Security Target, Version 3.9 March 18, 2008Nortel VPN Router v7.05 and Client Workstation v7.11 Page 17 of 67© 2008 Nortel NetworksAttackers who are not TOE users: These attackers have no knowledge of how the TOE operates and areassumed to possess a low skill level, a low level of motivation, limited resources to alter TOE configurationsettings/parameters, and no physical access to the TOE.TOE users: These attackers have extensive knowledge of how the TOE operates and are assumed topossess a high skill level, moderate resources to alter TOE configuration settings/parameters, and physicalaccess to the TOE, but no motivation to do so.The threats are mitigated through the objectives identified in Section 4 - Security Objectives.3.2.1 Threats Addressed by the TOEThe following threats are to be addressed by the TOE:T.UNDETECT An attacker may gain undetected access due to missing, weak, and/or incorrectlyimplemented access controls for the restricted files or TSF Data in order to causeviolations of integrity, confidentiality, or availability of the information protected by andflowing through the TOE.T.AUTH-ERROR An authorized user may accidentally alter the configuration of a policy that permits ordenies information flow through the TOE, thereby affecting the integrity of the transmittedinformation.T.DATA-MOD An attacker may intercept and alter the data transmitted between the Nortel VPN Clientand the Nortel VPN Router, and/or between two Nortel VPN Routers, in order to deceivethe intended recipient.T. HACK-CRYPTO An attacker may successfully intercept and decrypt, then recover and modify the encrypteddata that is in transit between the Nortel VPN Router and VPN Client, and/or between twoNortel VPN Routers.T.HACK An attacker may use malformed IP packets or similar attack methods against the TSF oruser data protected by the TOE in order to corrupt normal operation.3.2.2 Threats Addressed by the TOE EnvironmentThe following threats are addressed by the TOE environment:TE.PHYSICAL An attacker may physically attack the Hardware appliance in order to compromise itssecure operation.TE.AUDIT_FAILURE An attacker may conduct an undetected attack on the information protected by the TOEas a result of unreliable time stamps used by the audit mechanism, which may result infailure to prevent further attacks using the same method.TE.BAD_CERT An attacker may successfully authenticate to the VPN Router using a revoked, expiredor untrusted certificate in order to gain access to information residing on the privatenetwork.