Commit 631b925c authored by Valerie Aurora's avatar Valerie Aurora
Browse files

Add fail-close on unexpected VPN connection close requirement

parent 40657ac4

clauses/5.Requirements.md

+18 −0
Original line number Diff line number Diff line
@@ -57,6 +57,24 @@ The VPN client shall provide a simple user-accessible documented method to resto 
  * Verdict: All system configuration collected is functionally the same before and after the VPN connection starts and the system configuration restoration method completes => PASS, otherwise FAIL

  * Evidence: Collected system configuration, annotations of any configuration changes explaining why they aren't functional, log messages from tests, method used to force connection to end without allowing shutdown tasks to run, method used to restore system configuration



#### 5.2.X.x **[MI-CONF-3]** VPN client does not degrade system security



The VPN client shall not reduce system security after the end of the VPN connection, even if normal connection shutdown tasks have not completed.



Guidance: This is a "fail-closed" requirement - if something goes with the VPN connection, it is better to end with a more restricted/secure network configuration than the configuration before the VPN connection started, than a less restricted network configuration.



  * Reference: TR-CONF

  * Objective: Preserve security of system

  * Preparation: List all items of system configuration that the VPN client may alter

  * Activities:

    * For each item of system configuration that the VPN client may alter, configure the VPN in a way that would alter that item.

	* Collect the state of all system configuration the product may alter.

	* Start the VPN connection.

	* After the VPN reports that it is connected, force the VPN connection to end in a way that does not allow it to execute any VPN connection shutdown tasks.

	* Collect the system configuration again and compare with previous version.

  * Verdict: All system configuration collected is at least as secure/restricted as before the VPN connection started => PASS, otherwise FAIL

  * Evidence: Collected system configuration, annotations of any configuration changes explaining why they are more restricted/secure, log messages from tests, method used to force connection to end without allowing shutdown tasks to run



#### 5.2.X.x Mapping of mitigations to risk factors and security profiles



All mitigations are required for all products.