C004 Certification Report

Transcription

1 C004 Certification Report MyBOX Firewall File name: Version: v1 Date of document: 2 November 2010 Document classification: For general inquiry about us or our services, please mycc@cybersecurity.my

2

3 C004 Certification Report - MyBOX Firewall C004 Certification Report MyBOX Firewall 2 November 2010 MyCB Department CyberSecurity Malaysia Level 8, Block A, Mines Waterfront Business Park, No 3 Jalan Tasik, The Mines Resort City Seri Kembangan, Selangor, Malaysia Tel: Fax: Page i of ix

4 C004 Certification Report - MyBOX Firewall Document Authorisation DOCUMENT TITLE: C004 Certification Report - MyBOX Firewall DOCUMENT REFERENCE: ISSUE: v1 DATE: 2 November 2010 DISTRIBUTION: UNCONTROLLED COPY - FOR UNLIMITED USE AND DISTRIBUTION Page ii of ix

5 C004 Certification Report - MyBOX Firewall Copyright and Confidentiality Statement The copyright of this document, which may contain proprietary information, is the property of CyberSecurity Malaysia. The document shall not be disclosed, copied, transmitted or stored in an electronic retrieval system, or published in any form, either wholly or in part without prior written consent. The document shall be held in safe custody. CYBERSECURITY MALAYSIA, 2010 Registered office: Level 8, Block A, Mines Waterfront Business Park, No 3 Jalan Tasik, The Mines Resort City, Seri Kembangan Selangor Malaysia Registered in Malaysia Company Limited by Guarantee Company No U Printed in Malaysia Page iii of ix

6 C004 Certification Report - MyBOX Firewall Forward The Malaysian Common Criteria Evaluation and Certification (MyCC) Scheme has been established under the 9 th Malaysian Plan to increase Malaysia s competitiveness in quality assurance of information security based on the Common Criteria (CC) standard and to build consumers confidence towards Malaysian information security products. The MyCC Scheme is operated by CyberSecurity Malaysia and provides a model for licensed Malaysian Security Evaluation Facilities (MySEFs) to conduct security evaluations of ICT products, systems and protection profiles against internationally recognised standards. The results of these evaluations are certified by the Malaysian Common Criteria Certification Body (MyCB) established within CyberSecurity Malaysia. By awarding a Common Criteria certificate, the MyCB asserts that the product complies with the security requirements specified in the associated Security Target. A Security Target is a requirements specification document that defines the scope of the evaluation activities. The consumer of certified IT products should review the Security Target, in addition to this certification report, in order to gain an understanding of any assumptions made during the evaluation, the IT product's intended environment, its security requirements, and the level of confidence (i.e., the evaluation assurance level) that the product satisfies the security requirements. This certification report is associated with the certificate of product evaluation dated 23 November 2010, and the Security Target (Ref [6]). The certification report, Certificate of product evaluation and security target are posted on the MyCC Scheme Certified Product Register (MyCPR) at Reproduction of this report is authorized provided the report is reproduced in its entirety. Page iv of ix

7 C004 Certification Report - MyBOX Firewall Disclaimer The Information Technology (IT) product identified in this certification report and its associate certificate has been evaluated at an accredited and licensed evaluation facility established under the Malaysian Common Criteria Evaluation and Certification (MyCC) Scheme (Ref [4]) using the Common Methodology for IT Security Evaluation, version 3.1 revision 3 (Ref [3]), for conformance to the Common Criteria for IT Security Evaluation, version 3.1 revision 3 (Ref [2]). This certification report and its associated certificate apply only to the specific version and release of the product in its evaluated configuration. The evaluation has been conducted in accordance with the provisions of the MyCC Scheme and the conclusions of the evaluation facility in the evaluation technical report are consistent with the evidence adduced. This certification report and its associated certificate is not an endorsement of the IT product by CyberSecurity Malaysia or by any other organisation that recognises or gives effect to this certification report and its associated certificate, and no warranty of the IT product by CyberSecurity Malaysia or by any other organisation that recognises or gives effect to this certificate, is either expressed or implied. Page v of ix

8 C004 Certification Report - MyBOX Firewall Document Change Log RELEASE DATE PAGES AFFECTED REMARKS/CHANGE REFERENCE v1 2 November 2010 All Final Released. Page vi of ix

9 C004 Certification Report - MyBOX Firewall Executive Summary The MyBOX Firewall v3.1 (hereafter referred as MyBOX Firewall) from Tracenetwork Corporation Sdn. Bhd. is the Target of Evaluation (TOE) for this Evaluation Assurance Level (EAL) 3 evaluation. MyBOX Firewall is a perimeter firewall product for securing data communication and protecting network connectivity. The firewall service includes the packet filtering control. The MyBOX Firewall is intended for use by organizations that need controlled, protected and audited access to services, both from inside or outside their organization s network, by allowing, denying and/or redirecting the flow of data through the firewall. The MyBOX Firewall comprises a firewall engine, its operating system and data repository platform, IDP modules, antivirus module, application proxy content filtering, and security management software. The firewall engine, audit event recording, and the security management system are included in the scope of the TOE. The IDP module, antivirus module and application proxy content filtering are outside of the scope of the evaluation. The scope of the evaluation is defined by the Security Target (Ref [6]), which identifies assumptions made during the evaluation, the intended environment for MyBOX Firewall, the security requirements, and the evaluation assurance level at which the product is intended to satisfy the security requirements. Consumers are advised to verify that their operating environment is consistent with that specified in the security target, and to give due consideration to the comments, observations and recommendations in this certification report. This report confirms the findings of the security evaluation of MyBOX Firewall v3.1 to the Common Criteria (CC) evaluation assurance level EAL3. The report confirms that the product has met the target assurance level of EAL3 and the evaluation was conducted in accordance with the relevant criteria and the requirements of the Malaysian Common Criteria Evaluation and Certification (MyCC) Scheme (Ref [4]). The evaluation was performed by the CyberSecurity Malaysia MySEF and was completed on 13 October The Malaysian Common Criteria Certification Body (MyCB), as the MyCC Scheme Certification Body, declares that the MyBOX Firewall v3.1 upholds the claims made in the Security Target (Ref [6]) and supporting documentation, and has met the requirements of the Common Criteria (CC) assurance level EAL3. The product Certificate, Certification Report and Security Target will be listed on the MyCC Scheme Certified Products Register (MyCPR) at It is the responsibility of the user to ensure that the MyBOX Firewall v3.1 meets their requirements. It is recommended that a potential user of the MyBOX Firewall v3.1 to refer to the Security Target (Ref [6]) and this Certification report prior to deciding whether to purchase the product. Page vii of ix

10 C004 Certification Report - MyBOX Firewall Table of Contents 1 Target of Evaluation TOE Description TOE Identification Security Policy TOE Architecture Clarification of Scope Assumptions Usage assumptions Environment assumptions Evaluated Configuration Delivery Procedures Documentation Evaluation Evaluation Analysis Activities Life-cycle support Development Guidance documents IT Product Testing Results of the Evaluation Assurance Level Information Recommendation Annex A References A.1 References A.2 Terminology A.2.1 Acronyms A.2.2 Glossary of Terms Page viii of ix

11 C004 Certification Report - MyBOX Firewall Index of Tables Table 1: TOE identification... 1 Table 2: Pre-configured TOE on a hardware appliance... 6 Table 3: List of Evaluator Independent Test... 9 Table 4: List of Acronyms Table 5: Glossary of Terms Index of Figures Figure 1: Subsystems of the TOE... 3 Page ix of ix

12

13 1 Target of Evaluation 1.1 TOE Description 1 The Target of Evaluation (TOE), MyBOX Firewall v3.1, is a firewall which includes the packet filtering firewall functionality support by identification and authentication of administrators, audit record generation and processing, and security management of the TOE. 2 The MyBOX Firewall v3.1 is a software and operating system combination that is housed on hardware appliances. The hardware appliances are not included within the scope of the evaluation. It is delivered to the customers as a pre-configured 1U rack mount appliance. 3 The evaluated security functionalities for the TOE includes: a) Identification and Authentication of authorized administrator accessing the management interface; b) Information flow control for IP packet filtering; c) Security management and protection functions to support the security services; and d) Audit management. 1.2 TOE Identification 4 The details of the TOE are identified in Table 1 below. Table 1: TOE identification Evaluation Scheme Project Identifier TOE Name Malaysian Common Criteria Evaluation and Certification (MyCC) Scheme C004 MyBOX Firewall TOE Version v3.1 Security Target Title MyBOX Firewall System Security Target Security Target Version v2.4 Security Target Date 13 August 2010 Assurance Level Evaluation Assurance Level 3 (EAL3) Criteria Common Criteria July 2009,, Revision 3 Methodology Protection Profile Conformance Common Methodology for Information Technology Security Evaluation, July 2009, Revision 3 None Page 1 of 16

14 Common Criteria Conformance Sponsor and Developer Evaluation Facility CC Part 2 Conformant CC Part 3 Conformant Package conformant to EAL3 Tracenetwork Corporation Sdn Bhd No.15, Jalan Nilam 1/2, Subang Square Industrial Park Shah Alam, Selangor, Malaysia. CyberSecurity Malaysia MySEF 1.3 Security Policy 5 MyBOX Firewall v3.1 implements information flow security policy to restrict the ability of unauthenticated external entities to pass information to one another through the TOE. The details of the information flow security policy are described in Section of ST v The MyBOX Firewall administrator is required to configure the policy rules for the information flow security policy using the management interface. This policy rules should be implemented in accordance with their own organisation IT policy. 1.4 TOE Architecture 7 The TOE is a packet filtering firewall delivered through the Ethernet ports on the device. As such, the Ethernet ports provide the primary interface to the TOE subsystems. Page 2 of 16

15 Figure 1: Subsystems of the TOE 8 The TOE is made up of ten separate subsystems as described below. However not all ten subsystems are in the scope of the evaluation: a) In the scope of the evaluation: i) Hardware abstraction layer provides hardware independent abstraction to the physical ports of the TOE for use by other TOE software. Basically, hardware abstraction layer is the collection of device drivers for the hardware ports. ii) iii) Rules engine subsystem provides the central capability for enforcing domain separation and enforcing the information flow control policy for the TOE. Rule-base subsystem provides the capability for configuring and establishing the information security policy associated with the traffic filtering firewall functionality for the TOE. iv) Link layer subsystem performs all the link layer protocol tasks for the incoming and outgoing network traffic within the TOE. The TOE does not Page 3 of 16

16 implement any link layer security protocols. However, the ability of the TOE to preserve security objectives depends on the correctness of the network traffic, inclusive of correct link layer processing. v) Network subsystem provides the underlying routing and handling of IP packets that have arrived from the physical network interfaces. This subsystem supports domain separation for the network domains. vi) OS kernel subsystem provides the central control for the MyBOX Firewall, providing memory management, process management and resource management for the services and daemons that run on the device. vii) subsystem provides the capability for configuring and establishing core administrative functions and policies for the TOE, such as identification and authentication and auditing or logging. viii) Logging subsystem provides the TOE with the capability to captures, stores and reviews the audit records from the various events of interest that can occur throughout the system. ix) System subsystem provides the underlying IP tools and local services used by the TOE administrator to manage and monitor the various components of the MyBOX Firewall. b) Outside the scope of the evaluation: i) VPN/Proxy subsystem provides the capability for configuring and establishing the information security policy associated with the VPN capability of the TOE. 1.5 Clarification of Scope 9 The TOE is designed to be suitable for use in well-protected environments that have effective countermeasures, particularly in the areas of physical access, personnel and communication security in accordance with administrator guidance that is supplied with the product. However, the scope of the evaluation was limited to those claims made in the Security Target (Ref [6]). 10 The MyBOX Firewall comprises a firewall engine, its operating system and data repository platform, IDP modules, antivirus module, application proxy content filtering, and security management software. However, only the firewall engine, audit event recording, and the security management system are included in the scope of the TOE. 11 Consumers should be aware of the following components which are not part of the evaluated scope: a) MyBOXOS, a proprietary hardened Linux kernel file system and MyBOX s proprietary software such as IDP module, antivirus module and application proxy content filtering. 12 Evaluated security functionality includes: Page 4 of 16

17 a) Identification and Authentication provides the means to ensure that the authorised users are identified (IP and MAC address) and authenticated (role based password) to access the TOE administrative interfaces; b) Information Flow Control the TOE controls the flow of IP traffic between logical network interfaces by matching information contained in the header of IP packets according to specified security policies. Depending upon the rule and the results of the match, the TOE will pass, drop, or reject the packet will also log the specific details of the packet; c) Security provides a GUI to authorised administrator to manage the functions related to security policies, data collection, analysis and reaction; and d) Security Audit The MyBOX Firewall generates audit records of IP traffic through the appliance and stores them in an audit trail on the MyBOX Firewall appliance. TOE supports remote syslog server as a backup store to prevent audit data loss. 1.6 Assumptions 13 This section summarises the security aspects of the environment/configuration in which the IT product is intended to operate. Consumers should understand their own IT environments that required for secure operation of the MyBOX Firewall defined in subsequent sections and in the Security Target (Ref [6]) Usage assumptions 14 Assumptions for the TOE usage listed in the ST are: a) Authorized administrator is not being negligent in performing TOE configurations. b) The TOE shall be managed from a network that is physically separated from the internal and external networks. Remote management of the TOE is only permitted in the event that a secure and trusted connection can be established to the management network (i.e. through a trusted VPN) Environment assumptions 15 Assumptions for the TOE environment listed in the ST are: a) The TOE is physically located within controlled and secured access facilities, which will prevent unauthorized physical access or modification. b) Information cannot flow among the internal and external networks unless it passes through the TOE to maintain integrity and confidentiality of information. c) The TOE Environment will provide the following services to support the TOE: server for audit alerts, NTP server for time updates, Syslog server for Audit log backup. Page 5 of 16

18 1.7 Evaluated Configuration 16 This section describes the configurations of the TOE that are included within the scope of the evaluation. 17 MyBOX Firewall v3.1 is software and operating system combination that is housed on hardware appliances. The TOE which will be delivered to the customers is a preconfigured hardware appliance as described in Table 2. Table 2: Pre-configured TOE on a hardware appliance Model Ethernet Ports Console LCD Control Form Factor Panel MyBOX x 10/100/1000 Mbps Yes No 1U rack mount 18 After it has been delivered, the administrator needs to do secure preparation of the operational environment of the TOE according to the Preparative Procedures (Ref 26d)). 1.8 Delivery Procedures 19 MyBOX Firewall v3.1 is delivered to customers using the procedure described in the Delivery Procedure (DP) v1.2 (Ref 26i)) which ensures that the MyBOX Firewall v3.1 is securely transferred from the development environment into the responsibility of the customer. The delivery procedures are outlined below. 20 A Purchase Order will be given to a possible customer after a quotation agreed by the customer. After the customer makes payment and signs a Purchase Order, an appliance of MyBOX Firewall v3.1 will be constructed at the developer s site for the customer. MyBOX Firewall v3.1 is then delivered and pre-installed for the user by the developer, trusted authorized personnel. The MyBOX Firewall v3.1 is hand delivered to the customer by the developer s trusted personnel, thus ensuring that it is securely transferred to the customer. 21 A Delivery Order and Invoice is given to the customer upon delivery. The developer s personnel then install the MyBOX Firewall v3.1 and perform some basic configurations including: setting up the IP for MyBOX Firewall v3.1; setting up IPs where administrators can connect from; and assisting with the set up password for administrators. 22 The customer checks that MyBOX Firewall v3.1 as identified in the Purchase Order has been delivered in the correct version. The user can do this by connecting to WEB- GUI and verifying that MyBOX Firewall System v3.1 is displayed on the top panel. 23 The administrator must then make the following configuration changes in order to ensure the secure usage of the product: a) Ensure that the TOE has an appropriate password for each administrator account; b) Ensure that TOE management is performed from a secure network on its own physical interface; Page 6 of 16

19 c) Ensure that access to the TOE management network is restricted; d) Ensure that access to the console port of the TOE is restricted to as few users as possible; and e) Deploy a trusted VPN to ensure that traffic to the TOE management network cannot be intercepted in transit. 24 After delivering the product, the developer prepares a Secure Acceptance Report using the current version of Secure Acceptance Report Template document, and performs a User Acceptance Test (UAT). The developer then completes the Secure Acceptance Report (Ref 26e)) which will be signed and acknowledged by the customer. 1.9 Documentation 25 To ensure continued secure usage of the product, it is important the MyBOX Firewall v3.1 is used in accordance with guidance documentation. 26 The following documentation is provided by the developer as guidance to ensure secure installation of the product: a) MyBOX Firewall System Supplementary Document for User Guidance, version 1.0, 27 May 2009 b) MyBOX Firewall System Administrator Guide Part I (via HTTPS), version 1.1, 14 August 2009 c) MyBOX Firewall System Administrator Guide Part II (via Console and SSH), version 1.1, 14 August 2009 d) MyBOX Firewall System Preparative Procedures, version 1.2, 26 May 2010 e) MyBOX Firewall System Secure Acceptance Report Template, version 1.0, 3 April 2009 f) MyBOX Support Service Level Agreement (SLA) g) Tracewall Quick Start Guide Book h) MyBOX System End-User License Agreement EULA i) MyBOX Firewall System Delivery Procedure, Version 1.2, 13 September 2010 Page 7 of 16

20 2 Evaluation 27 The evaluation was conducted in accordance with the requirements of the Common Criteria, Revision 3 (Ref [2]) and the Common Methodology for IT Security Evaluation (CEM), Revision 3 (Ref [3]). The evaluation was conducted at Evaluation Assurance Level 3 (EAL3). The evaluation was performed conformant to the MyCC Scheme Policy (MyCC_P1) (Ref [4]) and MyCC Scheme Evaluation Facility Manual (MyCC_P3) (Ref [5]). 2.1 Evaluation Analysis Activities 28 The evaluation activities involved a structured evaluation of MyBOX Firewall v3.1, including the following components: Life-cycle support 29 An analysis of the MyBOX Firewall v3.1 configuration management system and associated documentation was performed. The evaluators found that the MyBOX Firewall v3.1 configuration items were clearly and uniquely labelled, and that the access control measures as described in the configuration management documentation are effective in preventing unauthorized access to the configuration items. The developer s configuration management system was also observed during the site visit, and it was found to be consistent with the provided evidence. 30 During the site visit the evaluators examined the development security documentation and determined that it detailed sufficient security measures for the development environment to protect the confidentiality and integrity of the MyBOX Firewall v3.1 design and implementation. The evaluators confirmed that the developer used a documented life-cycle model which provides necessary control over the development and maintenance of the TOE by using the procedures, tools and techniques described by the life-cycle model. 31 The evaluators examined the delivery documentation and determined that it described all of the procedures required to maintain the integrity of MyBOX Firewall v3.1 during distribution to the consumer Development 32 The evaluators analysed the MyBOX Firewall v3.1 functional specification and design documentation; they determined that the design completely and accurately describes the TOE security functionality (TSF) interfaces, the TSF subsystems and how the TSF implements the security functional requirements (SFRs). The evaluators analysed the MyBOX Firewall v3.1 security architectural description and determined that the initialization process was secure and the security functions are protected against tamper and bypass. The evaluators also independently verified that the correspondence mappings between the design documents were correct. Page 8 of 16

21 2.1.3 Guidance documents 33 The evaluators examined the MyBOX Firewall v3.1 preparative user guidance and operational user guidance, and determined that it sufficiently and unambiguously described how to securely transform the TOE into its evaluated configuration, and how to use and administer the product in order to fulfil the security objectives for the operational environment. The evaluators examined and tested the preparative and operational guidance, and determined that they were complete and sufficiently detailed to result in a secure configuration IT Product Testing 34 Testing at EAL3 consists of assessing developer tests, performing independent function test, and performing penetration tests. The MyBOX Firewall v3.1 testing was conducted at CyberSecurity Malaysia MySEF and at the developer s site where it was subjected to a comprehensive suite of formally documented, independent functional and penetration tests. The detailed testing activities, including configurations, procedures, test cases, expected results and actual results are documented in a separate Test Plan Reports Assessment of Developer Tests 35 The evaluators verified that the developer has met their testing responsibilities by examining their test plans, and reviewing their test results, as documented in the Evaluation Technical Report (Ref [7]) (not a public document because it contains information proprietary to the developer and/or the evaluator). 36 The evaluators analysed the developer s test coverage and depth analysis and found them to be complete and accurate. The correspondence between the tests identified in the developer s test documentation and the interfaces in the functional specification, TOE design and security architecture description was complete Independent Functional Testing 37 Independent functional testing is the evaluation conducted by evaluator based on the information gathered by examining design and guidance documentation, examining developer s test documentation, executing a sample of the developer s test plan, and creating test cases that augmented the developer tests. 38 All testing was planned and documented to a sufficient level of detail to allow repeatability of the testing procedures and results. The key testing areas were: Table 3: List of Evaluator Independent Test TEST TITLE DESCRIPTION SECURITY FUNCTION TSFI RESULT Independent Test 1 To test the functionalities and configuration management of the packet filtering process inside the product and, Identification & Authentication Information Flow Control Security Identification & Authentication (OS Shell TSFI, SSH TSFI, FTP TSFI, HTTPS TSFI) PASS Page 9 of 16

22 TEST TITLE DESCRIPTION SECURITY FUNCTION TSFI RESULT inbound and outbound network packet filtering process. Security (Admin TSFI) Independent Test 2 To test the management module that handled all audit logs produced and recorded by MyBOX Firewall. These include local log and remote log, and also the manual configuration of the time stamp. Security Audit Security (Admin TSFI) Audit (Admin TSFI) PASS Independent Test 3 To test the procedures of accessing the MyBOX Firewall via SSH console. Access control path, privileges and network connection establishment were also tested. FTP command line module is used to transfer a file from MyBOX Firewall to FTP server using Console/Terminal platform via SSH. Identification & Authentication Information Flow Control Security Audit Identification & Authentication (OS Shell TSFI, SSH TSFI, FTP TSFI, HTTPS TSFI) Security (Admin TSFI) Audit (Admin TSFI) PASS Independent Test 4 To test the access control of users and administrators. It also covered access path and privileges for each users, group and role accessing the product. Identification & Authentication Security Identification & Authentication (OS Shell TSFI, SSH TSFI, FTP TSFI, HTTPS TSFI) Security (Admin TSFI) PASS Independent Test 5 To verify the test notifications and logs send to SYSLOG Server. Security Audit Security (Admin TSFI) Audit (Admin TSFI) PASS Page 10 of 16

23 Penetration Testing 39 The evaluators performed a penetration testing of the TOE in order to identify potential vulnerabilities in the product and to determine whether these were exploitable in the intended operating environment of the TOE. This vulnerability analysis considered public domain sources and an analysis of guidance documentation, functional specification, design and security architecture documentation. 40 From the vulnerability analysis, the evaluators conducted penetration testing to determine that the TOE is resistant to attacks performed by an attacker possessing Enhanced Basic attack potential. The following factors have been taken into consideration during the penetration tests: a) Time taken to identify and exploit (elapsed time); b) Specialist technical expertise required (specialist expertise); c) Knowledge of the TOE design and operation (knowledge of the TOE); d) Window of opportunity; and e) IT hardware/software or other equipment required for exploitation. 41 The penetration tests focused on: a) Generic vulnerabilities; b) Bypassing; c) Tampering; and d) Direct attacks. 42 The results of the penetration testing note that a number of additional vulnerabilities exist that are dependent on an attacker effort, time, skill/knowledge, and focused tools/exploits use to gather the TOE configuration information. Therefore, it is important to ensure that the TOE is use only in its evaluated configuration and in secure environment Testing Results 43 Tests conducted for the MyBOX Firewall v3.1 produced the expected results and demonstrated that the product behaved as specified in its ST and functional specification. Page 11 of 16

24 3 Results of the Evaluation 44 After due consideration during the oversight of the execution of the evaluation by the certifiers and of the Evaluation Technical Report (Ref [7]), the Malaysian Common Criteria Certification Body certifies the evaluation of MyBOX Firewall v3.1 performed by the CyberSecurity Malaysia MySEF. 45 The CyberSecurity Malaysia MySEF found that MyBOX Firewall v3.1 upholds the claims made in the Security Target (Ref [6]) and supporting documentation, and has met the requirements of the Common Criteria (CC) assurance level EAL3. 46 Certification is not a guarantee that a TOE is completely free of exploitable vulnerabilities. There will remain a small level of risk that exploitable vulnerabilities remain undiscovered in its claimed security functionality. This risk is reduced as the certified level of assurance increases for the TOE. 3.1 Assurance Level Information 47 EAL3 provides assurance by an analysis of the security functions, using a functional and interface specification, guidance documentation, and the high-level design of the TOE to understand the security behaviour. 48 The analysis is supported by independent testing of the TOE security functions, evidence of developer testing based on the functional specification and high-level design, selective independent confirmation of the developer test results, strength of function analysis, and evidence of a developer search for obvious vulnerabilities (e.g. those in the public domain). 49 EAL3 also provides assurance though the use of development environment controls, TOE configuration management, and evidence of secure delivery procedures. 3.2 Recommendation 50 In addition to ensure secure usage of the product, below are additional recommendations for MyBOX Firewall v3.1 consumers: a) Use the product only in its evaluated configuration; b) Several features of the MyBOX Firewall v3.1 were not evaluated. Consumers should consider the risks of using unevaluated features as their use will invalidate this certification. It is recommended that these features be disabled; c) connections to the MyBOX Firewall v3.1should be restricted to only corporately owned systems; d) A separate management network to provide secure management of the MyBOX Firewall v3.1 should be implemented. Any remote management sessions should be over a secure VPN that terminates in the management network; e) The administrators should ensure that the system passwords are only known by the authorised users; f) Ensure strict adherence to the delivery procedures; and Page 12 of 16

25 g) Organisation policy for the MyBOX Firewall v3.1 must ensure that only authorised persons assigned by the organisation have access to the MyBOX Firewall v3.1 physical, functions and data in order to prevent unauthorised physical access and modification. Page 13 of 16

26 Annex A References A.1 References [1] Arrangement on the recognition of Common Criteria Certificates in the field of Information Technology Security, May [2] The Common Criteria for Information Technology Security Evaluation,, Revision 3, July [3] The Common Evaluation Methodology for Information Technology Security Evaluation,, Revision 3, July [4] MyCC Scheme Policy (MyCC_P1), v1a, CyberSecurity Malaysia, December [5] MyCC Scheme Evaluation Facility Manual (MyCC_P3), v1, December [6] MyBOX Firewall Security Target, Version 2.4, 13 August [7] Evaluation Technical Report MyBOX Firewall v3.1, Version 2.3, 21 October A.2 Terminology A.2.1 Acronyms Table 4: List of Acronyms Acronym CB CC Expanded Term Certification Body Common Criteria (ISO/IEC15408) CEM Common Evaluation Methodology (ISO/IEC 18045) CCRA IEC ISO MyCB MyCC MyCPR MySEF PP ST TOE Common Criteria Recognition Arrangement International Electrotechnical Commission International Standards Organisation Malaysian Common Criteria Certification Body Malaysian Common Criteria Evaluation and Certification Scheme MyCC Scheme Certified Products Register Malaysian Security Evaluation Facility Protection Profile Security Target Target of Evaluation Page 14 of 16

27 A.2.2 Glossary of Terms Table 5: Glossary of Terms Term CC International Interpretation Certificate Certification Body Consumer Developer Evaluation Evaluation and Certification Scheme Interpretation Certifier Evaluator Maintenance Certificate Definition and Source An interpretation of the CC or CEM issued by the CCMB that is applicable to all CCRA participants. The official representation from the CB of the certification of a specific version of a product to the Common Criteria. An organisation responsible for carrying out certification and for overseeing the day-today operation of an Evaluation and Certification Scheme. Source CCRA The organisation that uses the certified product within their infrastructure. The organisation that develops the product submitted for CC evaluation and certification. The assessment of an IT product, IT system, or any other valid target as defined by the scheme, proposed by an applicant against the standards covered by the scope defined in its application against the certification criteria specified in the rules of the scheme. Source CCRA and MS-ISO/IEC Guide 65 The systematic organisation of the functions of evaluation and certification under the authority of a certification body in order to ensure that high standards of competence and impartiality are maintained and that consistency is achieved. Source CCRA. Expert technical judgement, when required, regarding the meaning or method of application of any technical aspect of the criteria or the methodology. An interpretation may be either a national interpretation or a CC international interpretation. The certifier responsible for managing a specific certification task. The evaluator responsible for managing the technical aspects of a specific evaluation task. The update of a Common Criteria certificate to reflect a specific version of a product that has been maintained under the MyCC Scheme. Page 15 of 16

28 Term MyCB Personnel National Interpretation Security Evaluation Facility Sponsor Definition and Source Includes all members of the Certification Subcommittee, the Scheme Manager, the Senior Certifier, Certifiers and the Quality Manager. An interpretation of the CC, CEM or MyCC Scheme rules that is applicable within the MyCC Scheme only. An organisation (or business unit of an organisation) that conducts ICT security evaluation of products and systems using the CC and CEM in accordance with Evaluation and Certification Scheme policy. The organisation that submits a product for evaluation and certification under the MyCC Scheme. The sponsor may also be the developer. --- END OF DOCUMENT --- Page 16 of 16