Transcription

Kaseya US Sales, LLCVirtual System Administrator Cryptographic ModuleSoftware Version: 1.0FIPS 140-2 Non-Proprietary Security PolicyFIPS Security Level: 1Document Version: 1.0Prepared for:Prepared by:Kaseya US Sales, LLC901 N. Glebe Road, Suite 1010Arlington, VA 22203United States of AmericaCorsec Security, Inc.13135 Lee Jackson Memorial Hwy, Suite 220Fairfax, VA 22033United States of AmericaPhone: 1 (415) 694-5700http://www.kaseya.comPhone: 1 (703) 267-6050http://www.corsec.com

Security Policy, Version 1.0December 3, 2012Table of Contents1INTRODUCTION . 41.1 PURPOSE . 41.2 REFERENCES . 41.3 DOCUMENT ORGANIZATION . 42KASEYA VSACM . 52.1 OVERVIEW . 52.1.1 Virtual System Administrator Server .52.1.2 Virtual System Administrator Agent.62.2 SECURITY . 62.2.1 VSA Server Security.62.2.2 Agent Security .72.3 MODULE SPECIFICATION . 92.4 MODULE INTERFACES . 92.5 ROLES, SERVICES, AND AUTHENTICATION .102.5.1 Crypto Officer Role . 102.5.2 User Role . 112.6 PHYSICAL SECURITY .132.7 OPERATIONAL ENVIRONMENT.132.8 CRYPTOGRAPHIC KEY MANAGEMENT .132.9 EMI/EMC .152.10 SELF-TESTS .152.11 DESIGN ASSURANCE .162.12 MITIGATION OF OTHER ATTACKS .163SECURE OPERATION . 173.1 INITIAL SETUP.173.2 CRYPTO OFFICER GUIDANCE .173.2.1 Initialization . 173.2.2 Management . 173.2.3 Non-Approved Mode of Operation. 173.3 USER GUIDANCE .184ACRONYMS . 19Table of FiguresFIGURE 1 – KASEYA VIRTUAL SYSTEM ADMINISTRATOR SYSTEM OVERVIEW .7FIGURE 2 – LOGICAL BLOCK DIAGRAM .8FIGURE 3 – GPC BLOCK DIAGRAM .9List of TablesTABLE 1 – SECURITY LEVEL PER FIPS 140-2 SECTION .8TABLE 2 – FIPS 140-2 LOGICAL INTERFACES . 10TABLE 3 – MAPPING OF CRYPTO OFFICER ROLE’S SERVICES TO INPUTS, OUTPUTS, CSPS (CRITICAL SECURITYPARAMETER), AND TYPE OF ACCESS . 10TABLE 4 – MAPPING OF USER ROLE’S SERVICES TO INPUTS, OUTPUTS, CSPS, AND TYPE OF ACCESS . 11TABLE 5 – FIPS-APPROVED ALGORITHM IMPLEMENTATIONS . 13TABLE 6 – LIST OF CRYPTOGRAPHIC KEYS, CRYPTOGRAPHIC KEY COMPONENTS, AND CSPS . 14TABLE 7 – POWER-UP TESTS AND DESCRIPTIONS . 15TABLE 8 – CONDITIONAL TESTS AND DESCRIPTIONS . 15TABLE 9 – CRITICAL FUNCTION TESTS AND DESCRIPTIONS . 15Virtual System Administrator Cryptographic Module 2012 Kaseya US Sales, LLCThis document may be freely reproduced and distributed whole and intact including this copyright notice.Page 2 of 21

Security Policy, Version 1.0December 3, 2012TABLE 10 – ACRONYMS . 19Virtual System Administrator Cryptographic Module 2012 Kaseya US Sales, LLCThis document may be freely reproduced and distributed whole and intact including this copyright notice.Page 3 of 21

Security Policy, Version 1.01December 3, 2012Introduction1.1 PurposeThis is a non-proprietary Cryptographic Module Security Policy for the Virtual System AdministratorCryptographic Module from Kaseya US Sales, LLC. This Security Policy describes how the VirtualSystem Administrator Cryptographic Module meets the security requirements of FIPS (Federal InformationProcessing Standards) 140-2 and how to run the module in a secure FIPS 140-2 mode. This policy wasprepared as part of the Level 1 FIPS 140-2 validation of the module.FIPS 140-2 (Federal Information Processing Standards Publication 140-2 – Security Requirements forCryptographic Modules) details the U.S. and Canadian Government requirements for cryptographicmodules. More information about the FIPS 140-2 standard and validation program is available on theCryptographic Module Validation Program (CMVP) website, which is maintained by National Institute ofStandards and Technology (NIST) and Communication Security Establishment Canada The Virtual System Administrator Cryptographic Module (VSACM) is referred to in this document as theKaseya VSACM, crypto module, or the module.1.2 ReferencesThis document deals only with operations and capabilities of the module in the technical terms of a FIPS140-2 cryptographic module security policy. More information is available on the module from thefollowing sources: The Kaseya website http://www.kaseya.com contains information on the full line of products fromKaseya. The CMVP website (http://csrc.nist.gov/groups/STM/cmvp/index.html) contains contactinformation for answers to technical or sales-related questions for the module.1.3 Document OrganizationThe Security Policy document is one document in a FIPS 140-2 Submission Package provided to theCryptographic Module Testing Laboratory. In addition to this document, the Submission Package contains: Vendor Evidence document Finite State Model Other supporting documentation as additional referencesThis Security Policy and the other validation submission documentation were produced by Corsec Security,Inc. under contract to Kaseya. With the exception of this Non-Proprietary Security Policy, the FIPS 140-2Validation Documentation is proprietary to Kaseya and is releasable only under appropriate non-disclosureagreements. For access to these documents, please contact Kaseya.Kaseya Virtual System Administrator Cryptographic Module 2012 Kaseya US Sales, LLCThis document may be freely reproduced and distributed whole and intact including this copyright notice.Page 4 of 21

Security Policy, Version 1.02December 3, 2012Kaseya VSACM2.1 OverviewKaseya was founded with the goal of simplifying and automating Information Technology (IT)management, providing a single congruent and highly integrated solution which covers an ever-expandingset of IT management tasks. The Kaseya Virtual System Administrator (VSA) product is intended tosatisfy this goal, providing automated, secure remote monitoring, management, and protection of ITresources.The Kaseya Virtual System Administrator provides an IT automation framework allowing IT managers toproactively monitor, manage, maintain, and protect distributed IT resources using a single, integrated webbased interface. The services offered by Kaseya Virtual System Administrator are ever-broadening; as ITmanagement services needs increase, so do the tools and services provided by the framework. In addition,the number of managed endpoints, which in this context are individual machines (laptops, desktops,servers, etc.), is also rapidly expanding. The current number of managed endpoints supported isapproximately 20,000; however, Kaseya is moving quickly towards the ability to manage an unlimitednumber of endpoints.2.1.1 Virtual System Administrator ServerThe VSA Server is the central management component of the Kaseya Virtual System Administrator. Asshown in Figure 1, the VSA Server includes the following components: KServer, which is the main Kaseya management application Microsoft IIS1 ASP2 framework Microsoft SQL3 server, which communicates with a database through OLEDB (ObjectLinking and Embedding Database) and ODBC (Open Database Connectivity) Administrator authentication functionality implemented in JavaScriptThe primary VSA Server administrative interface is provided via a web-based application, allowing remoteaccess to the majority of administrative services. The web pages for the web-based Graphical UserInterface (GUI) are served to administrator workstations via HTTP4 or HTTPS5. In addition, the VSA alsoprovides an API6, allowing third-party application integration. The API exposes the majority of the actionsand functionality available from the web GUI.The KServer component contains the core set of VSA Server functionality, providing policy configurationand deployment to the Agents, who then use the policies to automatically manage their host endpoint. Byusing the management interfaces provided by the KServer component the following Kaseya Virtual SystemAdministrator management services are realized: Endpoint policy creation and deploymentEndpoint monitoring and auditingAutomatic Agent deployment for new endpointsEndpoint antivirus and malware managementEndpoint patch management1Internet Information ServicesActive Server Pages3Structured Query Language4Hypertext Transfer Protocol5Hypertext Transfer Protocol Secure6Application Programming Interface2Kaseya Virtual System Administrator Cryptographic Module 2012 Kaseya US Sales, LLCThis document may be freely reproduced and distributed whole and intact including this copyright notice.Page 5 of 21

Security Policy, Version 1.0 December 3, 2012Endpoint performance managementThe KServer component also allows an operator to perform real-time audits, virus scans, and managementactions such as manually setting up tasks for individual Agents.2.1.2 Virtual System Administrator AgentThe Kaseya Virtual System Administrator Agents are software applications installed on the managedendpoints (Macintosh, Windows, or Linux-based General Purpose Computer (GPC)) and servers. Agentsare the components which enact the endpoint management activities driven by VSA Server activities. TheAgent management activities driven by the VSA Server typically include the following: Automated software patchingAutomated network policy enforcementAutomated antivirus scans and definition updatesAutomated data backup and recoveryAutomated system inventory, monitoring, and reportingRemote control servicesAll Agent activities are driven by policies or requested tasks generated on the Virtual System AdministratorServer; however, the Agent must first connect to the VSA Server. The VSA Server component acts solelyas a server and will never initiate a connection to the Agent.2.2 SecurityThe Kaseya Virtual System Administrator includes security functionality which provides bothconfidentiality and data authentication techniques to securely manage endpoints. This securityfunctionality is described at a high-level in the following two sections.2.2.1 VSA Server SecurityThe VSA Server uses security functionality over two different interfaces: (1) a TCP/IP7 connection tosecurely communicate with and authenticate to the Agents and (2) the administrator HTTP/HTTPSinterface which requires authentication: 7Agent-to-VSA Server communication: All data sent between the VSA Server and Agents is sentvia Transmission Control Protocol (TCP). Before the data is sent, Agents are first authenticated tothe VSA Server using a proprietary shared secret-based authentication mechanism whichincorporates Secure Hashing Algorithm (SHA-256). Authenticated data is sent encrypted usingthe Advanced Encryption Standard (AES) block cipher within the VSA Server or Agent hostcomputer and then sent over the TCP connection. In general, the data will consist of Agentcontrol input, IT management policies, and Agent reporting data.Administrator Authentication: Services on the VSA Server can be accessed either locally orremotely. In order to securely authenticate an operator, the VSA Server uses a proprietaryauthentication mechanism incorporating the SHA-256. Within this mechanism, passwords enteredon the Administrator PC (Personal Computer) are SHA-256 hashed before they are output. Thisensures that the passwords are never output; only secure hashes of the passwords are output.Transmission Control Protocol/Internet ProtocolKaseya Virtual System Administrator Cryptographic Module 2012 Kaseya US Sales, LLCThis document may be freely reproduced and distributed whole and intact including this copyright notice.Page 6 of 21

Security Policy, Version 1.0December 3, 20122.2.2 Agent SecurityAgents communicate securely with the VSA Server over a TCP/IP port (default TCP port is 5721). Thesecurity provided over this interface is provided by a Kaseya-proprietary protocol which utilizes AES toprovide confidentiality and authentication of the Agents to the VSA Server. Authentication: Authentication is provided via a proprietary shared secret-based authenticationmechanism which incorporates SHA-256.Confidential Communication: All communications provided between the Agent and VSA Serverare encrypted using AES, which is implemented by the Kaseya VSA Cryptographic Module.Figure 1 provides an overview of the VSA system components and configuration, while Figure 2 belowprovides a logical diagram of the VSACM. Note that the cryptographic boundary is depicted in each figurewith a red dotted line.Administrator PCWorkstation w/ AgentWeb browserVSA ServerKserverAgentHTTP/HTTPSGPC OperatingSystemTCP (Kaseya proprietary protocol)Kaseya VSACryptographic ModuleKaseya VSACryptographic ModuleOperating SystemASP frameworkMicrosoft SQL ServerMicrosoft IISDatabaseOLEDB/ODBCMicrosoft WindowsOperating SystemMicrosoft SQLServerMicrosoft WindowsOperating SystemFigure 1 – Kaseya Virtual System Administrator System OverviewKaseya Virtual System Administrator Cryptographic Module 2012 Kaseya US Sales, LLCThis document may be freely reproduced and distributed whole and intact including this copyright notice.Page 7 of 21

Security Policy, Version 1.0December 3, 2012CryptographicBoundaryKaseyaHMAC ValueFileKaseya tionFigure 2 – Logical Block DiagramThe Virtual System Administrator Cryptographic Module is validated at the following FIPS 140-2 Sectionlevels:Table 1 – Security Level Per FIPS 140-2 SectionSection8Section TitleLevel1Cryptographic Module Specification12Cryptographic Module Ports and Interfaces13Roles, Services, and Authentication14Finite State Model15Physical Security6Operational Environment17Cryptographic Key Management18EMI/EMC819Self-tests110Design Assurance111Mitigation of Other AttacksN/AN/AEMI/EMC – Electromagnetic Interference / Electromagnetic CompatibilityKaseya Virtual System Administrator Cryptographic Module 2012 Kaseya US Sales, LLCThis document may be freely reproduced and distributed whole and intact including this copyright notice.Page 8 of 21

Security Policy, Version 1.0December 3, 20122.3 Module SpecificationThe Virtual System Administrator Cryptographic Module is a software-only module that meets overalllevel 1 FIPS 140-2 requirements. The logical cryptographic boundary of the Virtual System AdministratorCryptographic Module is defined as the following per operating platform:Windows 7:Windows 2008:Kaseya VSA Cryptographic Library (libkacm.dll, libkacm ksrv.dll),Kaseya VSA Cryptographi Library Server Edition (libkacm.dll,libkacm ksrv.dll)Mac OS X:Kaseya VSA Cryptographic Library (libkacm.dylib)Linux RHEL9 5.5: Kaseya VSA Cryptographic Library (libkacm.so.1)2.4 Module InterfacesThe module supports the physical interfaces of a GPC, including the integrated circuits of the system board,the CPU (Central Processing Unit), network adapters, RAM (Random Access Memory), hard disk, devicecase, power supply, and fans. Other devices may be attached to the GPC, such as a display monitor,keyboard, mouse, printer, or storage media. See Figure 3 for a standard GPC block diagram.Figure 3 – GPC Block Diagram9RHEL – Red Hat Enterprise LinuxKaseya Virtual System Administrator Cryptographic Module 2012 Kaseya US Sales, LLCThis document may be freely reproduced and distributed whole and intact including this copyright notice.Page 9 of 21

Security Policy, Version 1.0December 3, 2012The modules interfaces are provided by the logical API supported by Kaseya Cryptographic Library, whichprovides the data input, data output, control input, and status output logical interfaces defined by FIPS 1402. These logical interfaces are shown in Figure 3 above. The mapping of logical interfaces to the physicalports of the GPC is provided in Table 2 belowTable 2 – FIPS 140-2 Logical InterfacesFIPS 140-2 LogicalInterfacePhysical InterfaceLogical Interface DescriptionData InputUSB ports (keyboard, mouse, data), Arguments for library functions that specify plaintextnetwork ports, serial ports, SCSI/SATA data, ciphertext, digital signatures, cryptographicports, DVD drivekeys (plaintext or encrypted), initialization vectors,and passwords that are to be input to and processedby the cryptographic module.Data OutputMonitor, USB ports, network ports, Arguments for library functions that receiveserial ports, SCSI/SATA ports, audio plaintext data, ciphertext data, digital signatures,ports, DVD drivecryptographic keys (plaintext or encrypted), andinitialization vectors from the cryptographic module.Control InputUSB ports (keyboard, mouse), network Arguments for library functions that initiate andports, serial ports, power switchcontrol the operation of the module, such asarguments that specify commands and control data(e.g., algorithms, algorithm modes, digest type, ormodule settings).Status OutputMonitor, network ports, serial ports, Function return codes, error codes, or outputAudioarguments that receive status information used toindicate the status of the cryptographic module.2.5 Roles, Services, and AuthenticationThe module does not support authentication; all roles are implicitly assumed. There are two roles in themodule (as required by FIPS 140-2) that operators may assume: a Crypto Officer role and a User role.2.5.1 Crypto Officer RoleThe Crypto Officer role has the ability to initialize and terminate the module. Descriptions of the servicesavailable to the Crypto Officer role are provided in the table below.Table 3 – Mapping of Crypto Officer Role’s Services to Inputs, Outputs, CSPs (CriticalSecurity Parameter), and Type of AccessServiceCrypto EnableDescriptionInitiates Power-onSelf-Tests. All otherfunctions will notexecute until thisservice has beeninvoked andsuccessfully returns.InputOutputAPIStatusCommandCSP and Type of AccessNoneKaseya Virtual System Administrator Cryptographic Module 2012 Kaseya US Sales, LLCThis document may be freely reproduced and distributed whole and intact including this copyright notice.Page 10 of 21

Security Policy, Version 1.0December 3, 2012ServiceCrypto DisableDescriptionInputOutputDisables the cryptoAPIStatusservices; “CryptoCommandEnable” will need to beinvoked to re-enablethem.CSP and Type of AccessNone2.5.2 User RoleThe User role has the ability to perform basic cryptographic operations such as encrypt, decrypt, generaterandom, and hash. Descriptions of the services available to the User role are provided in the table below.Table 4 – Mapping of User Role’s Services to Inputs, Outputs, CSPs, and Type of AccessServiceDescriptionGenerate RandomCreate a randomnumber of a specifiedbit length.ZeroizeInputSizeOutputCSP and Type of AccessRandomRead DRBG Seed, ‘V’, and ‘key’Overwrites a CSP that Memorywas sent into theAddresscrypto module by aprevious call. Zeroeswill be written in thememory location thatheld the CSP and thenthe memory is freed.NoneWrite All CSPsEncrypt FileEncrypts the specified Plaintextfile using AES 256-bit File, Keyin CTR (Counter)mode and writes theencrypted data into anoutput file.EncryptedFileRead AES KeyDecrypt FileDecrypts the specified Encrypted Plaintextfile and writes theFile, KeyFileplaintext data into anoutput file.Read AES KeyEncrypt BufferEncrypts an inputBuffer,buffer of data usingKeyAES 256-bit CTRmode and writes theencrypted data into anoutput buffer.Read AES KeyDecrypt BufferDecrypts an inputbuffer of data andwrites the decrypteddata into an outputbuffer.EncryptedBufferEncrypted PlaintextBuffer,BufferKeyRead AES KeyKaseya Virtual System Administrator Cryptographic Module 2012 Kaseya US Sales, LLCThis document may be freely reproduced and distributed whole and intact including this copyright notice.Page 11 of 21

Security Policy, Version 1.0ServiceDecember 3, 2012DescriptionInputOutputCSP and Type of AccessHash FileHashes the specifiedFilefile using SHA-256 andreturns the hash resultin an output file.HashNoneHash BufferHashes an input buffer Bufferusing SHA-256 andreturns the hash resultin an output buffer.HashNoneKey WrapEncrypts a specifiedKeyEncryptedkey in accordance with Encryption Keythe AES Key WrapKey, Keyspecification.Read AES KeyRead, Execute AES KEKKey UnwrapDecrypts a specifiedkey in accordance withthe AES Key Wrapspecification.Read AES KeyRead, Execute AES KEKHMAC FileCreate an HMAC hash HMACfor a specified file using key, fileHMAC SHA-256.HashHMAC SHA-256BufferSet stream buffer using DataHMAC SHA-256Buffer data, Read HMAC KeyStatusErrorProvide errornotifications.APIStatusCommandNoneData ParameterValidationVerify the providedDataStatusparameters for a given Parameterfunction are valid.NoneCrypto ModuleIntegrity CheckVerify the softwareintegrity of the cryptomodule.Read HMAC KeyGet File DescriptorsOpens the given fileFilename and returns theirassociated filedescriptorsFileNoneDescriptorsInitialize CipherContextInitialize AES StreamCipherDataStatus,Read AES KeyCiphertextClean Up CipherContextFinalize AES StreamCipherDataStatusStream BasedEncryptionStream cipherencryptionDataStatus,Read AES KeyCiphertextStream BasedDecryptionStream yptionKey,EncryptedKeyHMAC,HMACKeyStatusRead HMAC KeyNoneRead AES KeyKaseya Virtual System Administrator Cryptographic Module 2012 Kaseya US Sales, LLCThis document may be freely reproduced and distributed whole and intact including this copyright notice.Page 12 of 21

Security Policy, Version 1.0December 3, 2012In addition to the above services, the Show Status and Self-tests services are also available to both roles;neither service has any access to any CSPs.2.5.3 Non-Approved ServicesWhen the module is operating in the non-Approved mode of operation (described in Section 3.2.3), thefollowing additional service is available to the operator of the module, which uses the non-Approved AESCBC mode. This service is only available in the non-Approved mode of operation. Encrypt and Decrypt with AES-CBC Mode2.6 Physical SecurityVirtual System Administrator Cryptographic Module is a software-only module. For the purposes of FIPS140-2, the module is defined as a multiple-chip standalone cryptographic module, which is reflective of theGPC on which the module is installed. As a result, physical security is not applicable.2.7 Operational EnvironmentThe Virtual System Administrator Cryptographic Module was tested and found to be compliant with FIPS140-2 requirements on the following platforms: MAC OS X v10.6.8,Windows 7 (32-bit and 64-bit),Windows Server 2008, andRed Hat Enterprise Linux 5.5 (32-bit and 64-bit)Kaseya affirms that the module also executes in its FIPS-Approved manner (as described in this SecurityPolicy) on other Operating Systems that are binary-compatible to those on which the module was tested;however no assurance can be made as to the correct operation of the module under these operationalenvironments: Microsoft Windows NT, 2000, XP, XP Pro, 2003, 2003 R2, Vista, 2008, 2008 R2, 7Apple Mac OS X version 10.3.9 or aboveSuSE Linux Enterprise 10 and 11, Red Hat Enterprise Linux 5.4/5.5, Ubuntu 8.04-10.4, andOpenSuSE2.8 Cryptographic Key ManagementThe module implements the FIPS-Approved algorithms listed in Table 5 below.Table 5 – FIPS-Approved Algorithm ImplementationsAlgorithmCertificate NumberAES ECB , CTR modes; 256-bit keys (DRBG Implementation)1989AES ECB, CTR modes; 256-bit keys (VSACM 1111Electronic Code BookCounterKaseya Virtual System Administrator Cryptographic Module 2012 Kaseya US Sales, LLCThis document may be freely reproduced and distributed whole and intact including this copyright notice.Page 13 of 21

Security Policy, Version 1.0December 3, 2012SP 800-90A CTR DRBG185The module provides the following non-FIPS-Approved algorithm, which is not allowed for use in a FIPSApproved mode of operation: AES-CBC (non-compliant)Additionally, the following algorithm is allowed in the FIPS-Approved mode for key wrapping: AES (Cert. #1989, key wrapping)The module supports the critical security parameters listed in Table 6 below.Table 6 – List of Cryptographic Keys, Cryptographic Key Components, and CSPsKey TypeGeneration /InputOutputStorageZeroizationUseAES KeyGenerated Within Wrapped viathe PhysicalAES KEK12Boundary; InputElectronically inPlaintext via APICallPlaintext in volatilememoryBy calling the DataZeroizeconfidentialityfunction inthe APIAES KEKGenerated Within N/Athe PhysicalBoundary; InputElectronically inPlaintext via APICallPlaintext in volatilememoryBy calling the Wrapping AESZeroizeKeysfunction inthe APIHMAC Key Generated Within N/Athe PhysicalBoundary; InputElectronically inPlaintext via APICallPlaintext in volatilememoryBy calling the Keyed hashingZeroizefunction inthe APIDRBGSeedGenerated Within Neverthe PhysicalBoundary; InputElectronicallyPlaintext in volatilememoryZeroizeGeneratefunction;random valuesModule resetDRBG ‘V’ValueGenerated Within Neverthe PhysicalBoundary; InputElectronicallyPlaintext in volatilememoryZeroizeUsed for SPfunction;8

The Kaseya Virtual System Administrator provides an IT automation framework allowing IT managers to proactively monitor, manage, maintain, and protect distributed IT resources using a single, integrated web-based interface. The services offered by Kaseya