PD 0123: Defining Protocols as Internal or External Interfaces
- Subject: PD 0123: Defining Protocols as Internal or External Interfaces
- From: "Observation Decisions Review Board" <email@example.com>
- Date: Tue, 23 Aug 2005 13:16:55 -0700
- Content-description: Mail message body
- Content-transfer-encoding: 7BIT
- Content-type: text/plain; charset=US-ASCII
- Priority: normal
At its August meeting, the ODRB developed the following PD to provide guidance
on recent issues brought to its attention. Any comments on this PD will be
considered at the October ODRB meeting.
Defining Protocols as Internal or External Interfaces
Systems that communicate between components over network protocols may expose
those interfaces to threats that impact the TOE. The CAPP, in particular,
assumes the TOE communicates only with similarly-managed systems. Note that it
does not require all systems to be the same product as the product under
evaluation, only that there be similar management with congruent policies. This
creates the potential for a heterogeneous network. In such a network, threat
systems may be on the network while the CAPP A.PEER is still satisfied. Should
the interface or protocol be treated as internal or external?
If an interface can affect the operation of the TOE and is accessible by
systems that are not the evaluated product and are external to the evaluated
TOE, it is considered an external interface.
In the absence of an explicit assumption that the network environment is
homogeneous and the product provides networking services, then the protocols
are considered an interface.
The evaluator should be concerned with things that can affect the operation of
the security functions of the TOE, based on the level of threat experienced by
the TOE in its expected environment. The presence of untrusted systems (and
from the point of view of a particular evaluation, any product other than the
product under evaluation is an unevaluated product) on a heterogeneous network
introduces threats that do not exist if the network were homogenous.
For example, RPC may be an appropriate protocol to use on a closed network
consisting of only similarly managed, trusted systems. The addition of a
potentially hostile system on that network requires that RPC be evaluated for
Date Index |
Thread Index |
Problems or questions? Contact firstname.lastname@example.org