@@ -13,9 +13,9 @@ The product shall only report that the VPN connection is established after it ha
* Reference: TR-ROUT
* Objective: Prevent VPN traffic leaks
* Preparation: None
* Activities: Start the VPN connection, after it reports that it is connected, kill the VPN software in a way that does not allow it to execute any clean up routines, then attempt to transmit data that should only go through the VPN connection
* Activities: Start the VPN connection, after it reports that it is connected, force the VPN connection to end in a way that does not allow it to execute any VPN connection shutdown tasks, then attempt to transmit data that should only go through the VPN connection
* Verdict: No network traffic intended for the VPN exits the host
* Evidence: Configuration of VPN client, method used to kill client without allowing clean up routines to run, network configuration, log of actions, error messages, packet capture with annotations
* Evidence: Configuration of VPN client, method used to force connection to end without allowing shutdown tasks to run, network configuration, log of actions, error messages, packet capture with annotations
#### 5.2.X.x Mapping of mitigations to risk factors and security profiles
@@ -25,7 +25,7 @@ All mitigations are required for all products.
The establishment and ending of a VPN connection shall not result in functional changes to the system configuration unless explicitly authorized by the user.
#### 5.2.X.x **[MI-CONF-1]** VPN client restores any configuration it changes to its previous state after the VPN connection ends
#### 5.2.X.x **[MI-CONF-1]** VPN client restores any system configuration it changes to its previous state after the VPN connection ends
After the user knowingly deactivates the VPN connection, the VPN client shall restore any system configuration it has changed to a state that is functionally equivalent to the state it was in before the VPN connection began.
@@ -40,6 +40,23 @@ After the user knowingly deactivates the VPN connection, the VPN client shall re
* Verdict: All system configuration collected is functionally the same before and after the VPN connection starts and ends => PASS, otherwise FAIL
* Evidence: Collected system configuration, annotations of any configuration changes explaining why they aren't functional, log messages from tests
#### 5.2.X.x **[MI-CONF-2]** VPN client provides a method to restore any system configuration it changes to its previous state
The VPN client shall provide a simple user-accessible documented method to restore any system configuration it has changed to a state that is functionally equivalent to the state it was in before the VPN connection began, regardless of whether a previous VPN connection was able to complete connection shutdown tasks.
* Reference: TR-CONF
* Objective: Preserve integrity of system configuration
* Preparation: List all items of system configuration that the VPN client may alter
* Activities:
* For each item of system configuration that the VPN client may alter, configure the VPN in a way that would alter that item.
* Collect the state of all system configuration the product may alter.
* Start the VPN connection.
* After the VPN reports that it is connected, force the VPN connection to end in a way that does not allow it to execute any VPN connection shutdown tasks.
* Execute the method to restore system configuration.
* Collect the system configuration again and compare with previous version.
* Verdict: All system configuration collected is functionally the same before and after the VPN connection starts and the system configuration restoration method completes => PASS, otherwise FAIL
* Evidence: Collected system configuration, annotations of any configuration changes explaining why they aren't functional, log messages from tests, method used to force connection to end without allowing shutdown tasks to run, method used to restore system configuration
#### 5.2.X.x Mapping of mitigations to risk factors and security profiles
