McAfee Firewall Enterprise v8.2.0 and McAfee Firewall Enterprise Control Center v5.2.0 Security Target

Size: px
Start display at page:

Download "McAfee Firewall Enterprise v8.2.0 and McAfee Firewall Enterprise Control Center v5.2.0 Security Target"

Transcription

1 v8.2.0 and McAfee Firewall Enterprise Control Center v January 2012 Version 1.1 Prepared By: Primasec Ltd For McAfee Inc 2340 Energy Park Drive St. Paul, MN USA

2 Contents 1 Introduction ST Introduction , TOE and CC Identification Conformance Claims Common Criteria Protection Profile Conventions Terminology & Acronyms References TOE Description Product Type Application Context Physical and Logical Boundaries Evaluation Application Context Proxy agents to be Evaluated Features not to be Evaluated Physical Scope and Boundary Logical Scope and Boundary TOE Documentation Security problem definition Assumptions Threats Threats Addressed by the TOE Threat to be Addressed by Operating Environment Organisational security policies Security objectives Security objectives for the TOE Security objectives for the environment Security requirements Security functional requirements FMT_SMR.1 Security roles FIA_ATD.1 User attribute definition FIA_UID.2 User identification before any action Page 2 of 65

3 5.1.4 FIA_AFL.1 Authentication failure handling FIA_UAU.5 Multiple authentication mechanisms FIA_UAU.8 (X) Invocation of authentication mechanism FIA_SOS.2 TSF Generation of secrets FDP_IFC.1 Subset information flow control (1) FDP_IFC.1 Subset information flow control (2) FDP_IFC.1 Subset information flow control (3) FDP_IFF.1 Simple security attributes (1) FDP_IFF.1 Simple security attributes (2) FDP_IFF.1 Simple security attributes (3) FDP_UCT.1 Basic data exchange confidentiality FTP_ITC.1 Inter-TSF trusted channel FMT_MSA.1 Management of security attributes (1) FMT_MSA.1 Management of security attributes (2) FMT_MSA.1 Management of security attributes (3) FMT_MSA.1 Management of security attributes (4) FMT_MSA.1 Management of security attributes (5) FMT_MSA.1 Management of security attributes (6) FMT_MSA.3 Static attribute initialization FMT_MTD.1 Management of TSF data (1) FMT_MTD.1 Management of TSF data (2) FMT_MTD.2 Management of limits on TSF data FDP_RIP.1 Subset residual information protection FCS_COP.1 Cryptographic operation (1 data encryption) FCS_COP.1 Cryptographic operation (2 cryptographic signature services) FCS_COP.1 Cryptographic operation (3 cryptographic hashing) FCS_COP.1 Cryptographic operation (4 cryptographic key agreement) FCS_CKM.1 Cryptographic key generation (1) FCS_CKM.1 Cryptographic key generation (2) FCS_CKM.4 Cryptographic key destruction FPT_STM.1 Reliable time stamps FAU_GEN.1 Audit data generation FAU_SAR.1 Audit review FAU_SAR.3 Selectable audit review Page 3 of 65

4 FAU_STG.1 Protected audit trail storage FAU_STG.4 Prevention of audit data loss FMT_MOF.1 Management of security functions behaviour (1) FMT_MOF.1 Management of security functions behaviour (2) Security assurance requirements Definition of Extended Components TOE Summary Specification Security audit (SF-FAU) Cryptographic support (SF-FCS) User data protection (SF-FDP) Identification and authentication (SF-FIA) Security management (SF-FMT) Protection of the TSF (SF-FPT) Rationale Rationale for TOE security objectives Rationale for security objectives for the environment Rationale for security requirements Dependency rationale Rationale for TOE summary specification Rationale for security assurance requirements Loss of audit data Page 4 of 65

5 1 Introduction 1.1 ST Introduction This section presents the (ST) and Target of Evaluation (TOE) identification, ST conventions, ST conformance claims, and the ST organization. The TOE is McAfee Firewall Enterprise and McAfee Firewall Enterprise Control Center Within this ST, McAfee Firewall is used to identify the combination hardware and software required to manage and operate the TOE. There are two possible configurations, reflecting two separate management options. Configuration A comprises: the McAfee Firewall Enterprise software, including its SecureOS operating system, the McAfee Firewall Admin Console client software, the hardware or virtual platform for running the firewall software. Configuration B comprises: the McAfee Firewall Enterprise software, including its SecureOS operating system, the McAfee Firewall Enterprise Control Center ( Control Center ) Management server software, the hardware or virtual platform for running the Control Center Management server software, the Control Center client software. The specific firewall software version and management tool versions to be evaluated are all specified in Section 1.2. McAfee Firewall is a firewall and access control security platform for the enterprise; McAfee Firewall configured in its operational environment delivers strong security while maintaining performance and scalability. It provides access control of communication and information flow between two or more networks, usually the Internet and internal networks, using application-level proxy and packet filtering technology. The operational environment for the McAfee Firewall software is a dedicated McAfee appliance platform or virtual appliance, supporting a typical Intel-based instruction architecture. The configured McAfee Firewall provides the highest levels of security by using SecureOS, an enhanced UNIX operating system that employs McAfee's patented Type Enforcement security technology. Type Enforcement technology protects McAfee Firewall by separating all processes and services on the firewall. McAfee Firewall supports user identification and authentication (I&A) where "user" is defined to be a human user acting in an Administrative role, an authenticated proxy user, or an authorized IT entity. It provides the capability to pass and block information flows based on a set of rules defined by the Administrator. Additionally, it enforces security policies which restrict host-to-host connections to common Internet services such as: Telnet, File Transfer Protocol (FTP), Hypertext Transfer Protocol (HTTP and HTTPS), and Simple Mail Transfer Protocol (SMTP). McAfee Firewall supports encryption for remote administration, remote proxy users and authorized IT entities (e.g. certificate server, NTP server), and generates audit data of security relevant events. McAfee Firewall also provides VPN capability to encrypt out-going traffic flowing to a geographically separated enclave and decrypt incoming traffic from such an enclave. Page 5 of 65

6 This ST contains the following additional sections: TOE Description (Section 2) Security Problem Definition (Section 3) Security Objectives (Section 4) Security Requirements (Section 5) TOE Summary Specification (Section 6) Rationale (Section 8). 1.2, TOE and CC Identification ST Title McAfee Firewall Enterprise v8.2.0 and McAfee Firewall Enterprise Control Center ST Version 1.1 ST Date 10 January 2012 TOE Identification McAfee Firewall Enterprise and McAfee Firewall Enterprise Control Center with patch 520P01 Software: McAfee Firewall 8.2.0, together with either McAfee Firewall Enterprise (Sidewinder) Admin Console 5.05 (Configuration A) or McAfee Firewall Enterprise Control Center (Configuration B) The TOE runs on any 64 bit hardware or virtual platform for which a license can be purchased from McAfee (see list of platforms in section ). TOE Developer McAfee Evaluation Sponsor McAfee CC Identification Common Criteria for Information Technology Security Evaluation, Version 3.1r3 1.3 Conformance Claims Common Criteria This TOE and ST are conformant to the following CC specifications: [CC_PART2] Extended [CC_PART3] Conformant Assurance Level: EAL 4 augmented with ALC_FLR Protection Profile This TOE and ST are conformant to [FWPP] (Augmented). The TOE type is a firewall, and the TOE type in the PP is stated to be a firewall. The TOE type is therefore consistent with the PP. The statement of security problem definition in the ST is consistent with that in the PP. All threats, assumptions and organizational security policies in the PP are included in the ST. One threat has been added to address confidentiality and integrity of network traffic in support of claims made in relation to VPNs. Page 6 of 65

7 The statement of security objectives in the ST is consistent with that in the PP. The security objectives for the TOE in the ST include all those in the PP. One security objective for the TOE has been added, covering use of VPN. This does not conflict with the other objectives. One of the security objectives for the TOE has been repeated in the statement of security objectives for the environment, to reflect use of an external single-use authentication server. Some of the security objectives for the environment have been reworded for clarity, but in each case the objective is unaltered. The statement of security requirements in the ST is consistent with that in the PP. Additional security functional requirements have been added to reflect use of VPN. These additional security functional requirements are consistent with those from the PP. An additional security functional requirement has been added to reflect use of an external authentication server. This approach was validated with the PP authors during evaluation of an earlier version of the TOE in The security assurance requirements in the ST are hierarchical to those in the PP. The PP calls up EAL2 augmented with ALC_FLR.2, whereas the TOE uses EAL4 augmented with ALC_FLR Conventions Since this security target is claiming compliance with a protection profile, the conventions used are intended to highlight the completion of operations made within this security target. While this security target will include the operations made by the protection profile upon the CC requirements it is not the author s intent to highlight those operations (i.e., use bold, italics or special fonts). Therefore, keywords (e.g. selection, assignment and refinement) and formatting (e.g., special fonts) used within the protection profile to designate operations are being removed by this ST. The brackets used by the protection profile to designate operations completed by the PP are left in the requirements. The following conventions have been applied to indicate operations that this ST is making to the requirements in the protection profile: Security Functional Requirements Part 2 of the CC defines the approved set of operations that may be applied to functional requirements: iteration, assignment, selection, and refinement. o Iteration: allows a component to be used more than once with varying operations. In the ST, iteration is indicated by a number in brackets placed at the end of the component. For example FDP_ACC.1 (1) and FDP_ACC.1 (2) indicate that the ST includes two iterations of the FDP_ACC.1 requirement, 1 and 2. o Assignment: allows the specification of an identified parameter. Assignments are indicated using bold and are surrounded by brackets (e.g., [assignment]). Note that an assignment within a selection would be identified in italics and with embedded bold brackets (e.g. [[selected-assignment]]). o Selection: allows the specification of one or more elements from a list. Selections are indicated using bold italics and are surrounded by brackets (e.g., [selection]). o Refinement: allows the addition of details. Refinements are indicated using bold, for additions, and strike-through, for deletions (e.g., all objects or some big things ). Page 7 of 65

8 Other sections of the ST Other sections of the ST use bolding to highlight text of special interest, such as captions. 1.5 Terminology & Acronyms In the Common Criteria, many terms are defined in Section 4 of [CCPART1]. The following terms are a subset of those definitions. They are listed here to aid the user of the Security Target. External Entity User Authorized User Role Identity Authentication data Any entity (human or IT) outside the TOE that interacts (or may interact) with the TOE. Same as External Entity A user who may, in accordance with the SFRs, perform an operation. A predefined set of rules establishing the allowed interactions between a user and the TOE. A representation (e.g., a string) uniquely identifying an authorized user, which can either be the full or abbreviated name of that user or a pseudonym. Information used to verify the claimed identity of a user. In addition to the above general definitions, this provides the following specialized definitions: Administrator Any human user who has been identified and authenticated to act in the administrative role defined in the ST. An authorized administrator is an administrator who may, in accordance with the SFRs, perform an operation. A non-administrator is, obviously, someone who is not an administrator. Application-Level Proxy A proxy server acts on behalf of the user. All requests from clients to the Internet go to the proxy server first. The proxy evaluates the request, and if allowed, re-establishes it on the outbound side to the Internet. Likewise, responses from the Internet go to the proxy server to be evaluated. The proxy then relays the message to the client. Both client and server think they are communicating with one another, but, in fact, are dealing only with the proxy. Proxy servers are available for common Internet services; for example, an HTTP proxy is used for Web access, and an FTP proxy is used for file transfers. Such proxies are called "application-level proxies because they are dedicated to a particular application and protocol, and are aware of the content of the packets being sent. Authenticated Proxy User A user who has been identified and authenticated to satisfy the requirements for using a proxy according to the authenticated policy enforced by the TOE. A proxy user is any user, either authenticated or not, who is sending traffic through a proxy according to any security policy enforced by the TOE. A remote proxy user is a proxy user who is also a remote user. Authorized IT entity Any IT entity outside the TOE that may, in accordance with the SFRs, perform an operation on the TOE. Page 8 of 65

9 Local Administration Console This is a physically connected, generic hardware platform (part of the IT environment) running the McAfee Firewall Administration Console client (part of the TOE). Both the local administration console hardware and its network connection to the McAfee Firewall are physically protected. McAfee Firewall must be configured to accept administrative commands from the local administration console. Local Administrator This is an administrator who uses a local administration console to manage McAfee Firewall. Remote Administration Console This is also a generic hardware platform running the McAfee Firewall Administration Console client; it has a network connection to McAfee Firewall, but it is not a local administration console. McAfee Firewall must be configured to accept administrative commands from such a remote administration console. Remote User - A user that communicates with the TOE by means of a network connection. Since administrators are users, a remote administrator is an administrator who is also a remote user. Remote Administrator This is an administrator who uses a remote administration console or Control Center to manage the McAfee Firewall. Single-Use Authentication Data for single-use authentication can be something the user has or knows, but not something the user is. Examples of single-use authentication data include single-use passwords, encrypted time-stamps, and/or random numbers from a secret lookup table. The following abbreviations are used in this : AES ANSI BSD CC CD CPU DSA EAL ECB ESP FIPS FIPS PUB FLR FTP GHz GUI HTTP HTTPS Advanced Encryption Standard American National Standards Institute Berkley Software Distribution Common Criteria for Information Technology Security Evaluation Compact Disk Central Processing Unit Digital Signature Algorithm Evaluation Assurance Level Electronic Codebook Encapsulating Security Payload Federal Information Processing Standard Federal Information Processing Standard Publication Flaw Remediation File Transfer Protocol Gigahertz Graphical User Interface Hypertext Transfer Protocol Hypertext Transfer Protocol Secure Page 9 of 65

10 I&A ICMP IKE IPSEC IT LAN MB MMU NAT NTP OS OSP PC PP PRNG PS/2 RAM RDSA RFC RNG SA SAR SFP SFR SHA SMTP SSL ST SVGA TCP/IP TLS TOE TSC TSF Identification and Authentication Internet Control Message Protocol Internet Key Exchange Internet Protocol Security Information Technology Local Area Network Megabyte Memory Management Unit Network Address Translation Network Time Protocol Operating System Organizational Security Policy Personal Computer Protection Profile Pseudo Random Number Generator Personal System/2 Random Access Memory RSA Digital Signature Algorithm Request For Comment Random Number Generator Security Association Security Assurance Requirement Security Function Policy Security Functional Requirement Secure Hash Algorithm Simple Mail Transfer Protocol Secure Sockets Layer Super Video Graphics Array Transmission Control Protocol/Internet Protocol Transport Layer Security Target of Evaluation TSF Scope of Control TOE Security Functions Page 10 of 65

11 TSP URL US VPN TOE Security Policy Uniform Resource Locator United States Virtual Private Network 1.6 References The following documentation was used to prepare this ST: [CC_PART1] [CC_PART2] [CC_PART3] [CEM] [FWPP] [FIPS 140-2] [FIPS 180-3] [FIPS 197] [SP ] Common Criteria for Information Technology Security Evaluation Part 1: Introduction and general model, dated July 2009, version 3.1 revision 3, CCMB Common Criteria for Information Technology Security Evaluation Part 2: Security functional components, dated July 2009, version 3.1 revision 3, CCMB Common Criteria for Information Technology Security Evaluation Part 3: Security assurance components, dated July 2009, version 3.1 revision 3, CCMB Common Methodology for Information Technology Security Evaluation July 2009, version 3.1 revision 3, CCMB U.S. Government Protection Profile for Applicationlevel Firewall in Basic Robustness Environments Version 1.1, July 25, Security Requirements for Cryptographic Modules, Federal Information Processing Standard, May 2001 Secure Hash Standard (SHS), Federal Information Processing Standard, Oct 2008 Advanced Encryption Standard, Federal Information Processing Standard, Nov 2001 Recommendation for Key Management, NIST Special Publication, March 2007 Page 11 of 65

12 2 TOE Description This section provides context for the TOE evaluation by identifying the product type and describing the evaluated configuration. 2.1 Product Type The McAfee Firewall, operating with two or more network interfaces, provides a hybrid firewall solution that supports both application-level proxy and packet filtering. The McAfee Firewall software version consists of a collection of integrated firewall applications and SecureOS, a secure operating system. This OS is an extended version of the FreeBSD UNIX operating system. It includes McAfee's patented Type Enforcement security technology, additional network separation control, network-level packet filtering support and improved auditing facilities. SecureOS also provides the secured computing environment in which all McAfee Firewall application layer processing is done. McAfee Firewall also provides VPN capability between separated network enclaves. In addition to the McAfee Firewall hardware or virtual platform running the firewall application with SecureOS, the TOE also includes one of the following two configurations: Configuration A The Admin Console client software (McAfee Firewall Enterprise (Sidewinder) Admin Console). The Admin Console is separately installed on a generic Windows platform that is part of the IT environment: it is used to manage McAfee Firewall. Configuration B The McAfee Firewall Enterprise Control Center ( Control Center ) Management server software, the hardware or virtual platform for running the Control Center Management server software, and the Control Center client software. 2.2 Application Context McAfee Firewall operates in an environment where it provides a single point of connectivity between at least two networks. Typically one network is viewed as the inside of an organization, where there is some assumption of control over access to the computing network. The other network is typically viewed as an external network, similar to the Internet, where there is no practical control over the actions of its processing entities. McAfee Firewall's role is to limit and control all information flow between the networks. 2.3 Physical and Logical Boundaries Evaluation Application Context The following contextual assumptions apply to the TOE: a) It shall be newly installed and configured in accordance with the directives contained in the supplied guidance documentation; b) Physical access to the configured McAfee Firewall shall be controlled; c) The configured McAfee Firewall shall be connected only to networks between which it controls information flow; d) The configured McAfee Firewall shall manage traffic for at least two (2) networks, at least one of which is designated as internal and one is designated as external; Page 12 of 65

13 e) The configured McAfee Firewall shall support administrative operations via a GUI application, known as Admin Console, running on a Windows system, or via Control Center; f) If the configured McAfee Firewall is connected to an administrative workstation either directly or remotely, the communications are encrypted using TLS and the workstation is physically protected; g) If the configured McAfee Firewall is connected to Control Center, the communications between the McAfee Firewall and the Control Center Management server, and between the Control Center Management server and the Control Center client are encrypted using TLS, and Control Center client and server are physically protected; h) Only authorized administrators shall be allowed physical access to the McAfee Firewall hardware computing platform, or to the administrative workstation, or to Control Center Management Server and Client, for such purposes as starting the system Proxy agents to be Evaluated The FTP, HTTP, HTTPS, SMTP, Telnet, and Generic proxy agents are all included within the scope of the evaluation. Other protocol-aware proxy agents and services provided by McAfee Firewall are excluded from the scope of the evaluation Features not to be Evaluated McAfee Firewall provides additional capabilities by means of optional add-on features that require additional equipment and/or licensing. The following extra functionality of this type is specifically excluded from the scope of this evaluation: a) Anti-Virus; b) SmartFilter (URL Filtering); c) Signature based IPS; d) Policy Acceleration Network Cards; e) SSL Termination; f) Network analysis capability; g) Security Reporter (optional tool to view audit). McAfee Firewall includes functions that are explicitly excluded from the scope of the evaluation: a) Built-in servers other than ICMP; b) Trusted Source (reputation service for senders); c) Use of the command line to manage the TOE (disabled in the evaluated configuration) Physical Scope and Boundary The TOE consists of McAfee Firewall software version 8.2.0, which includes the firewall application and the SecureOS operating system, running on a dedicated McAfee appliance platform or virtual appliance. The TOE includes the Admin Console client software (the McAfee Firewall Enterprise (Sidewinder) Admin Console version 5.05). This software is provided with every McAfee Firewall appliance, and it is also provided as a separate part of every McAfee Firewall software product distribution. The administration client software runs on a generic Page 13 of 65

14 computing platform with a Windows operating system. However, the platform and Windows OS are not part of the TOE. The TOE also includes the Control Center Management Server version 5.2.0, its dedicated McAfee hardware platform or virtual appliance, and the Control Center Client software version The Control Center Client software runs on a generic computing platform with a Windows operating system. However, the client platform and Windows OS are not part of the TOE TOE Environment Requirements The McAfee Firewall appliance is configured to control the flow of TCP/IP traffic between two network interfaces. McAfee offers a family of appliance models with various hardware combinations to address a wide range of customer performance needs. In addition, a generic hardware platform is required in the IT environment to run the McAfee Firewall Admin Console software for remote or local administration, or the Control Center client software for remote administration. The evaluated configuration must include at least one administration console. The minimum configuration required for this platform is as follows: CPU: Intel, 3GHz RAM: 1 GB OS: MS Windows 2008 Server, Windows XP Professional, Windows Vista or Windows 7 Media: o Minimum of 750 MB of available disk storage o CD drive Network: One network interface USB port SVGA video and display PS/2 or Serial Mouse Keyboard The McAfee Firewall is available in two virtual forms: the Multi-Firewall Edition, provided in partnership with VMware, and the Virtual Appliance. The Multi-Firewall Edition appliance models come preinstalled on the same Dell or Intel hardware used for non-virtual appliances, preloaded with either 4, 8, 16 or 32 virtual firewalls, VMware vsphere Hypervisor (ESXi) operating system, and a virtual instance of McAfee Firewall Enterprise Control Center. The Virtual Firewall is delivered as software only, and is intended to be installed on existing VMware infrastructure installed on ESXi Hypervisor. The current McAfee Firewall Enterprise platforms are: - McAfee appliances: S1104, S2008, S3008, S4016, S5032, S6032, 1100F, 2150F, 4150F - Virtual: VMware vsphere Hypervisor (ESXi) version 4.1 The current McAfee Firewall Enterprise Control Center platforms are: - McAfee appliances: C1015, C2050 and C Virtual: VMware vsphere Hypervisor (ESXi) version 4.1 All specific TOE or TOE Environment settings and requirements are documented in guidance supplied with the TOE. Page 14 of 65

15 Hardware Security Considerations No extraordinary security demands are placed upon the hardware platforms and peripheral equipment used by the McAfee Firewall software. This equipment is expected to meet the customary demands for reliable operation of typical Unix or Microsoft Servers as provided by standard Intel PC computing platforms. The security features assumed to be present and operational on the hardware platforms include: The CPU must provide a two-state processing model to support the separation of the kernel processing from the application processing. The CPU and /or the supporting motherboard must provide a Memory Management Unit (MMU) to support separate memory spaces for the kernel and each process. The system motherboard must provide a battery backup for the clock to maintain time information when the system is shut down. Also the CPU or ancillary hardware must provide a periodic timer to support the internal time management within the kernel. If any of the network interface cards support features such as wake-on LAN, special external command features, or special protocol processing, the hardware connections to support those features should not be connected. In the evaluated configuration, McAfee Firewall will not enable any such special features. For those instances of the TOE that run on VMware, the virtual environment is assumed to emulate these hardware security features. Secure isolation of the virtual environments is the responsibility of the VMware environment, and is outside the scope of this ST Logical Scope and Boundary The TOE with support from the IT environment provides the following security features: a) Security Management [SF_FMT] b) Identification and Authentication [SF_FIA] c) User Data Protection [SF_FDP] d) Protection of Security Functions [SF_FPT] e) Audit [SF_FAU] f) Cryptographic support [SF_FCS] Security Management Management of the McAfee Firewall may be carried out using either the McAfee Firewall Admin Console or McAfee Firewall Enterprise Control Center. An administrator can use the McAfee Firewall Admin Console client (part of the TOE) to communicate with the McAfee Firewall remotely or via a locally connected network. All administration consoles, whether they are local or remote, use the same management interface and encrypted communications. Alternatively, an administrator can use the Control Center client, running on a Windows computer (part of the IT environment), to perform management functions on the McAfee Firewall. This interface modifies firewall configurations stored on the Control Center Management server, and these are then deployed to the specified firewalls. All communications are encrypted Identification and Authentication The McAfee Firewall TOE, along with support from the IT environment, supports standard UNIX password authentication. Identification attributes are assigned to each administrative Page 15 of 65

16 user and each authenticated proxy user. McAfee Firewall gathers data from the user and the associated service connection, and consults the rules to determine what form of authentication is required for the service (including use of an external authentication server). McAfee Firewall consults its stored user information, determines the password s validity, and enforces the result of the validity check. McAfee Firewall provides a mechanism for managing user access following authentication failures. McAfee Firewall also strictly limits the actions it will perform on behalf of a user before the user is authenticated. When establishing VPNs, McAfee Firewall will exchange identities and perform device-level authentication of the remote device (peer McAfee Firewall or remote VPN gateway). Device-level authentication is performed using authentication techniques specified in RFC 2409 and RFC Peers will mutually authenticate themselves to each other before establishing the secure channel User Data Protection McAfee Firewall allows an administrator to define security attributes to permit or deny information flows to or through the TOE. The set of security attributes will include items such as source and destination identification, application signatures, application level commands and user authentication. The TOE Administrator uses the security attributes to construct one or more access control rules. Packets arriving at the TOE interface are compared to the security attributes in the rules. When the packet attributes match the rules security attributes, that packet or connection is explicity approved or disapproved; otherwise the packet is dropped and the connection disallowed. In addition to restricting access via the rules, the TOE must generate and maintain state information for all approved connections mediated by the TOE. The TOE utilizes the state information to monitor the status of an approved connection and validate incoming packets purporting to be part of an approved connection. McAfee Firewall restricts information flows via application level commands by incorporating application proxies. Proxies understand the operation of a particular application protocol and can filter the application data portion of a packet according to Administrator defined security attributes (e.g. commands, data types, etc.). Proxies originate all proxy controlled information flows through the TOE on behalf of the communicating end points, which are not allowed to establish a direct connection through the TOE. In the evaluated configuration, McAfee Firewall provides 4 application proxies that can be configured to require user authentication: FTP, Telnet, HTTP and HTTPS. McAfee Firewall also provides a proxy for SMTP and a generic proxy that don t require user authentication. In the evaluated configuration, the FTP, Telnet, HTTP and HTTPS proxies can also be configured without requiring user authentication. McAfee Firewall uses the same security attributes discussed above to control access to its own services. McAfee Firewall supports Internet Control Message Protocol (ICMP) as an unauthenticated information flow, which can be enabled or disabled. McAfee Firewall also allows an administrator to establish a VPN policy to control data flows with remote VPN devices. McAfee Firewall provides for authentication to and from the remote device, agreement on cryptographic keys and algorithms, secure generation and distribution of session keys, and encryption of network traffic in accordance with the policy. User data is protected by different facilities depending upon the protocol and stage of processing. While user data is within the network stack, it is part of the kernel memory Page 16 of 65

17 space, and as such is protected from all user state processing elements on the system. While user data is in the control of a proxy process, it is protected by the SecureOS processing model and Type Enforcement facilities. McAfee Firewall network stack processing ensures that there is no leakage of residual information from previous packets to new packets as they are transferred through the firewall. The memory system zeros storage blocks before they are reused to prevent residual information leakage Protection of Security Functions Audit McAfee Firewall, with its SecureOS operating system, has been designed to be highly resistant to both malicious and accidental attack. It includes system elements that provide several levels of protection for its security functions. The lowest level of protection is provided by the computing platform Central Processing Unit (CPU). The CPU provides a two-state processing model that limits access to certain privileged instructions to the SecureOS kernel. The SecureOS kernel provides a second layer of protection by limiting user mode access to kernel memory. SecureOS also extends the normal FreeBSD UNIX network stack processing with additional separation control to restrict inter-process communication to certain interfaces. SecureOS includes McAfee's patented Type Enforcement facilities that enforce mandatory security policy control over all user state processing. The Type Enforcement policy data is loaded onto the system during installation and cannot be modified on an operational system. Type Enforcement ensures that critical data is accessible only via programs designed to use the data and that the impact of any failure will be confined in scope. McAfee Firewall also provides a reliable time stamp that is used by its audit mechanism. SecureOS supplements the normal UNIX Syslog Facilities by providing an audit device to which all processes and the kernel may write audit data. The SecureOS audit device adds security relevant information, such as the time and the identity of the generating process, to the audit data when it passes through the device within the kernel. The Administrator can view the contents of the audit records, and delete the audit trail. McAfee Firewall provides a sort and search capability to improve audit analysis. The Administrator can configure auditable events, and can configure the TOE to take appropriate actions in the event that the audit trail is close to being exhausted. The TOE provides the Administrator with a configurable audit trail threshold to track the storage capacity of the audit trail. As soon as the threshold is met, the TOE generates an audit record and displays a message on the console. In addition to displaying the message, the Administrator may configure the TOE to prevent all auditable events except for those performed by the Administrators, or may configure the TOE to overwrite the oldest audit records in the audit trail Cryptographic support McAfee Firewall establishes encrypted communications (acting as the initiator or responder) with authorized remote users and external IT entities. McAfee Firewall includes a software cryptographic module that is validated to FIPS (Level 1) as a minimum. McAfee Firewall performs data encryption/decryption using the Advanced Encryption Standard (AES) algorithm with a minimum key size of 128 bits. McAfee Firewall also performs digital signature generation/verification, random number generation and cryptographic hashing. Page 17 of 65

18 McAfee Firewall implements VPN mechanisms using cryptography and key management, using algorithms that have been validated to FIPS (Level 1) as a minimum. 2.4 TOE Documentation McAfee offers a series of documents that describe the installation of McAfee Firewall as well as guidance for subsequent use and administration of the applicable security features. Page 18 of 65

19 3 Security problem definition This section sets out the threats, assumptions and organisational security policies for the TOE. These are all taken from [FWPP]. 3.1 Assumptions The following conditions are assumed to exist in the operational environment. A.PHYSEC A.LOWEXP A.GENPUR A.PUBLIC A.NOEVIL A.SINGEN A.DIRECT A.NOREMO A.REMACC The TOE is physically secure. The threat of malicious attacks aimed at discovering exploitable vulnerabilities is considered low. There are no general-purpose computing capabilities (e.g. the ability to execute arbitrary code or applications) and storage repository capabilities on the TOE. The TOE does not host public data. Authorized administrators are non-hostile and follow all administrator guidance; however, they are capable of error. Information cannot flow among the internal and external networks unless it passes through the TOE. Human users within the physically secure boundary protecting the TOE may attempt to access the TOE from some direct connection (e.g., a console port) if the connection is part of the TOE. Human users who are not authorized administrators cannot access the TOE remotely from the internal or external networks. 1 Authorized administrators may access the TOE remotely from the internal and external networks. 3.2 Threats The following threats are addressed either by the TOE or the environment Threats Addressed by the TOE The threat agents are either unauthorized persons or external IT entities not authorized to use the TOE itself. T.NOAUTH T.REPEAT An unauthorized person may attempt to bypass the security of the TOE so as to access and use security functions and/or non-security functions provided by the TOE. An unauthorized person may repeatedly try to guess authentication data in order to use this information to launch attacks on the TOE. 1 All assumptions in this ST are taken from [FWPP]. The assumption is interpreted to refer to direct access to TOE administrative functions, rather than to send traffic via the TOE. As such, the assumption is unnecessary, since such access is controlled via TOE identification and authentication controls, and also requires access to the management application. Page 19 of 65

20 T.REPLAY An unauthorized person may use valid identification and authentication data obtained to access functions provided by the TOE. T.ASPOOF T.MEDIAT T.OLDINF T.PROCOM T.AUDACC T.SELPRO T.AUDFUL An unauthorized person on an external network may attempt to by-pass the information flow control policy by disguising authentication data (e.g. spoofing the source address) and masquerading as a legitimate user or entity on an internal network. An unauthorized person may send impermissible information through the TOE, which results in the exploitation of resources on the internal network. Because of a flaw in the TOE functioning, an unauthorized person may gather residual information from a previous information flow or internal TOE data by monitoring the padding of the information flows from the TOE. An unauthorized person or unauthorized external IT entity may be able to view, modify, and/or delete security related information that is sent between a remotely located authorized administrator and the TOE. Persons may not be accountable for the actions that they conduct because the audit records are not reviewed, thus allowing an attacker to escape detection. An unauthorized person may read, modify, or destroy security critical TOE configuration data. An unauthorized person may cause audit records to be lost or prevent future records from being recorded by taking actions to exhaust audit storage capacity, thus masking an attackers actions. T. LOWEXP The threat of malicious attacks aimed at discovering exploitable vulnerabilities is considered low. T.NETSEC An unauthorised person or unauthorised external I T entity may be able to view or modify private information that is sent between the TOE and another TOE or trusted IT product Threat to be Addressed by Operating Environment The threat possibility discussed below must be countered by procedural measures and/or administrative methods. T.TUSAGE 3.3 Organisational security policies The TOE may be inadvertently configured, used, and administered in an insecure manner by either authorized or unauthorized persons. US Federal agencies are required to protect sensitive but unclassified information with cryptography. The following organisational security policy must be met: P.CRYPTO AES (Advanced Encryption Standard as specified in FIPS 197) encryption (as specified in SP ) must be used to protect remote administration functions, and the associated cryptographic module must comply, at a minimum, with [FIPS 140-2] (level 1). Page 20 of 65

21 4 Security objectives 4.1 Security objectives for the TOE The following are the IT security objectives for the TOE: O.IDAUTH O.SINUSE O.MEDIAT O.SECSTA O.ENCRYP O.SELPRO O.AUDREC O.ACCOUN O.SECFUN O.LIMEXT O.EAL The TOE must uniquely identify and authenticate the claimed identity of all users, before granting a user access to TOE functions or, for certain specified services, to a connected network. The TOE must prevent the reuse of authentication data for users attempting to authenticate to the TOE from a connected network. The TOE must mediate the flow of all information between clients and servers located on internal and external networks governed by the TOE, and must ensure that residual information from a previous information flow is not transmitted in any way. Upon initial start-up of the TOE or recovery from an interruption in TOE service, the TOE must not compromise its resources or those of any connected network. The TOE must protect the confidentiality of its dialogue with an authorized administrator through encryption, if the TOE allows administration to occur remotely from a connected network. The TOE must protect itself against attempts by unauthorized users to bypass, deactivate, or tamper with TOE security functions. The TOE must provide a means to record a readable audit trail of security-related events, with accurate dates and times, and a means to search and sort the audit trail based on relevant attributes. The TOE must provide user accountability for information flows through the TOE and for authorized administrator use of security functions related to audit. The TOE must provide functionality that enables an authorized administrator to use the TOE security functions, and must ensure that only authorized administrators are able to access such functionality. The TOE must provide the means for an authorized administrator to control and limit access to TOE security functions by an authorized external IT entity. The TOE must be structurally tested and shown to be resistant to obvious vulnerabilities. O.NETSEC The TOE must provide a means to maintain the confidentiality and integrity of information sent between itself and another instance of the TOE or other trusted IT product. For a detailed mapping between threats and the IT security objectives listed above, see section 7.1 of the Rationale. Page 21 of 65

22 4.2 Security objectives for the environment All of the assumptions stated in section 3.1 are considered to be security objectives for the environment. The following are the security objectives that, in addition to those assumptions, are to be satisfied without imposing technical requirements on the TOE. That is, they will not require the implementation of functions in the TOE hardware and/or software. Thus, they will be satisfied largely through application of procedural or administrative measures. OE.PHYSEC OE.LOWEXP OE.GENPUR OE.PUBLIC OE.NOEVIL OE.SINGEN OE.DIRECT OE.NOREMO OE.REMACC OE.GUIDAN OE.ADMTRA OE.SINUSE The TOE is physically secure. The threat of malicious attacks aimed at discovering exploitable vulnerabilities is considered low. There are no general-purpose computing capabilities (e.g. the ability to execute arbitrary code or applications) and storage repository capabilities on the TOE. The TOE does not host public data. Authorized administrators are non-hostile and follow all administrator guidance; however, they are capable of error. Information cannot flow among the internal and external networks unless it passes through the TOE. Human users within the physically secure boundary protecting the TOE may attempt to access the TOE from some direct connection (e.g. a console port) if the connection is part of the TOE. Human users who are not authorized administrators cannot access the TOE remotely from the internal or external networks. Authorized administrators may access the TOE remotely from the internal and external networks. The TOE must be delivered, installed, administered, and operated in a manner that maintains security. Authorized administrators must be trained as to establishment and maintenance of security policies and practices. The TOE must prevent the reuse of authentication data for users attempting to authenticate to the TOE from a connected network. 2 For a detailed mapping between threats, assumptions, and the security objectives listed above see section 7.1 of the Rationale. 2 This objective for the environment is included to reflect the use in this ST of an authentication server in the environment. Page 22 of 65

23 5 Security requirements This section provides functional and assurance requirements that must be satisfied by the TOE. These requirements are expressed using functional components from Part 2 of the CC, and assurance components, including Evaluation Assurance Level (EAL), taken from Part 3 of the CC. 5.1 Security functional requirements The security functional requirements for the TOE are summarised in the table below. They are a superset of [FWPP], with additions for VPN, use of an external authentication server and key management. Extended components are indicated by (X). Additions to the PP are indicated by *. FMT_SMR.1 FIA_ATD.1 FIA_UID.2 FIA_AFL.1 FIA_UAU.5 FIA_UAU.8 (x)* FIA_SOS.2* Security roles User attribute definition User identification before any action Authentication failure handling Multiple authentication mechanisms Invocation of authentication mechanism TSF generation of secrets FDP_IFC.1 (1) Subset information flow control (1) FDP_IFC.1 (2) Subset information flow control (2) FDP_IFC.1 (3)* Subset information flow control (3) FDP_IFF.1 (1) Simple security attributes (1) FDP_IFF.1 (2) Simple security attributes (2) FDP_IFF.1 (3)* Simple security attributes (3) FDP_UCT.1* FTP_ITC.1* Basic data exchange confidentiality Inter-TSF trusted channel FMT_MSA.1 (1) Management of security attributes (1) FMT_MSA.1 (2) Management of security attributes (2) FMT_MSA.1 (3) Management of security attributes (3) FMT_MSA.1 (4) Management of security attributes (4) FMT_MSA.1 (5) Management of security attributes (5) FMT_MSA.1 (6) Management of security attributes (6) FMT_MSA.3 Static attribute initialization FMT_MTD.1 (1) Management of TSF data (1) FMT_MTD.1 (2) Management of TSF data (2) FMT_MTD.2 FDP_RIP.1 Management of limits on TSF data Subset residual information protection Page 23 of 65

24 FCS_COP.1 (1) FCS_COP.1 (2)* FCS_COP.1 (3)* FCS_COP.1 (4)* FCS_CKM.1 (1)* FCS_CKM.1 (2)* FCS_CKM.4* FPT_STM.1 FAU_GEN.1 FAU_SAR.1 FAU_SAR.3 FAU_STG.1 FAU_STG.4 Cryptographic operation Cryptographic operation Cryptographic operation Cryptographic operation Cryptographic key generation Cryptographic key generation Cryptographic key destruction Reliable time stamps Audit data generation Audit review Selectable audit review Protected audit trail storage Prevention of audit data loss FMT_MOF.1 (1) Management of security functions behaviour (1) FMT_MOF.1 (2) Management of security functions behaviour (2) FMT_SMR.1 Security roles FMT_SMR.1.1 FMT_SMR FIA_ATD.1 User attribute definition FIA_ATD.1.1 Table 5.1 The TSF shall maintain the role [authorized administrator]. The TSF shall be able to associate users with the authorized administrator role. The TSF shall maintain the following list of security attributes belonging to individual users: [ a) identity; b) association of a human user with the authorized administrator role; c) hashed value of password d) login specific data] FIA_UID.2 User identification before any action FIA_UID.2.1 The TSF shall require each user to identify itself before allowing any other TSF-mediated actions on behalf of that user FIA_AFL.1 Authentication failure handling FIA_AFL.1.1 FIA_AFL.1.2 The TSF shall detect when [a non-zero number determined by the authorized administrator] of unsuccessful authentication attempts occur related to [authorized TOE administrator access or authorized TOE IT entity access]. When the defined number of unsuccessful authentication attempts has been met or surpassed, the TSF shall [prevent the offending user from Page 24 of 65

McAfee Firewall Enterprise v7.0.1.02 Security Target

McAfee Firewall Enterprise v7.0.1.02 Security Target McAfee Firewall Enterprise v7.0.1.02 Security Target 8 Nov 2010 Version 1.3 Prepared By: Primasec Ltd For McAfee Inc 2340 Energy Park Drive St. Paul, MN 55108 USA McAfee Inc. Page 1 of 60 Contents 1 Introduction...

More information

U.S. Government Protection Profile for Application-level Firewall In Basic Robustness Environments

U.S. Government Protection Profile for Application-level Firewall In Basic Robustness Environments U.S. Government Protection Profile for Application-level Firewall In Basic Robustness Environments Information Assurance Directorate Version 1.1 July 25, 2007 Forward This Protection Profile US Government

More information

McAfee Web Gateway Version 7.0.1.1 EAL 2 + ALC_FLR.2 Security Target

McAfee Web Gateway Version 7.0.1.1 EAL 2 + ALC_FLR.2 Security Target McAfee Web Gateway Version 7.0.1.1 EAL 2 + ALC_FLR.2 Security Target Release Date: September 2010 Document ID: Version: Draft J Prepared By: Primasec Ltd. Prepared For: McAfee Inc. 3965 Freedom Circle

More information

McAfee Web Gateway Version 7.2.0.1 EAL 2 + ALC_FLR.2 Security Target

McAfee Web Gateway Version 7.2.0.1 EAL 2 + ALC_FLR.2 Security Target McAfee Web Gateway Version 7.2.0.1 EAL 2 + ALC_FLR.2 Release Date: 5 October 2012 Version: 1.0 Prepared By: Primasec Ltd. Prepared For: McAfee Inc. 3965 Freedom Circle Santa Clara, CA 95054 Document Introduction

More information

Cisco 800, 1900, 2900, 3900 Series Integrated Service Routers (ISR) Security Target

Cisco 800, 1900, 2900, 3900 Series Integrated Service Routers (ISR) Security Target Cisco 800, 1900, 2900, 3900 Series Integrated Service Routers (ISR) Security Target Revision 1.0 August 2011 1 Table of Contents 1 SECURITY TARGET INTRODUCTION... 6 1.1 ST and TOE Reference... 6 1.2 Acronyms

More information

DataPower XS40 XML Security Gateway and DataPower XI50 Integration Appliance Version 3.6. Security Target Version 0.75

DataPower XS40 XML Security Gateway and DataPower XI50 Integration Appliance Version 3.6. Security Target Version 0.75 DataPower S40 ML Security Gateway and DataPower I50 Integration Appliance Version 3.6 Security Target Version 0.75 10/09/2008 Prepared for: IBM SOA Appliance Group One Rogers St Cambridge, MA 02142 Prepared

More information

Firewall Protection Profile

Firewall Protection Profile samhällsskydd och beredskap 1 (38) ROS-ISÄK Ronny Janse 010-2404426 ronny.janse@msb.se Firewall Protection Profile samhällsskydd och beredskap 2 (38) Innehållsförteckning 1. Introduction... 4 1.1 PP reference...

More information

Mobile Billing System Security Target

Mobile Billing System Security Target Mobile Billing System Security Target Common Criteria: EAL1 Version 1.2 25 MAY 11 Document management Document identification Document ID Document title Product version IDV_EAL1_ASE IDOTTV Mobile Billing

More information

SECURITY TARGET FOR FORTIANALYZER V4.0 MR3 CENTRALIZED REPORTING

SECURITY TARGET FOR FORTIANALYZER V4.0 MR3 CENTRALIZED REPORTING SECURITY TARGET FOR FORTIANALYZER V4.0 MR3 CENTRALIZED REPORTING Document No. 1735-005-D0001 Version: 1.0, 3 June 2014 Prepared for: Fortinet, Incorporated 326 Moodie Drive Ottawa, Ontario Canada, K2H

More information

McAfee Firewall Enterprise

McAfee Firewall Enterprise 122-B CERTIFICATION REPORT No. CRP261 McAfee Firewall Enterprise Version 7.0.1.02HW02 running on S1104, FW-410F, FW-510F, FW-1100F, FW-2100F, FW-2150F, FW-4150F, FW-2150F-VX04, and RM700F; also VMware

More information

Final. U.S. Department of Defense. Application-level Firewall. Protection Profile. for. Basic Robustness Environments. Version 1.0

Final. U.S. Department of Defense. Application-level Firewall. Protection Profile. for. Basic Robustness Environments. Version 1.0 Final U.S. Department of Defense Application-level Firewall Protection Profile for Basic Robustness Environments Version 1.0 June 22, 2000 Protection Profile Title: U.S. Department of Defense Application-Level

More information

Security Target. Symantec TM Network Access Control Version 12.1.2. Document Version 0.12. February 14, 2013

Security Target. Symantec TM Network Access Control Version 12.1.2. Document Version 0.12. February 14, 2013 Security Target Symantec TM Network Access Control Version 12.1.2 Document Version 0.12 February 14, 2013 Document Version 0.12 Symantec Page 1 of 39 Prepared For: Prepared By: Symantec Corporation 350

More information

Security Target. NetIQ Access Manager 4.0. Document Version 1.13. August 7, 2014. Security Target: NetIQ Access Manager 4.0

Security Target. NetIQ Access Manager 4.0. Document Version 1.13. August 7, 2014. Security Target: NetIQ Access Manager 4.0 Security Target NetIQ Access Manager 4.0 Document Version 1.13 August 7, 2014 Document Version 1.13 NetIQ Page 1 of 36 Prepared For: Prepared By: NetIQ, Inc. 1233 West Loop South Suite 810 Houston, TX

More information

Security Target for Cisco Remote Access VPN

Security Target for Cisco Remote Access VPN Security Target for Cisco Remote Access VPN Reference: ST 16 May 2007 Version 1.17 CISCO Systems Inc. 170 West Tasman Drive San Jose CA 95124-1706 USA Copyright: 2007 Cisco Systems, Inc. Table of Contents

More information

EAL4+ Security Target

EAL4+ Security Target EAL4+ Security Target Common Criteria: EAL4 augmented with ALC_FLR.3 Version 1.0 21-DEC-10 Document management Document identification Document ID Document title Release authority E14_EAL4_ASE Microsoft

More information

Microsoft Forefront UAG 2010 Common Criteria Evaluation Security Target Microsoft Forefront Unified Access Gateway Team

Microsoft Forefront UAG 2010 Common Criteria Evaluation Security Target Microsoft Forefront Unified Access Gateway Team Microsoft Forefront UAG 2010 Common Criteria Evaluation Security Target Microsoft Forefront Unified Access Gateway Team Author: Microsoft Corp. Version: 1.0 Last Saved: 2011-03-10 File Name: MS_UAG_ST_1.0.docx

More information

Enterasys Networks, Inc. Netsight/Network Access Control v3.2.2. Security Target

Enterasys Networks, Inc. Netsight/Network Access Control v3.2.2. Security Target Enterasys Networks, Inc. Netsight/Network Access Control v3.2.2 Security Target Evaluation Assurance Level: EAL2+ Document Version: 0.7 Prepared for: Prepared by: Enterasys Networks, Inc. Corsec Security,

More information

AppGate Security Server, Version 8.0.4. Security Target. Document Version: 2.9 Date: 2008-04-10

AppGate Security Server, Version 8.0.4. Security Target. Document Version: 2.9 Date: 2008-04-10 AppGate Security Server, Version 8.0.4 Security Target Document Version: 2.9 Date: 2008-04-10 Contents 1 INTRODUCTION...6 1.1 ST Identification...6 1.2 ST Overview...6 1.3 CC Conformance Claim...6 1.4

More information

Security Target. Astaro Security Gateway V8 Packet Filter Version 1.000. Assurance Level EAL4+ Common Criteria v3.1

Security Target. Astaro Security Gateway V8 Packet Filter Version 1.000. Assurance Level EAL4+ Common Criteria v3.1 Astaro Security Gateway V8 Packet Filter Version 1.000 Assurance Level EAL4+ Common Criteria v3.1 This Security Target also covers the secunet wall 2 packet filter Version : 1.03 Date: 2011-05-20 Author:

More information

Security Target. Security Target SQL Server 2008 Team. Author: Roger French Version: 1.04 Date: 2011-09-26

Security Target. Security Target SQL Server 2008 Team. Author: Roger French Version: 1.04 Date: 2011-09-26 SQL Server 2008 Team Author: Roger French Version: 1.04 Date: 2011-09-26 Abstract This document is the (ST) for the Common Criteria certification of the database engine of Microsoft SQL Server 2008 R2.

More information

EPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION

EPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION COMMON CRITERIA PROTECTION PROFILE EPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION Draft Version 1.0 TURKISH STANDARDS INSTITUTION TABLE OF CONTENTS Common Criteria Protection Profile...

More information

Security Target: Symantec Endpoint Protection Version 11.0

Security Target: Symantec Endpoint Protection Version 11.0 Security Target: Symantec Endpoint Protection Version 11.0 ST Version 1.6 June 2, 2008 Document Version 1.6 Symantec Corporation Page 1 of 68 Prepared For: Prepared By: Symantec Corporation 20330 Stevens

More information

Security Target. McAfee Enterprise Mobility Management 9.7. Document Version 0.9. July 5, 2012

Security Target. McAfee Enterprise Mobility Management 9.7. Document Version 0.9. July 5, 2012 Security Target McAfee Enterprise Mobility Management 9.7 Document Version 0.9 July 5, 2012 Document Version 0.9 McAfee Page 1 of 39 Prepared For: Prepared By: McAfee, Inc. 2821 Mission College Blvd. Santa

More information

Windows Mobile 6.5 Security Target

Windows Mobile 6.5 Security Target EAL4 augmented with ALC_FLR.1 Version 1.0 January 2010 The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication.

More information

Firewall Protection Profile V2.0 2008. 4. 24

Firewall Protection Profile V2.0 2008. 4. 24 Firewall Protection Profile V2.0 2008. 4. 24 (This page left blank on purpose for double-side printing) Protection Profile Title Firewall Protection Profile for Government Evaluation Criteria Version This

More information

Citrix Systems, Inc. NetScaler Platinum Edition Load Balancer Version 9.1 Security Target

Citrix Systems, Inc. NetScaler Platinum Edition Load Balancer Version 9.1 Security Target Citrix Systems, Inc. NetScaler Platinum Edition Load Balancer Version 9.1 Security Target Evaluation Assurance Level: EAL2 augmented with ALC_FLR.2 Document Version: 1 Prepared for: Prepared by: Citrix

More information

Common Criteria Security Target For XenApp 6.0 for Windows Server 2008 R2 Platinum Edition

Common Criteria Security Target For XenApp 6.0 for Windows Server 2008 R2 Platinum Edition Common Criteria Security Target For XenApp 6.0 for Windows Server 2008 R2 Platinum Edition Version 1-0 7 February 2011 2011 Citrix Systems, Inc. All rights reserved. Summary of Amendments Version 1-0 7

More information

Marimba Client and Server Management from BMC Software Release 6.0.3

Marimba Client and Server Management from BMC Software Release 6.0.3 Marimba Client and Server Management from BMC Software Release 6.0.3 Version 2.3.0 4 June, 2007 Prepared by: BMC Software, Inc. 2101 City West Blvd. Houston, Texas 77042 TABLE OF CONTENTS 1. Introduction...

More information

ARKOON FAST Firewall v3.0 SECURITY TARGET

ARKOON FAST Firewall v3.0 SECURITY TARGET Version Date October 28, 2004 Version 2.7p Ref. AKV3-CRT-EAL2-ST ARKOON FAST Firewall v3.0 SECURITY TARGET 20 Prepared for 40 ARKOON Network Security 13A avenue Victor HUGO F-69160 Tassin La Demi-Lune

More information

GuardianEdge Data Protection Framework 9.0.1 with GuardianEdge Hard Disk Encryption 9.0.1 and GuardianEdge Removable Storage Encryption 3.0.

GuardianEdge Data Protection Framework 9.0.1 with GuardianEdge Hard Disk Encryption 9.0.1 and GuardianEdge Removable Storage Encryption 3.0. GuardianEdge Data Protection Framework 9.0.1 with GuardianEdge Hard Disk Encryption 9.0.1 and GuardianEdge Removable Storage Encryption 3.0.1 Security Target Version 2.01 Common Criteria EAL4 augmented

More information

Certification Report

Certification Report Certification Report EAL 4+ Evaluation of WatchGuard and Fireware XTM Operating System v11.5.1 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation

More information

Security Target. McAfee Data Loss Prevention Endpoint 9.4 and epolicy Orchestrator 5.1.3. Document Version 1.0

Security Target. McAfee Data Loss Prevention Endpoint 9.4 and epolicy Orchestrator 5.1.3. Document Version 1.0 Security Target McAfee Data Loss Prevention Endpoint 9.4 and epolicy Orchestrator 5.1.3 Document Version 1.0 November 24, 2015 Prepared For: Prepared By: Intel Corporation. 2821 Mission College Blvd. Santa

More information

Trust Technology Assessment Program. Validation Report

Trust Technology Assessment Program. Validation Report Trust Technology Assessment Program Validation Report U.S. Government Traffic Filter Firewall Protection Profile for Low-Risk Environments version 1.1 TTAP Report Number: TTAP-VR-0007 June, 1999 Mutual

More information

Security Target for Cisco Firewall Services Module (FWSM)

Security Target for Cisco Firewall Services Module (FWSM) Security Target for Cisco Firewall Services Module (FWSM) April 2007 This document includes the following sections: Security Target Introduction, page 1 TOE Description, page 3 TOE Security Environment,

More information

Security Target for the Fortinet FortiGate -200B and 620B Unified Threat Management Solution and FortiOS 4.0 CC Compliant Firmware: EAL4+

Security Target for the Fortinet FortiGate -200B and 620B Unified Threat Management Solution and FortiOS 4.0 CC Compliant Firmware: EAL4+ Security Target for the Fortinet FortiGate -200B and 620B Unified Threat Management Solution and FortiOS 4.0 CC Compliant Firmware: EAL4+ EWA Document No. 1708-001-D002 Fortinet Document No. ST0007 Version

More information

Network Intrusion Prevention System Protection Profile V1.1

Network Intrusion Prevention System Protection Profile V1.1 Network Intrusion Prevention System Protection Profile V1.1 December 21, 2005 (This page left blank on purpose for double-side printing) Protection Profile Title Network Intrusion Prevention System Protection

More information

National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report

National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme Validation Report TM HP Network Node Management Advanced Edition Software V7.51 with patch PHSS_35278 Report

More information

Natek Network Access Control (NAC)

Natek Network Access Control (NAC) Natek Network Access Control (NAC) V 5.4.2 Security Target Release Date: 28.08.2014 Version 1.13 AUTHOR: NATEK BİLİŞİM BİLGİSAYAR EĞİTİM DANIŞMANLIK YAZILIM TİCARET SANAYİ ANONİM ŞİRKETİ 1 Revision History

More information

IMPP. Identity Management Protection Profile BSI-PP-0024

IMPP. Identity Management Protection Profile BSI-PP-0024 Identity Management Protection Profile IMPP BSI-PP-0024 Version Number 1.17 Date: January 12, 2006 Status: Final Author: David Ochel Owner: Brian Matthiesen Note: This document will become a public document

More information

Security Target for Cisco Secure PIX Firewall 515, 520, 525 Version 5.2(3)

Security Target for Cisco Secure PIX Firewall 515, 520, 525 Version 5.2(3) Security Target for Cisco Secure PIX Firewall 515, 520, 525 Version 5.2(3) Reference: ST January 2001 Version: 1.6 Europe: USA: CISCO Systems Ltd CISCO Systems Inc. 3 The Square 170 West Tasman Drive Stockley

More information

RSA, The Security Division of EMC RSA Data Loss Prevention Suite v6.5. Security Target

RSA, The Security Division of EMC RSA Data Loss Prevention Suite v6.5. Security Target RSA, The Security Division of EMC RSA Data Loss Prevention Suite v6.5 Security Target Evaluation Assurance Level: EAL2 Augmented with ALC_FLR.1 Document Version: 0.7 Prepared for: Prepared by: RSA, The

More information

SenSage, Inc. SenSage 4.6.2. Security Target. Evaluation Assurance Level: EAL2+ Document Version: 1.2

SenSage, Inc. SenSage 4.6.2. Security Target. Evaluation Assurance Level: EAL2+ Document Version: 1.2 SenSage, Inc. SenSage 4.6.2 Security Target Evaluation Assurance Level: EAL2+ Document Version: 1.2 Prepared for: Prepared by: SenSage, Inc. 55 Hawthorne Street San Francisco, CA 94105 United States of

More information

Security Target for Citrix Presentation Server 4.0 For Windows

Security Target for Citrix Presentation Server 4.0 For Windows Security Target for Citrix Presentation Server 4.0 For Windows Reference: ST/T488 July 2005 Version: 1.0 This document has been prepared on behalf of: Prepared by: Citrix Systems, Inc BT 851 West Cypress

More information

HP StoreOnce Backup System Generation 3 Version 3.6.6 Security Target

HP StoreOnce Backup System Generation 3 Version 3.6.6 Security Target HP StoreOnce Backup System Generation 3 Version 3.6.6 Security Target Version 1.0 February 12, 2014 Prepared for: Hewlett-Packard Long Down Avenue Stoke Gifford Bristol BS34 8QZ UK Prepared By: Leidos

More information

Cryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik

Cryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik Common Criteria Protection Profile Cryptographic Modules, Security Level Enhanced BSI-CC-PP-0045 Endorsed by the Foreword This Protection Profile - Cryptographic Modules, Security Level Enhanced - is issued

More information

JMCS Northern Light Video Conferencing System Security Target

JMCS Northern Light Video Conferencing System Security Target JMCS Northern Light Video Conferencing System Security Target Common Criteria: EAL2 Version 1.2 22 FEB 12 Document management Document identification Document ID Document title Product version NLVC_ST_EAL2

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

EMC Corporation Data Domain Operating System Version 5.2.1.0. Security Target. Evaluation Assurance Level (EAL): EAL2+ Document Version: 0.

EMC Corporation Data Domain Operating System Version 5.2.1.0. Security Target. Evaluation Assurance Level (EAL): EAL2+ Document Version: 0. EMC Corporation Data Domain Operating System Version 5.2.1.0 Security Target Evaluation Assurance Level (EAL): EAL2+ Document Version: 0.11 Prepared for: Prepared by: EMC Corporation 176 South Street Hopkinton,

More information

Certification Report - Firewall Protection Profile and Firewall Protection Profile Extended Package: NAT

Certification Report - Firewall Protection Profile and Firewall Protection Profile Extended Package: NAT Template: CSEC_mall_doc.dot, 7.0 Ärendetyp: 6 Diarienummer: 14FMV10188-21:1 Dokument ID CB-015 HEMLIG/ enligt Offentlighets- och sekretesslagen (2009:400) 2015-06-12 Country of origin: Sweden Försvarets

More information

Security Target SQL Server 2012 Team

Security Target SQL Server 2012 Team Microsoft SQL Server 2012 Database Engine Common Criteria Evaluation (EAL2) Security Target SQL Server 2012 Team Author: Version: 1.2 Roger French (Microsoft Corporation) Date: 2012-08-07 Abstract This

More information

Security Target. McAfee VirusScan Enterprise 8.8 and epolicy Orchestrator 4.5. Document Version 1.3. October 12, 2011

Security Target. McAfee VirusScan Enterprise 8.8 and epolicy Orchestrator 4.5. Document Version 1.3. October 12, 2011 Security Target McAfee VirusScan Enterprise 8.8 and epolicy Orchestrator 4.5 Document Version 1.3 October 12, 2011 Document Version 1.3 McAfee Page 1 of 69 Prepared For: Prepared By: McAfee, Inc. 2821

More information

U.S. Government Protection Profile for Database Management Systems

U.S. Government Protection Profile for Database Management Systems U.S. Government Protection Profile for Database Management Systems Information Assurance Directorate Version 1.3 December 24, 2010 Protection Profile Title: 1 U.S. Government Protection Profile for Database

More information

Check Point Endpoint Security Full Disk Encryption Security Target

Check Point Endpoint Security Full Disk Encryption Security Target Check Point Endpoint Security Full Disk Encryption Security Target ST Version 2.4 June 22, 2009 Prepared for: 5 Ha Solelim St. Tel Aviv, Israel 67897 Prepared by: Metatron Ltd. 66 Yosef St., Modiin, Israel

More information

IronMail Secure Email Gateway Software Version 4.0.0 Security Target April 27, 2006 Document No. CipherTrust E2-IM4.0.0

IronMail Secure Email Gateway Software Version 4.0.0 Security Target April 27, 2006 Document No. CipherTrust E2-IM4.0.0 IronMail Secure Email Gateway Software Version 4.0.0 Security Target April 27, 2006 Document No. CipherTrust E2-IM4.0.0 CipherTrust 4800 North Point Parkway Suite 400 Alpharetta, GA 30022 Phone: 678-969-9399

More information

Australasian Information Security Evaluation Program

Australasian Information Security Evaluation Program Australasian Information Security Evaluation Program Certification Report Certificate Number: 2010/66 10 Mar 2010 Version 1.0 Commonwealth of Australia 2010. Reproduction is authorised provided that the

More information

Author: Roger French Version: 1.2 Date: 2009-01-23

Author: Roger French Version: 1.2 Date: 2009-01-23 Security Target SQL Server 2008 Team Author: Roger French Version: 1.2 Date: 2009-01-23 Abstract This document is the Security Target (ST) for the Common Criteria certification of the database engine of

More information

Security Target Microsoft SQL Server Team

Security Target Microsoft SQL Server Team Security Target Microsoft SQL Server Team Author: Roger French Version: 1.27 Date 2008-07-23 File Name: MS_SQL_ST_1.27 Abstract This document is the Security Target (ST) for the Common Criteria evaluation

More information

Trustwave Secure Web Gateway Security Target

Trustwave Secure Web Gateway Security Target Trustwave Secure Web Gateway Security Target Version 1.5 September 18, 2013 Trustwave 70 West Madison Street Suite 1050 Chicago, IL 60602 Prepared By: Common Criteria Consulting LLC 15804 Laughlin Lane

More information

Check Point Endpoint Security Media Encryption Security Target

Check Point Endpoint Security Media Encryption Security Target Check Point Endpoint Security Media Encryption Security Target Version 1.0 June 23, 2010 Prepared for: 5 Ha Solelim St. Tel Aviv, Israel 67897 Prepared By: Science Applications International Corporation

More information

Security Target for BorderWare Firewall Server 6.5

Security Target for BorderWare Firewall Server 6.5 Security Target for BorderWare Firewall Server 6.5 Reference: ST January 2002 Version : 2.4 North America: Europe: 50 Burnhamthorpe Rd. W. 1 The Harlequin Centre Suite 502 Southall Lane Mississauga Southall

More information

Operating System Protection Profile. Common Criteria Protection Profile BSI-CC-PP-0067 Version 2.0

Operating System Protection Profile. Common Criteria Protection Profile BSI-CC-PP-0067 Version 2.0 Common Criteria Protection Profile BSI-CC-PP-0067 Version 2.0 Bundesamt für Sicherheit in der Informationstechnik Postfach 20 03 63 53133 Bonn Tel.: +49 22899 9582-111 E-Mail: zertifizierung@bsi.bund.de

More information

Stonesoft Corporation. StoneGate Firewall cc.2 Security Target

Stonesoft Corporation. StoneGate Firewall cc.2 Security Target Stonesoft Corporation StoneGate Firewall 5.2.5.8081.cc.2 Security Target VERSION 2.1 2011-10-06 Stonesoft Corporation Itälahdenkatu 22 A, FIN-0210 Helsinki, Finland TABLE OF CONTENTS 1 INTRODUCTION 5 1.1

More information

Network Device Collaborative Protection Profile (NDcPP) Extended Package Session Border Controller. July 24, 2015 Version 1

Network Device Collaborative Protection Profile (NDcPP) Extended Package Session Border Controller. July 24, 2015 Version 1 Network Device Collaborative Protection Profile (NDcPP) Extended Package Session Border Controller July 24, 2015 Version 1 1 Table of Contents 1 Introduction... 4 1.1 Conformance Claims...4 1.2 How to

More information

Protection Profile for Portable Storage Media (PSMPP) Common Criteria Protection Profile BSI-CC-PP-0081-2012 Version 1.0

Protection Profile for Portable Storage Media (PSMPP) Common Criteria Protection Profile BSI-CC-PP-0081-2012 Version 1.0 Protection Profile for Portable Storage Media (PSMPP) Common Criteria Protection Profile BSI-CC-PP-0081-2012 Version 1.0 German Federal Office for Information Security PO Box 20 03 63 D-53133 Bonn Tel.:

More information

Security Target. McAfee Host Intrusion Prevention 8 and epolicy Orchestrator 4.5. Document Version 1.1. September 9, 2011

Security Target. McAfee Host Intrusion Prevention 8 and epolicy Orchestrator 4.5. Document Version 1.1. September 9, 2011 Security Target McAfee Host Intrusion Prevention 8 and epolicy Orchestrator 4.5 Document Version 1.1 September 9, 2011 Document Version 1.1 McAfee Page 1 of 61 Prepared For: Prepared By: McAfee, Inc. 2821

More information

Top Layer Networks IPS 5500 E Security Target

Top Layer Networks IPS 5500 E Security Target Top Layer Networks IPS 5500 E Security Target Version 1.1 April 10, 2009 Prepared For: Top Layer Networks 2400 Computer Drive Westborough, MA 01581 Prepared By: CygnaCom Solutions Security Evaluations

More information

Xceedium GateKeeper Version 5.2.1 Security Target

Xceedium GateKeeper Version 5.2.1 Security Target ceedium GateKeeper Version 521 Security Target February 3, 2011 Prepared for: ceedium, Inc 30 Montgomery Street Jersey City, NJ 07302 Prepared By: Science Applications International Corporation Common

More information

COMMON CRITERIA PROTECTION PROFILE. for SECURE COMMUNICATION MODULE FOR WATER TRACKING SYSTEM (SCM-WTS PP)

COMMON CRITERIA PROTECTION PROFILE. for SECURE COMMUNICATION MODULE FOR WATER TRACKING SYSTEM (SCM-WTS PP) COMMON CRITERIA PROTECTION PROFILE for SECURE COMMUNICATION MODULE FOR WATER TRACKING SYSTEM (SCM-WTS PP) Revision No 1.1 Revision Date 11.07.2014 Document Code File Name SCM-WTS PROTECTION PROFILE Prepared

More information

Cisco Email Security Appliance. Security Target. Version 1.0. October 2014

Cisco Email Security Appliance. Security Target. Version 1.0. October 2014 Cisco Email Security Appliance Security Target Version 1.0 October 2014 Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA 2014 Cisco Systems, Inc. All rights

More information

Common Criteria Security Target For NetScaler Platinum Edition Load Balancer Version 10.0

Common Criteria Security Target For NetScaler Platinum Edition Load Balancer Version 10.0 Common Criteria Security Target For NetScaler Platinum Edition Load Balancer Version 10.0 Version 1-1 5 July 2013 2013 Citrix Systems, Inc. All rights reserved. Summary of Amendments Version 1-1 5 July

More information

Security Target. Document Version 1.1. March 25, 2013

Security Target. Document Version 1.1. March 25, 2013 Security Target McAfee Enterprise Security Manager with Event Receiver, Enterprise Log Manager, Advanced Correlation Engine, Application Data Monitor and Database Event Monitor 9.1 Document Version 1.1

More information

Certification Report

Certification Report Certification Report EAL 4 Evaluation of SecureDoc Disk Encryption Version 4.3C Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification

More information

Protection Profile for Wireless Local Area Network (WLAN) Access Systems

Protection Profile for Wireless Local Area Network (WLAN) Access Systems Protection Profile for Wireless Local Area Network (WLAN) Access Systems Information Assurance Directorate 01 December 2011 Version 1.0 Table of Contents 1 Introduction to the PP... 1 1.1 PP Overview of

More information

MINISTERIO DE DEFENSA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN

MINISTERIO DE DEFENSA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN REF: 2010-12-INF-626 V1 Distribution: Public Date: 29.04.2011 Created: CERT3 Reviewed: TECNICO Approved: JEFEAREA CERTIFICATION REPORT FOR EADS GROUND SEGMENT SYSTEMS PROTECTION PROFILE (GSS-PP) ISSUE

More information

U. S. Government Protection Profile Anti-Virus Applications for Workstations In Basic Robustness Environments, Version 1.0

U. S. Government Protection Profile Anti-Virus Applications for Workstations In Basic Robustness Environments, Version 1.0 National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme Common Criteria Evaluation and Validation Scheme Validation Report U. S. Government Protection Profile Anti-Virus

More information

Security Target for LANCOM Systems Operating System LCOS 8.70 CC with IPsec VPN

Security Target for LANCOM Systems Operating System LCOS 8.70 CC with IPsec VPN Security Target for LANCOM Systems Operating System LCOS 8.70 CC with IPsec VPN Version 1.15 Release LANCOM Systems GmbH 2013 LANCOM Systems GmbH LANCOM, LANCOM Systems and LCOS are registered trademarks.

More information

Top Layer Networks. Security Target V2.3

Top Layer Networks. Security Target V2.3 Top Layer Networks IDS Balancer TM Version 2.2 Appliance (IDSB3531-CCV1.0, IDSB3532-CCV1.0, IDSB4508-CCV1.0) Security Target V2.3 August 31, 2004 AppBalancing, AppSafe, DCFD, Flow Mirror, SecureWatch,

More information

Protection Profile for Server Virtualization

Protection Profile for Server Virtualization Protection Profile for Server Virtualization 29 October 2014 Version 1.0 i 0 Preface 0.1 Objectives of Document This document presents the Common Criteria (CC) Protection Profile (PP) to express the fundamental

More information

EMC Documentum. EMC Documentum Content Server TM V5.3. and EMC Documentum Administrator TM V5.3. Security Target V2.0

EMC Documentum. EMC Documentum Content Server TM V5.3. and EMC Documentum Administrator TM V5.3. Security Target V2.0 EMC Documentum EMC Documentum Content Server TM V5.3 and EMC Documentum Administrator TM V5.3 Security Target V2.0 December 8, 2005 ST prepared by Suite 5200, 4925 Jones Branch Drive McLean, VA 22102-3305

More information

Cisco Adaptive Security Appliances (ASA) Firewall and Virtual Private Network (VPN) Platform Security Target

Cisco Adaptive Security Appliances (ASA) Firewall and Virtual Private Network (VPN) Platform Security Target Cisco Adaptive Security Appliances (ASA) Firewall and Virtual Private Network (VPN) Platform Security Target This document provides the basis for an evaluation of a specific Target of Evaluation (TOE).

More information

Certification Report

Certification Report Certification Report EAL 2+ Evaluation of Symantec Endpoint Protection Version 12.1.2 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and

More information

Security Target: IBM Internet Security Systems GX Series Security Appliances Version 4.1 and SiteProtector Version 2.0 Service Pack 8.

Security Target: IBM Internet Security Systems GX Series Security Appliances Version 4.1 and SiteProtector Version 2.0 Service Pack 8. Security Target IBM Internet Security Systems GX Series Security Appliances Version 4.1 and Document Version 0.6 February 27, 2012 Document Version 0.6 IBM Internet Security Systems Page 1 of 55 Prepared

More information

Security Target for. Astaro Security Gateway Software V6.300. CC Compliant Software EAL 2+

Security Target for. Astaro Security Gateway Software V6.300. CC Compliant Software EAL 2+ for Astaro Security Gateway Software V6.0 CC Compliant Software EAL 2+ September 04, 06 Version 2.08 Prepared by: Astaro AG, Amalienbadstraße 36 Bau 33a, 76227 Karlsruhe, Germany TABLE OF CONTENTS 1 INTRODUCTION...

More information

Australasian Information Security Evaluation Program

Australasian Information Security Evaluation Program Australasian Information Security Evaluation Program Certification Report Certificate Number: 2010/70 23 November 2010 Version 1.0 Commonwealth of Australia 2010. Reproduction is authorised provided that

More information

Senforce Endpoint Security Suite Version 3.1.175 Security Target

Senforce Endpoint Security Suite Version 3.1.175 Security Target Senforce Endpoint Security Suite Version 3.1.175 Security Target Version 1.0 06/19/07 Prepared for: Senforce Technologies, Inc. 147 W Election Rd Ste 110 Draper UT 84020 Prepared By: Science Applications

More information

Cisco Catalyst Switches (3560-X and 3750-X) Security Target

Cisco Catalyst Switches (3560-X and 3750-X) Security Target Cisco Catalyst Switches (3560- and 3750-) Security Target Revision 1.0 6 June 2012 1 Table of Contents 1 SECURITY TARGET INTRODUCTION... 6 1.1 ST and TOE Reference... 6 1.2 Acronyms and Abbreviations...

More information

SECURITY TARGET FOR CENTRIFY SUITE VERSION 2013.2

SECURITY TARGET FOR CENTRIFY SUITE VERSION 2013.2 SECURITY TARGET FOR CENTRIFY SUITE VERSION 2013.2 Document No. 1769-000-D0007 Version: v0.89, 12 September 2013 Prepared for: Centrify Corporation 785 N. Mary Avenue, Suite 200 Sunnyvale, California USA,

More information

Teradata Database Version 2 Release 6.1.0 (V2R6.1.0) Security Target

Teradata Database Version 2 Release 6.1.0 (V2R6.1.0) Security Target Teradata Database Version 2 Release 6.1.0 (V2R6.1.0) Security Target Version 2.0 February 2007 TRP Number: 541-0006458 NCR, Teradata and BYNET are registered trademarks of NCR Corporation. Microsoft, Windows,

More information

Security Target. McAfee Enterprise Mobility Management 12.0. Document Version 1.16

Security Target. McAfee Enterprise Mobility Management 12.0. Document Version 1.16 Security Target McAfee Enterprise Mobility Management 12.0 Document Version 1.16 September 17, 2014 Prepared For: Prepared By: McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 Primasec Ltd

More information

Security Target Sophos UTM V9 Packet Filter Version 1.000

Security Target Sophos UTM V9 Packet Filter Version 1.000 Sophos UTM V9 Packet Filter Version 1.000 Assurance Level EAL4+ Common Critera v3.1 Revision 4 Document version: 1.00 Document date: 2015-03-25 Document History Version Date Change(s) Author(s) 0.90 2014-02-19

More information

McAfee Endpoint Encryption 7.0 for PC with McAfee epolicy Orchestrator 4.6 Common Criteria EAL2+ Security Target

McAfee Endpoint Encryption 7.0 for PC with McAfee epolicy Orchestrator 4.6 Common Criteria EAL2+ Security Target McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 888.847.8766 www.mcafee.com McAfee Endpoint Encryption 7.0 for PC with McAfee epolicy Orchestrator 4.6 Common Criteria EAL2+ Security Target

More information

Oracle Business Intelligence Enterprise Edition (OBIEE) Version 10.1.3.3.2 with Quick Fix 090406 running on Oracle Enterprise Linux 4 update 5 x86_64

Oracle Business Intelligence Enterprise Edition (OBIEE) Version 10.1.3.3.2 with Quick Fix 090406 running on Oracle Enterprise Linux 4 update 5 x86_64 122-B CERTIFICATION REPORT No. CRP250 Business Intelligence Edition (OBIEE) Version 10.1.3.3.2 with Quick Fix 090406 running on update 5 Issue 1.0 June 2009 Crown Copyright 2009 All Rights Reserved Reproduction

More information

Chapter 17. Transport-Level Security

Chapter 17. Transport-Level Security Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics

More information

IBM Internet Security Systems GX6116 Security Appliance Version 2.2 and SiteProtector Version 2.0 Service Pack 7.0 with Reporting Module

IBM Internet Security Systems GX6116 Security Appliance Version 2.2 and SiteProtector Version 2.0 Service Pack 7.0 with Reporting Module Security Target IBM Internet Security Systems GX6116 Security Appliance Version 2.2 and SiteProtector Version 2.0 Service Pack 7.0 with Reporting Module Document Version 2.0 July 6, 2011 Document Version

More information

SECURITY TARGET: SQ-PHOENIX DIGITAL ENCRYPTOR

SECURITY TARGET: SQ-PHOENIX DIGITAL ENCRYPTOR SECURITY TARGET: SQ-PHOENI DIGITAL ENCRYPTOR VERSION 2.7 Prepared by and for: CES Communications Ltd Version 1.3 TABLE OF CONTENTS 1 Security Target Introduction... 1 1.1 ST and TOE Identification... 1

More information

Security Target: Symantec Mail Security 8300 Series Appliances Version 5.0

Security Target: Symantec Mail Security 8300 Series Appliances Version 5.0 Security Target: Symantec Mail Security 8300 Series Appliances Version 5.0 ST Version 1.6 August 20, 2007 Document Version 1.6 Symantec Corporation Page 1 of 55 Prepared For: Prepared By: Symantec Corporation

More information

System Center Mobile Device Manager 2008 Service Pack 1 Security Target

System Center Mobile Device Manager 2008 Service Pack 1 Security Target System Center Mobile Device Manager 2008 Service Pack 1 EAL4 augmented with ALC_FLR.3 Version 1.1 July 2009 The information contained in this document represents the current view of Microsoft Corporation

More information

StoneGate Firewall/VPN

StoneGate Firewall/VPN Stonesoft Corporation StoneGate Firewall/VPN Version 4.2.2 Build 5708.cc3.1 COMMON CRITERIA SECURITY TARGET VERSION 1.3 19 February 2010 Stonesoft Corporation Itälahdenkatu 22 A, FIN-0210 Helsinki, Finland

More information

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc. Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet

More information

Security Target. Symantec Data Loss Prevention 11.1.1. Document Version 1.0. January 23, 2012

Security Target. Symantec Data Loss Prevention 11.1.1. Document Version 1.0. January 23, 2012 Security Target Symantec Data Loss Prevention 11.1.1 Document Version 1.0 January 23, 2012 Document Version 1.0 Symantec Corporation Page 1 of 40 Prepared For: Prepared By: Symantec Corporation 350 Ellis

More information