheme,
UK IT Security Evaluation and Certification Scheme,
UKSP 01, Issue 6.1, March 2006.
[b] CLEF Requirements - Startup and Operations,
UK IT Security Evaluation and Certification Scheme,
UKSP 02: Part I, Issue 4, April 2003.
[c] CLEF Requirements - Conduct of an Evaluation,
UK IT Security Evaluation and Certification Scheme,
UKSP 02: Part II, Issue 2.1, March 2006.
[d] Security Target for Juniper Networks M/T/J Series Families of Service Routers
Juniper Networks,
Version 1.0 April 2007.
[e] Common Criteria for Information Technology Security Evaluation,
Part 1, Introduction and General Model,
Common Criteria Interpretations Management Board,
CCIMB-2005-08-001, Version 2.3, August 2005.
[f] Common Criteria for Information Technology Security Evaluation,
Part 2, Security Functional Requirements,
Common Criteria Interpretations Management Board,
CCIMB-2005-08-002, Version 2.3, August 2005.
[g] Common Criteria for Information Technology Security Evaluation,
Part 3, Security Assurance Requirements,
Common Criteria Interpretations Management Board,
CCIMB-2005-08-003, Version 2.3, August 2005.
[h] Common Methodology for Information Technology Security Evaluation,
Part 2: Evaluation Methodology,
Common Criteria Evaluation Methodology Editorial Board,
CEM-2005-08-004, Version 2.3, August 2005.
[i] Evaluation Technical Report,
BT CLEF,
LFS/T532/ETR, version 1.0, 20 April 2007.
CRP237 – Juniper Networks M/T/J Series of
Service Routers running JUNOS 8.1R1
April 2007 Issue 1.0 Page 21 of 22
[j] Security Configuration Guide for Common Criteria and JUNOS-FIPS,
Juniper Networks Inc.,
Release 8.1, 9 April 2007.
[k] JUNOS Internet Software – Software Installation and Upgrade Guide,
Juniper Networks Inc.,
Release 8.1, 15 September 2006.
[l] JUNOS Internet Software System Basics Configuration Guide,
Juniper Networks Inc.,
Release 8.1, 15 September 2006.
[m] J-Series Services Router Administration Guide,
Juniper Networks Inc.,
Release 8.1, 15 October 2006.
[n] JUNOS Internet Software CLI User Guide,
Juniper Networks Inc.,
Release 8.1, 15 September 2006.
[o] JUNOS Routing Protocols Configuration Guide,
Juniper Networks Inc.,
Release 8.1, 15 September 2006.
[p] JUNOS Internet Software JUNOS XML API Configuration Reference,
Juniper Networks Inc.,
Release 8.1, 15 September 2006.
[q] JUNOS Internet Software System log Messages Reference,
Juniper Networks Inc.,
Release 8.1, 15 September 2006.
CRP237 – Juniper Networks M/T/J Series of
Service Routers running JUNOS 8.1R1
Page 22 of 22 Issue 1.0 April 2007
VII. ABBREVIATIONS
This list contains only those abbreviations that are specific to the TOE:
ASIC Application Specific Integrated Circuit
FPC Flexible PIC Concentrator
INETD Internet Services Daemon
MGD Management Daemon
NTPD Network Time Protocol Daemon
PAM Portable Authentication Module
PIC Portable Interface Controller
PIM Portable Interface Module
RPC Remote Procedure Call
RPD Routing Protocol Daemon