AAR Test Summary. FireEye CM, FX, EX, and NX Series Appliances

Size: px
Start display at page:

Download "AAR Test Summary. FireEye CM, FX, EX, and NX Series Appliances"

Transcription

1 AAR Test Summary FireEye CM, FX, EX, and NX Series Appliances FireEye CM, FX, EX, and NX Series Appliances Series Security Target, version 1.0 Protection Profile for Network Devices (NDPP), version 1.1, dated: 6/8/2012 Security Requirements for Network Devices Errata #3, dated: 1/13/2013 Version 3.0, 8/18/2015 Evaluated by: Office Park Dr. Montgomery Village, MD Prepared for: National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme

2 Contents 1 TOE Overview CM Series Appliances: CM 4400, CM 7400, CM FX Series Appliances: FX 5400, FX EX Series Appliances: EX 3400, EX 5400, EX 8400, EX NX Series Appliances: NX 900, NX 1400, NX 2400, NX 4400, NX 4420, NX 7400, NX 7420, NX 7500, NX 10000, NX9450, NX Security Features Supported non-toe Hardware/ Software/ Firmware Test Identification Testing Subset Test Equivalency Justification Recommendations/Conclusion TSS and Guidance Activities FAU_GEN.1 Guidance FAU_GEN.1 Guidance FAU_GEN FAU_STG_EXT.1.1 TSS FAU_STG_EXT.1.1 Guidance FAU_STG_EXT.1.1 TSS 1 (not audit server) FAU_STG_EXT.1.1 Guidance 1 (not audit server) FCS_CKM.1.1 TSS FCS_CKM_EXT.4.1 TSS FCS_RBG_EXT.1.1 Guidance 1 (SP A DRBG) FDP_RIP.2.1 TSS FIA_PMG_EXT.1.1 Guidance FIA_UIA_EXT.1 TSS FIA_UIA_EXT.1 Guidance FMT_MTD.1 Guidance FMT_MTD.1 TSS FMT_SMF FMT_SMR.2 Guidance

3 FPT_SKP_EXT.1 TSS FPT_APW_EXT.1 TSS FPT_APW_EXT.1 TSS FPT_ITT.1 TSS FPT_ITT.1 TSS FPT_ITT.1 Guidance FPT_STM.1 TSS FPT_STM.1 Guidance FPT_STM.1 Guidance FPT_TUD_EXT.1 TSS FPT_TUD_EXT.1 TSS FPT_TST_EXT.1.1 TSS FPT_TST_EXT.1.1 TSS FPT_TST_EXT.1.1 Guidance FTA_TAB.1 TSS FTP_ITC.1 TSS FTP_ITC.1 TSS FTP_ITC.1 Guidance FTP_TRP.1 TSS FTP_TRP.1 TSS FTP_TRP.1 Guidance FCS_TLS_EXT.1 TSS FCS_TLS_EXT.1 Guidance FCS_SSH_EXT.1.2 TSS FCS_SSH_EXT.1.3 TSS FCS_SSH_EXT.1.4 TSS FCS_SSH_EXT.1.4 Guidance FCS_SSH_EXT.1.6 TSS FCS_SSH_EXT.1.6 Guidance FCS_SSH_EXT.1.7 Guidance FCS_SSH_EXT.1.7 TSS Test Infrastructure... 46

4 7.1 Test Bed # Physical Component Overview TESTBED # Testbed Diagram TESTBED # Testbed Addressing TESTBED # Component Configuration Diagram TESTBED # Test bed # Physical Component Overview TESTBED # Testbed Diagram TESTBED # Testbed Addressing TESTBED # Component Configuration Diagram TESTBED # Audit Testing Summary FAU_GEN.1 Test FAU_STG_EXT.1 Test 1 (not audit server) Cryptographic Support Testing Summary FCS_CKM.1.1 Test FCS_COP.1.1 (1) Test FCS_COP.1.1 (2) Test FCS_COP.1.1 (3) Test FCS_COP.1.1 (4) Test FCS_RBG_EXT.1.1 Test FCS_RBG_EXT.1.1 Test 2 (SP A DRBG) Identification and Authentication Testing Summary FIA_PMG_EXT.1 Test FIA_UIA_EXT.1 Test # FIA_UIA_EXT.1 Test # FIA_UIA_EXT.1 Test # FIA_UAU.7 Test # Protection of the TSF Testing Summary FPT_STM.1 Test # FPT_STM.1 Test # FPT_TUD_EXT.1 Test # FPT_TUD_EXT.1 Test #

5 8.5 TOE Access Testing Summary FTA_SSL_EXT.1 Test # FTA_SSL.3 Test # FTA_SSL.4 Test # FTA_SSL.4 Test # FTA_TAB.1 Test # Trusted Path/Channels Testing Summary FTP_ITC.1 Test # FTP_ITC.1 Test # FTP_TRP.1 Test # FTP_TRP.1 Test # TLS Testing Summary FCS_TLS_EXT.1 Test # FCS_TLS_EXT.1 Test #2a FCS_TLS_EXT.1 Test #2b FCS_TLS_EXT.1 Test #2c FCS_TLS_EXT.1 Test #2d SSH Testing Summary FCS_SSH_EXT.1.2 Test # FCS_SSH_EXT.1.2 Test # FCS_SSH_EXT.1.3 Test # FCS_SSH_EXT.1.4 Test # FCS_SSH_EXT.1.6 Test # FCS_SSH_EXT.1.7 Test # Conclusion... 66

6 1 TOE Overview The TOE consists of several families of appliances working together to form the network protection solution. Collectively, the product families provide , file, and network security with a centralized management platform. Each family performs a specific role in the overall network protection, as described below. 1.1 CM Series Appliances: CM 4400, CM 7400, CM 9400 The FireEye CM series is a group of management platforms that consolidates the administration, reporting, and data sharing of the FireEye NX, EX, and FX series in one easy-to-deploy, network-based platform. Within the FireEye deployment, the FireEye CM enables real-time sharing of the autogenerated threat intelligence to identify and block advanced attacks targeting the organization. It also enables centralized configuration, management, and reporting of FireEye platforms. 1.2 FX Series Appliances: FX 5400, FX 8400 The FireEye FX series is a group of threat prevention platforms that protect content against attacks originating in a wide range of file types. Web mail, online file transfer tools, the cloud, and portable file storage devices can introduce malware that can spread to file shares and content repositories. The FireEye FX platform analyzes network file shares and enterprise content management stores to detect and quarantine malware brought in by employees and others that bypass next-generation firewalls, IPS, AV, and gateways. 1.3 EX Series Appliances: EX 3400, EX 5400, EX 8400, EX 8420 The FireEye EX series secures against advanced attacks. As part of the FireEye Threat Prevention Platform, the FireEye EX uses signature-less technology to analyze every attachment and successfully quarantine spear-phishing s used in advanced targeted attacks. 1.4 NX Series Appliances: NX 900, NX 1400, NX 2400, NX 4400, NX 4420, NX 7400, NX 7420, NX 7500, NX 10000, NX 9450, NX The FireEye Network Threat Prevention Platform identifies and blocks zero-day Web exploits, droppers (binaries), and multi-protocol callbacks to help organizations scale their advanced threat defenses across a range of deployments, from the multi-gigabit headquarters down to remote, branch, and mobile offices. FireEye Network with Intrusion Prevention System (IPS) technology further optimizes spend, substantially reduces false positives, and enables compliance while driving security across known and unknown threats. 1.5 Security Features The TOE is comprised of several security features. Each of the security features identified above consists of several security functionalities, as identified below. Security Audit Cryptography Support User Data Protection Identification & Authentication

7 Security Management Protection of the TSF Trusted Path/Channel TOE Access These features are consistent with the security functionality described in the NDPP. 1.6 Supported non-toe Hardware/ Software/ Firmware The TOE also supports (sometimes optionally) secure connectivity with several other IT environment devices, including, Component Required Usage/Purpose Description for TOE performance Management Workstation with Web Browser/SSH Client Yes This includes any IT Environment Management workstation with a Web Browser and a SSH client installed that is used by the TOE administrator to support TOE administration through HTTPS and SSH protected channels. Any SSH client that supports SSHv2 may be used. Any web browser that supports TLS 1.0 or greater may be used. NTP Server No The TOE supports communications with an NTP server to synchronize date and time. Syslog server No The syslog audit server is used for remote storage of audit records that have been generated by and transmitted from the TOE. LDAP AAA Server No This includes any IT environment LDAP AAA server that provides authentication services to TOE administrators. Table 1 IT Environment

8 2 Test Identification Test Case ID FAU_GEN.1 Test 1 FAU_GEN.1 Guidance 1 FAU_GEN.1 Guidance 2 FAU_STG_EXT.1.1 TSS 1 FAU_STG_EXT.1.1 Guidance 1 FAU_STG_EXT.1 Test 1 (not audit server) FAU_STG_EXT.1.1 TSS 1 (not audit server) FAU_STG_EXT.1.1 Guidance 1 (not audit server) FCS_CKM_EXT.4.1 TSS 1 FCS_COP.1.1 (1) Test 1 FCS_COP.1.1 (2) Test 1 FCS_COP.1.1 (3) Test 1 FCS_COP.1.1 (4) Test 1 FCS_RBG_EXT.1.1 Test 1 FCS_RBG_EXT.1.1 Test 2 (SP A DRBG) FCS_RBG_EXT.1.1 Guidance 1 (SP A DRBG) FDP_RIP.2.1 TSS 1 FIA_PMG_EXT.1.1 Guidance 1 FIA_PMG_EXT.1 Test 1 FIA_UIA_EXT.1 TSS 1 Description of test case This test case demonstrated the TOEs ability to generated audit records based on specific events being triggered. Guidance evaluation activity. Guidance evaluation activity. TSS evaluation activity. Guidance evaluation activity. This test case showed that the connection between the TOE and the remote audit server could be encrypted TSS evaluation activity. Guidance evaluation activity. TSS evaluation activity. This test case verified the correct implementation of the cryptographic algorithm by testing against the NIST Validation System. This test case verified the correct implementation of the cryptographic algorithm by testing against the NIST Validation System. This test case verified the correct implementation of the cryptographic algorithm by testing against the NIST Validation System. This test case verified the correct implementation of the cryptographic algorithm by testing against the NIST Validation System. This test case verified the correct implementation of the cryptographic algorithm by testing against the NIST Validation System. This test case verified the correct implementation of the cryptographic algorithm by testing against the NIST Validation System. Guidance evaluation activity. TSS evaluation activity. Guidance evaluation activity. This test case verified the password capabilities of the TOE by attempting various good and bad password combinations and verifying the TOE handled them correctly. TSS evaluation activity.

9 Test Case ID FIA_UIA_EXT.1 Guidance 1 FIA_UIA_EXT.1 Test #1 FIA_UIA_EXT.1 Test #2 FIA_UIA_EXT.1 Test #3 FIA_UAU.7 Test #1 FMT_MTD.1 Guidance 1 FMT_MTD.1 TSS 1 FMT_SMR.2 Guidance 1 FPT_SKP_EXT.1 TSS 1 FPT_APW_EXT.1 TSS 1 FPT_APW_EXT.1 TSS 2 FPT_ITT.1 TSS 1 FPT_ITT.1 TSS 2 FPT_ITT.1 Guidance 1 FPT_ITT.1 Test 1 FPT_ITT.1 Test 2 FPT_STM.1 TSS 1 FPT_STM.1 Guidance 1 FPT_STM.1 Guidance 2 FPT_STM.1 Test #1 FPT_STM.1 Test #2 FPT_TUD_EXT.1 TSS 1 FPT_TUD_EXT.1 TSS 2 FPT_TUD_EXT.1 Test #1 FPT_TUD_EXT.1 Test #2 FPT_TST_EXT.1.1 TSS 1 Description of test case Guidance evaluation activity. This test case verified that for both remote and local login presenting the correct credentials resulted in access to the TOE and presenting incorrect credentials resulted in denied access. This test cased demonstrated that there is no remote functionality available to the administrator prior the logging into the TOE. This test case demonstrated that there is no local functionality available to the administrator prior the logging into the TOE. This test case demonstrated that during both local and remote logon the tester is not presented any feedback of the password entered. Guidance evaluation activity. TSS evaluation activity. Guidance evaluation activity. TSS evaluation activity. TSS evaluation activity. TSS evaluation activity. TSS evaluation activity. TSS evaluation activity. Guidance evaluation activity. This test case demonstrated secure connectivity between TOE components. This test case demonstrated secure connectivity between TOE components. TSS evaluation activity. Guidance evaluation activity. Guidance evaluation activity. This test demonstrated that the TOE administrator could update the TOE time. This test case demonstrated that the TOE could be configured to use a remote Time server. TSS evaluation activity. TSS evaluation activity. This test case demonstrated that the TOE could be updated when presented with a valid upgrade image. This test case demonstrated that the TOE could detect and reject invalid software updates. TSS evaluation activity.

10 Test Case ID FPT_TST_EXT.1.1 TSS 2 FPT_TST_EXT.1.1 Guidance 1 FTA_SSL_EXT.1 Test #1 FTA_SSL.3 Test #1 FTA_SSL.4 Test #1 FTA_SSL.4 Test #2 FTA_TAB.1 TSS 1 FTA_TAB.1 Test #1 FTP_ITC.1 TSS 1 FTP_ITC.1 TSS 2 FTP_ITC.1 Guidance 1 FTP_ITC.1 Test #1 FTP_ITC.1 Test #2 FTP_TRP.1 TSS 1 FTP_TRP.1 TSS 2 FTP_TRP.1 Guidance 1 FTP_TRP.1 Test #1 FTP_TRP.1 Test #2 FCS_TLS_EXT.1.1 TSS 1 FCS_TLS_EXT.1.1 Guidance 1 FCS_TLS_EXT.1.1 Test #1 FCS_TLS_EXT.1.1 Test #2 FCS_SSH_EXT.1.2 TSS 1 Description of test case TSS evaluation activity. Guidance evaluation activity. This test case demonstrated that the when a local administrative session timeout is set the TOE administrator is logged off after that time period has been crossed. This test case demonstrated that the when a remote administrative session timeout is set the TOE administrator is logged off after that time period has been crossed. This test case demonstrated that the local TOE administrator could log off of the TOE. This test case demonstrated that the remote TOE administrator could log off of the TOE. TSS evaluation activity. This test case demonstrated that the TOE supports a configurable banner for both local CLI and remote CLI administration. TSS evaluation activity. TSS evaluation activity. Guidance evaluation activity. This test case showed that the TOE could perform secure communications with remote syslog servers, time servers, and AAA servers over IPsec. This test case demonstrated that when the TOE connection is physically disconnected from the remote IT entity and reconnected the communication do not resume in plaintext. TSS evaluation activity. TSS evaluation activity. Guidance evaluation activity. This test case demonstrated that remote administration of the TOE takes place over encrypted communications (an SSH connection). This test case demonstrated that the TOE denies insecure remote administration attempts (telnet/http). TSS evaluation activity. Guidance evaluation activity. This test case demonstrated the TOEs ability to use secure ciphersuites. This test case demonstrated the TOEs correct implementation of the TLS stack. TSS evaluation activity.

11 Test Case ID FCS_SSH_EXT.1.2 Test #1 FCS_SSH_EXT.1.2 Test #2 FCS_SSH_EXT.1.3 TSS 1 FCS_SSH_EXT.1.3 Test #1 FCS_SSH_EXT.1.4 TSS 1 FCS_SSH_EXT.1.4 Guidance 1 FCS_SSH_EXT.1.4 Test #1 FCS_SSH_EXT.1.6 TSS 1 FCS_SSH_EXT.1.6 Guidance 1 FCS_SSH_EXT.1.6 Test #1 FCS_SSH_EXT.1.7 Guidance 1 FCS_SSH_EXT.1.7 TSS 1 FCS_SSH_EXT.1.7 Test #1 Table 2 Testing Summary Description of test case This test case demonstrated the TOEs ability to use asymmetric authentication for SSH session authentication. This test case demonstrated the TOEs ability to use password authentication for SSH session authentication. TSS evaluation activity. This test case demonstrated the TOEs ability to reject SSH packets larger than the allowed packet size. TSS evaluation activity. Guidance evaluation activity. This test case demonstrated the TOEs ability to use secure encryption algorithms for SSH sessions. TSS evaluation activity. Guidance evaluation activity. This test demonstrated the TOEs ability to use secure MACing algorithms for session integrity. Guidance evaluation activity. TSS evaluation activity. This test case demonstrated the TOEs ability to use Diffie- Hellman Group 14 for SSH sessions. This test case also demonstrated the TOEs ability to reject Diffie-Hellman Group 1 during SSH session establishment.

12 3 Testing Subset The following table identifies the chosen subset of TOE hardware models to be tested TOE Model CM 4400 CM 7400 CM 9400 FX 5400 FX 8400 EX 3400 EX 5400 EX 8400 EX 8420 NX 900 NX 1400 NX 2400 NX 4400 NX 4420 NX 7400 NX 7420 NX 7500 NX NX 9450 NX Table 3 Testing Subset CM Series Appliances No Yes No FX Series Appliances Yes No EX Series Appliances No Yes No No NX Series Appliances No No Yes No No Yes No Yes No No No Chosen for Testing

13 4 Test Equivalency Justification The following equivalency analysis provides a per category analysis of key areas of differentiation for each hardware model to determine the minimum subset to be used in testing. The areas examined will use the areas and analysis description provided in the supporting documentation for the NDPP. Platform/Hardware Differences The TOE boundary is inclusive of all hardware required by the TOE. The hardware platforms do not provide any of the TSF functionality. The hardware within the TOE only differs by configuration and performance. There are no hardware specific dependencies of the product. There isn t hardware specific functionality between appliance types. The base hardware may be configured as multiple types of appliances. Result: There are no hardware dependencies. All CM Appliances are equivalent. All EX Appliances are equivalent. All FX Appliances are equivalent. NX Appliances: See processor analysis below for hardware related recommendations.

14 Processor Differences Across appliance platforms, there are several processors included, as follows, Appliance Processor Processor Family CM Series Appliances CM 4400 AMD Opteron 6328 CM 7400 CM 9400 AMD Opteron 6380 FX Series Appliances FX 5400 AMD Opteron 6328 FX 8400 AMD Opteron 6380 Both of these processors are part of the AMD Opteron 6300 Series Processor line of chips. Both of these processors are part of the AMD Opteron 6300 Series Processor line of chips. Instruction Set Both processors support the following instruction sets, MMX, SSE, SSE2, SSE3, SSSE3, SSE4, AES, AVX, BMI1, F16C, FMA3, FMA4, TBM, XOP. Both processors support the following instruction sets, MMX, SSE, SSE2, SSE3, SSSE3, SSE4, AES, AVX, BMI1, F16C, FMA3, FMA4, TBM, XOP. Cores Base Speed 8 cores 2500 MHz 16 cores 3200 MHz 8 cores 2500 MHz 16 cores 3200 MHz Bits 64 bit 64 bit 64 bit 64 bit Floating Point Units Both processors support 256-bit FPU. Both processors support 256-bit FPU. Bus Speed Both processors support 6400 MT/s. Both processors support 6400 MT/s.

15 Appliance Processor Processor Family EX Series Appliances EX 3400 AMD Opteron Both of these EX processors are part of the AMD Opteron 6300 Series Processor line of chips. EX 8400 EX 8420 AMD Opteron 6380 NX Series Appliances NX 900 AMD Opteron 3365 NX 1400 NX 2400 AMD Opteron 4334 AMD Opteron 3300 Series Processor line of chips. AMD Opteron 4300 Series Processor line of chips Instruction Set Both processors support the following instruction sets, MMX, SSE, SSE2, SSE3, SSSE3, SSE4, AES, AVX, BMI1, F16C, FMA3, FMA4, TBM, XOP. MMX, SSE, SSE2, SSE3, SSSE3, SSE4, AES, AVX, BMI1, F16C, FMA3, FMA4, TBM, XOP MMX, SSE, SSE2, SSE3, SSSE3, SSE4, AES, AVX, BMI1, F16C, FMA3, FMA4, TBM, XOP Cores Base Speed 8 cores 2500 MHz 16 cores 3200 MHz 8 cores 2300 MHz 6 cores 3100 MHz Bits 64 bit 64 bit 64 bit 64 bit Floating Point Units Both processors support 256-bit FPU. N/A N/A Bus Speed Both processors support 6400 MT/s MT/s 6400 MT/s

16 Appliance Processor Processor Family NX 4400 AMD Opteron Both of these 6328 processors are part of the NX 4420 AMD Opteron 6300 Series Processor line of chips. NX 7400 AMD Opteron NX NX 9450 NX NX NX 7500 Intel Xeon E v2 Ivy Bridge Intel Xeon (Ivy Bridge) family. Instruction Set Both processors support the following instruction sets, MMX, SSE, SSE2, SSE3, SSSE3, SSE4, AES, AVX, BMI1, F16C, FMA3, FMA4, TBM, XOP. MMX, AES-NI, CLMUL, FMA3 x86-64, Intel 64, SSE, SSE2, SSE3, SSSE3, SSE4, SSE4.1, SSE4.2, AVX, AVX2, TXT, TSX, VT-x, VTd. Cores Base Speed 8 cores 2500 MHz 16 cores 3200 MHz Bits 64 bit 64 bit 12 cores 2.8 GHz 64 bit Floating Point Units Both processors support 256-bit FPU. 256-bit FPU. Bus Speed Both processors support 6400 MT/s GB/s Table 4 Processor Differences

17 The table above identifies all of the CPUs included in the products, generally speaking two closely related CPUs are used in the platforms. There are several exceptions to this in the NX series appliances. The following table provides an analysis and recommendations on an appliance series basis. Appliance Analysis Recommendation CM Series Appliances CM 4400 Each of these platforms use one of two very closely related CPUs Because of the processors are nearly identical. CM 7400 CM 9400 for processing. Both CPUs are part of the same processor family and support the same instruction sets. These CPUs only differ in performance related metrics (specifically cores and speed). All other aspects of the chips are identical. One example of the CM series of appliances will sufficiently demonstrate the functionality of the devices. FX Series Appliances FX 5400 FX 8400 EX Series Appliances EX 3400 EX 5400 EX 8400 EX 8420 NX Series Appliances NX 900 NX 1400 NX 2400 NX 4400 NX 4420 NX 7400 NX 7420 NX 9450 NX Each of these platforms use one of two very closely related CPUs for processing. Both CPUs are part of the same processor family and support the same instruction sets. These CPUs only differ in performance related metrics (specifically cores and speed). All other aspects of the chips are identical. Each of these platforms use one of two very closely related CPUs for processing. Both CPUs are part of the same processor family and support the same instruction sets. These CPUs only differ in performance related metrics (specifically cores and speed). All other aspects of the chips are identical. This family of appliances supports several different types of CPUs. Several of the appliances include the same AMD Opteron 6300 CPUs as the CM, EX, and FX appliance. The analyses associated with those platforms apply to these platforms. Several of the appliances also support the AMD Opteron 4300 CPUs (NX 1400 and 2400) and 3300 CPUs (NX 900). These processors are also very similar to the AMD Operon processors with the exception that there is no FPU support. Amongst these processors, there are several non-security relevant differences Because of the processors are nearly identical. One example of the FX series of appliances will sufficiently demonstrate the functionality of the devices. Because of the processors are nearly identical. One example of the EX series of appliances will sufficiently demonstrate the functionality of the devices. Because of the similarity in processors, one example of a platform with an AMD Opteron 3300/4300, one example with an AMD Opteron 6300, and one example with an Intel Ivy Bridge should be acceptable. One possible subset would include, 1. NX NX NX7500

18 Appliance Analysis Recommendation NX including, cores, base speed, and BUS speed. Finally, two of the NX 7500 appliances include Intel Ivy Bridge processors. These processors again are very closely related. They both are the same architecture, support the same instruction sets, and FPUs. They include several non-security relevant differences, including, cores, base speed, and BUS speed. Table 5 Processor Analysis Result: See analysis table above for recommendation

19 Software/OS Dependencies The underlying OS is installed with the application level software on each of the appliances. The underlying OS for all models within the TOE is CentOS 6.5 (Linux Kernel ). There are no specific dependencies on the OS since the TOE will not be installed on different OSs. Additionally, the underlying OS that is installed as part of the product software is identical between not only platforms in a given appliance series but also across all platforms. Result: There are no OS dependencies. All CM Appliances are equivalent. All EX Appliances are equivalent. All FX Appliances are equivalent. All NX Appliances are equivalent. Differences in TOE Software Binaries All platforms run software version 7.6. Additionally, all of each of the platforms within a given appliance series run the exact same binary, as follows, Appliance Binary CM Series Appliances CM 4400 image-cms.img CM 7400 image-cms.img CM 9400 image-cms.img FX Series Appliances FX 5400 image-fms.img FX 8400 image-fms.img EX Series Appliances EX 3400 image-emps.img EX 5400 image-emps.img EX 8400 image-emps.img EX 8420 image-emps.img NX Series Appliances NX 900 image-wmps.img NX 1400 image-wmps.img NX 2400 image-wmps.img NX 4400 image-wmps.img NX 4420 image-wmps.img NX 7400 image-wmps.img NX 7420 image-wmps.img NX 7500 image-wmps.img NX9450 image-wmps.img NX image-wmps.img NX image-wmps.img

20 Table 6 TOE Software Binaries There are NO differences in the software being run (per appliance series). Result: There is no model specific software. All CM Appliances are equivalent. All EX Appliances are equivalent. All FX Appliances are equivalent. All NX Appliances are equivalent. Differences in Libraries Used to Provide TOE Functionality All software binaries compiled in the TOE software are identical including the version of the library regardless of the platform for which the software is compiled. There are no differences between the included libraries. Result: There are no differences in the included libraries. All CM Appliances are equivalent. All EX Appliances are equivalent. All FX Appliances are equivalent. All NX Appliances are equivalent. TOE Management Interface Differences There are several management interfaces for each of the appliances within the TOE including, Appliance Family Local CLI Remote CLI (via SSH) Remote GUI (device specific) Remote GUI (through CM) CM Series Yes Yes Yes N/A EX Series Yes Yes Yes Yes FX Series Yes Yes Yes Yes NX Series Yes Yes Yes Yes Table 7 TOE Management Interfaces The table above illustrates that each appliance can be managed either locally (via CLI) or remotely (via CLI or GUI). There is no difference in the way the administrative user interacts with each of the devices on a per appliance series basis. For example, the user interacts and is presented with the same management interface whether she is interacting with a CM4400 or a CM9400. The management interface is identical for each appliance in a given series. Result: There are no differences in the user interface amongst platforms. All CM Appliances are equivalent. All EX Appliances are equivalent.

21 All FX Appliances are equivalent. All NX Appliances are equivalent. TOE Functional Differences Each hardware model within the TOE boundary provides identical functionality. There is no difference in the way the user interacts with each of the devices or the services that are available for each of these devices on a per appliance series basis. For example, the user interaction with a CM4400 is identical to that of a CM9400. Each device within an appliance series runs the same version of software. Result: There are no security functional differences between platforms in a series. All CM Appliances are equivalent. All EX Appliances are equivalent. All FX Appliances are equivalent. All NX Appliances are equivalent.

22 5 Recommendations/Conclusion Based on the analysis above, the following will sufficiently test the TOE, Appliance Family CM Series EX Series FX Series NX Series Table 8 Required Subset Required for Testing One appliance example One appliance example One appliance example One of the following appliances: NX900, NX1400, NX2400 One of the following appliances: NX4400, NX4420, NX7400, NX7420, NX10000, NX9450, NX10450 One of the following appliances: NX7500

23 6 TSS and Guidance Activities FAU_GEN.1 Guidance 1 The evaluator shall check the administrative guide and ensure that it lists all of the auditable events and provides a format for audit records. Each audit record format type must be covered, along with a brief description of each field. The evaluator shall check to make sure that every audit event type mandated by the PP is described and that the description of the fields contains the information required in FAU_GEN1.2, and the additional information specified in Table Evaluator Findings The evaluator checked the administrative guide to ensure that it lists all of the auditable events and provides a format for audit records. Section "Audit Messages," page 17, of AGD were used to determine the verdict of this work unit. Upon investigation, the evaluator found that AGD explicitly lists each of the auditable events and the fields associated with each audit record. Based on these findings, this assurance activity is considered satisfied Verdict FAU_GEN.1 Guidance 2 The evaluator shall also make a determination of the administrative actions that are relevant in the context of this PP. The evaluator shall examine the administrative guide and make a determination of which administrative commands, including subcommands, scripts, and configuration files, are related to the configuration (including enabling or disabling) of the mechanisms implemented in the TOE that are necessary to enforce the requirements specified in the PP. The evaluator shall document the methodology or approach taken while determining which actions in the administrative guide are security relevant with respect to this PP. The evaluator may perform this activity as part of the activities associated with ensuring the AGD_OPE guidance satisfies the requirements Evaluator Findings The evaluator made a determination of the administrative actions that are relevant in the context of this PP. The AGD document and all of the configuration guides listed in the section 9 of this document were used as part of this evaluation. The evaluator performed the following actions to identify the set of security relevant CLI commands and GUI options required by the evaluated configuration, The evaluator first began stepping through the AGD document. In addition to providing configuration specific guidance for configuring the TOE in the evaluated configuration, the document acts as a mapping document to other general guidance documents for the TOE. As part of this review, the evaluator successfully compared the AGD document to the ST to verify that each of the claimed security functionalities are discussed. Next, the evaluator reviewed each section of the other configuration documents referenced by the AGD.

24 Based on this analysis, the evaluator found the following actions as security relevant, Configuring users: [AGD] Page 26 Adding an Admin User and Setting the word; Enabling/disabling compliance mode: [AGD] Page 18 Entering Compliance, Page 19 Exiting Compliance; Configuring audit: [AGD] Page 20 Starting Audit Log Services, Page 20 Stopping Audit Log Services; Configuring TLS connections: [AGD] Page 27 Enabling TLS for HTTP Connections and Setting the Cipher List; Configuring SSH connections: [AGD] Page 27 Enabling ssh and Setting the Cipher List; Configuring authentication data: [AGD] Page 26 Adding an Admin User and Setting the word and Setting an Authentication Method; Configuring time/ntp: [AGD] Page 20 Setting the Clock; Performing updates: [AGD] Page 28 Installing an Updated System Image; Configuring the administrative inactivity period: [AGD] Page 28 Configuring the Administrative Inactivity Period; Configuring remote login banner: [AGD] Page 28 Configuring the Remote Login Banner Verdict FAU_GEN.2 None The evaluation of this SFR is tested in conjunction with the testing of FAU_GEN FAU_STG_EXT.1.1 TSS 1 The evaluator shall examine the TSS to ensure it describes the amount of audit data that are stored locally; what happens when the local audit data store is full; and how these records are protected against unauthorized access Evaluator Findings The evaluator examined the TSS to ensure it describes the amount of audit data that are stored locally; what happens when the local audit data store is full; and how these records are protected against unauthorized access. Table 14 of Section 5 of the ST was used to determine the verdict of this working unit. Upon investigation, the evaluator found that, 1. The local logging buffer size can be configured from a range of 4096 (default) up to bytes. 2. The log buffer is circular, so newer messages overwrite older messages after the buffer is full. 3. The TOE protects communications with an external syslog server via TLS. Only Authorized Administrators are able to clear the local logs, and local audit records are stored in a directory that does not allow administrators to modify the contents. Based on these findings, this Assurance Activity is considered satisfied.

25 Verdict FAU_STG_EXT.1.1 Guidance 1 The evaluator shall also examine the operational guidance to determine that it describes the relationship between the local audit data and the audit data that are sent to the audit log server (for TOEs that are not acting as an audit log server). For example, when an audit event is generated, is it simultaneously sent to the external server and the local store, or is the local store used as a buffer and cleared periodically by sending the data to the audit server Evaluator Findings The evaluator examined the operational guidance and determined that it describes the relationship between the local audit data and the audit data that are sent to the audit log server (for TOEs that are not acting as an audit log server). The AGD was used to determine the verdict of this work unit. Upon investigation, the evaluator found that section, Audit Message, page 18, contains a description of the relationship between remote audit records and local audit records. Specifically, audit records are "stored locally and sent remotely at the same time. Based on these findings, this work unit is considered satisfied Verdict FAU_STG_EXT.1.1 TSS 1 (not audit server) The evaluator shall examine the TSS to ensure it describes the means by which the audit data are transferred to the external audit server, and how the trusted channel is provided Evaluator Findings The evaluator examined the TSS to ensure it describes the means by which the audit data are transferred to the external audit server, and how the trusted channel is provided. Table 14 of Section 5 was used to determine the verdict of this work unit. Upon investigation, the evaluator found that the TOE protects communication with the syslog server via a TLS encrypted channel. The TOE transmits its audit events to all configured syslog servers at the same time logs are written to the local log buffer and to the console. The TOE is capable of detecting when the TLS connection fails. If the TLS connection fails, the TOE will buffer the audit records on the TOE when it discovers it can no longer communicate with its configured syslog server, and will transmit the buffer contents when connectivity to the syslog server is restored. Based on these findings, this Assurance Activity is considered satisfied Verdict

26 6.1.7 FAU_STG_EXT.1.1 Guidance 1 (not audit server) The evaluator shall also examine the operational guidance to ensure it describes how to establish the trusted channel to the audit server, as well as describe any requirements on the audit server (particular audit server protocol, version of the protocol required, etc.), as well as configuration of the TOE needed to communicate with the audit server Evaluator Findings The evaluator examined the operational guidance to ensure it describes how to establish the trusted channel to the audit server, as well as describe any requirements on the audit server (particular audit server protocol, version of the protocol required, etc.), as well as configuration of the TOE needed to communicate with the audit server. The AGD document was used to as part of this evaluation. Upon investigation, the evaluator found that section "Using an Audit Server," page 16, of the AGD document provides a description of the requirements for remote logging. In particular, connections between the TOE and the remote syslog server must be protected using TLS. The section also provides a description of the required configuration options for the syslog server. Based on these findings, this assurance activity is considered satisfied Verdict FCS_CKM.1.1 TSS 1 The evaluator shall ensure that the TSS contains a description of how the TSF complies with A and/or B, depending on the selections made. This description shall indicate the sections in A and/or B that are implemented by the TSF, and the evaluator shall ensure that key establishment is among those sections that the TSF claims to implement. Any TOE-specific extensions, processing that is not included in the documents, or alternative implementations allowed by the documents that may impact the security requirements the TOE is to enforce shall be described Evaluator Findings The evaluator reviewed table 14 of Section 5 of the ST and found that the TSS explicitly indicates that the TOE implements several key establishment schemes, including, FFC Diffie-Hellman as specified in NIST SP A, ECDH Diffie-Hellman as specified in NIST SP A, RSA Key Transport as specified in SP NIST B. The TSS indicates that the TOE is fully compliant to SP A and SP B and that the TOE does not implement any TOE-specific extensions. Based on these findings, this assurance activity is considered satisfied Verdict

27 6.1.9 FCS_CKM_EXT.4.1 TSS 1 The evaluator shall check to ensure the TSS describes each of the secret keys (keys used for symmetric encryption), private keys, and CSPs used to generate key; when they are zeroized (for example, immediately after use, on system shutdown, etc.); and the type of zeroization procedure that is performed (overwrite with zeros, overwrite three times with random pattern, etc.). If different types of memory are used to store the materials to be protected, the evaluator shall check to ensure that the TSS describes the zeroization procedure in terms of the memory in which the data are stored (for example, "secret keys stored on flash are zeroized by overwriting once with zeros, while secret keys stored on the internal hard drive are zeroized by overwriting three times with a random pattern that is changed before each write") Evaluator Findings The evaluator examined table 14 of Section 5 in the ST and found the following. Keys Diffie Hellman private key Diffie Hellman public key SSH Private Key SSH Public Key SSH Session Key SSH Integrity Key TLS Private Key TLS Public Key TLS Session Encryption Key TLS Session Integrity Key Table 9 Zeroization Zeroization Description Keys are overwritten with zeros at power cycle. Keys are overwritten with zeros at power cycle. Key is overwritten by zeros when the compliance declassify zeroize command is issued. Key is overwritten by zeros when the compliance declassify zeroize command is issued. Keys are overwritten with zeros at power cycle. Keys are overwritten with zeros at power cycle. Key is overwritten by zeros when the compliance declassify zeroize command is issued. Keys are overwritten with zeros at power cycle. Keys are overwritten with zeros at power cycle. Keys are overwritten with zeros at power cycle. Each secret key and CSP is described along with zeroization characteristics. Based on these findings, this Assurance Activity is considered satisfied Verdict FCS_RBG_EXT.1.1 Guidance 1 (SP A DRBG) The evaluator shall also confirm that the operational guidance contains appropriate instructions for configuring the RBG functionality Evaluator Findings The evaluator confirmed that the operational guidance contains appropriate instructions for configuring the RBG functionality. AGD document was used to determine the verdict of this working. Upon investigation, the evaluator found that section "Enabling the Trusted Platform Module," page 11, provides a description of how to enable the TPM module within the product which is required to appropriately seed the implemented DRBG.

28 Based on these findings, this assurance activity is considered satisfied Verdict FDP_RIP.2.1 TSS 1 The evaluator shall check to ensure that the TSS describes packet processing to the extent that they can determine that no data will be reused when processing network packets. The evaluator shall ensure that this description at a minimum describes how the previous data are zeroized/overwritten, and at what point in the buffer processing this occurs Evaluator Findings The evaluator checked to ensure that the TSS describes packet processing to the extent that they can determine that no data will be reused when processing network packets. Table 14 of Section 5 of the ST was used in this analysis. Upon investigation, the evaluator found that packets that are not the required length use zeros for padding. Residual data is never transmitted from the TOE. Once packet handling is completed its content is overwritten before memory buffer, which previously contained the packet, is reused. Based on these findings, this Assurance Activity is considered satisfied Verdict FIA_PMG_EXT.1.1 Guidance 1 The evaluator shall examine the operational guidance to determine that it provides guidance to security administrators on the composition of strong passwords, and that it provides instructions on setting the minimum password length Evaluator Findings The evaluator examined the operational guidance to determine that it provides guidance to security administrators on the composition of strong passwords, and that it provides instructions on setting the minimum password length. AGD was used as part of this evaluation. Upon investigation, the evaluator found that section, "Strong words," page 1, of AGD provides guidance for the minimum password requirements the TOE in the evaluated configuration. Based on these findings, this assurance activity is considered satisfied Verdict FIA_UIA_EXT.1 TSS 1 The evaluator shall examine the TSS to determine that it describes the logon process for each logon method (local, remote (HTTPS, SSH, etc.)) supported for the product. This description shall contain information pertaining to the credentials allowed/used, any protocol transactions that take place, and what constitutes a successful logon.

29 Evaluator Findings The evaluator examined the TSS to determine that it describes the logon process for each logon method (local, remote (HTTPS, SSH, etc.)) supported for the product. Table 14 of Section 5 of the ST was used to determine the verdict of this analysis. The TOE mediates all administrative actions through one of two interfaces, the CLI or GUI. Once a potential administrative user attempts to access the CLI or GUI of the TOE through either a directly connected console or remotely through an HTTPS/SSHv2 connection, the TOE prompts the user for a user name and password. The TOE provides a local password based authentication mechanism as well as TLS protected LDAP authentication, if configured. At initial login, the administrative user is prompted to provide a username. After the user provides the username, the user is prompted to provide the administrative password associated with the user account. The TOE then either grants administrative access (if the combination of username and password is correct) or indicates that the login was unsuccessful. Based on these findings, this Assurance Activity is considered satisfied Verdict FIA_UIA_EXT.1 Guidance 1 The evaluator shall examine the operational guidance to determine that any necessary preparatory steps (e.g., establishing credential material such as pre- shared keys, tunnels, certificates, etc.) to logging in are described. For each supported the login method, the evaluator shall ensure the operational guidance provides clear instructions for successfully logging on. If configuration is necessary to ensure the services provided before login are limited, the evaluator shall determine that the operational guidance provides sufficient instruction on limiting the allowed services Evaluator Findings The evaluator examined the operational guidance to determine that any necessary preparatory steps (e.g., establishing credential material such as pre- shared keys, tunnels, certificates, etc.) to logging in are described. The AGD, CMSAG, FXSAG, NXSAG, and EXSAG documents were used with the evaluation activity. Upon investigation, the evaluator found that two methods of administration are available to the user, Command Line Interface (CLI) Graphical User Interface (GUI) The evaluator found that users are able to authenticate to the TOE at both the CLI and GUI and that the configuration steps for each interface are provided. The evaluator found that the following sections provide preparatory instructions for configuring users and credentials, CMSAG section "Managing Users using the WebUI," page 242 CMSAG section "Managing Users using the CLI," page 243 CMSAG section "Configuring word Validation Policies," page 247

30 FXAG section "Managing Users using the WebUI," page 109 FXAG section "Managing Users using the CLI," page 109 FXAG section "Configuring word Rules," page 114 NXAG section "Managing Users using the WebUI," page 140 NXAG section "Managing Users using the CLI," page 142 NXAG section "Configuring word Validation Policies," page 150 EXAG section "Managing Users Accounts" page 60 Based on these findings, this assurance activity is considered satisfied Verdict FMT_MTD.1 Guidance 1 The evaluator shall review the operational guidance to determine that each of the TSF-datamanipulating functions implemented in response to the requirements of this PP is identified, and that configuration information is provided to ensure that only administrators have access to the functions Evaluator Findings The evaluator reviewed the operational guidance to determine that each of the TSF-datamanipulating functions implemented in response to the requirements of this PP is identified, and that configuration information is provided to ensure that only administrators have access to the functions. The AGD document was used as part of this evaluation activity. Upon investigation, the evaluator found that the AGD document addresses the configuration of the following items in response to the requirements of the NDPP, Section Remote Access Administrative Access Section Strong words I&A Configuration Section LDAP Server Configuration I&A Configuration Section Date and Time Settings Time Functionality Section Configuring a Secure Syslog Server and Client Secure Logging Section Using an Audit Server Secure Logging Section Audit Messages Secure Logging Section Cryptographic POST - Cryptographic Support Section Supported Ciphersuites - Cryptographic Support These items combined covers all of the functionality described in the NDPP. Based on these findings, this work unit is considered satisfied Verdict FMT_MTD.1 TSS 1 The evaluator shall examine the TSS to determine that, for each administrative function identified in the operational guidance; those that are accessible through an interface prior to

31 administrator log-in are identified. For each of these functions, the evaluator shall also confirm that the TSS details how the ability to manipulate the TSF data through these interfaces is disallowed for non-administrative users Evaluator Findings The evaluator examined the TSS to determine that, for each administrative function identified in the operational guidance; those that are accessible through an interface prior to administrator log-in are identified. For each of these functions, the evaluator also confirmed that the TSS details how the ability to manipulate the TSF data through these interfaces is disallowed for non-administrative users. The evaluator examined Table 14 of Section 5 as part of this analysis. Upon investigation, the evaluator found that there are no administrative functions prior to authentication. Based on these findings, this Assurance Activity is considered satisfied Verdict FMT_SMF.1 None - The security management functions for FMT_SMF.1 are distributed throughout the PP and are included as part of the requirements in FMT_MTD, FPT_TST_EXT, and any cryptographic management functions specified in the reference standards. Compliance to these requirements satisfies compliance with FMT_SMF FMT_SMR.2 Guidance 1 The evaluator shall review the operational guidance to ensure that it contains instructions for administering the TOE both locally and remotely, including any configuration that needs to be performed on the client for remote administration Evaluator Findings The evaluator reviewed the operational guidance to ensure that it contains instructions for administering the TOE both locally and remotely, including any configuration that needs to be performed on the client for remote administration. The AGD, CMSAG, FXSAG, NXSAG, EXSAG, FXTMG, NXTMG, and EXTMG documents were used with the evaluation activity. The evaluator found that instructions for configuring the TOE locally is described in the CMSAG, FXSAG, NXSAG, and EXSAG documents, in the following sections, [CMAG] Section titled: Initial CM Series Platform Configuration [EXAG] Section titled: Using the Serial Console [FXAG] Section titled: Configuring Initial Settings Using the Serial Console Port [NXAG] Section titled: Configuring Initial Settings Using the Serial Console Port The evaluator found that instructions for configuring the TOE remotely is described in the FXTMG, NXTMG, and EXTMG, in the following sections, [FXTMG] Section titled: Configuring the Appliance Using the Web UI (for administration over HTTPS), Configuring the Appliance Using the CLI (for administration over SSH)

Common Criteria NDPP SIP Server EP Assurance Activity Report

Common Criteria NDPP SIP Server EP Assurance Activity Report Common Criteria NDPP SIP Server EP Assurance Activity Report Pascal Patin ISSUED BY Acumen Security, LLC. 1 Revision History: Version Date Changes Initial Release 7/20/2015 Initial Release Version 1.0

More information

Assurance Activities Report for a Target of Evaluation. Security Target (Version 0.9)

Assurance Activities Report for a Target of Evaluation. Security Target (Version 0.9) Assurance Activities Report for a Target of Evaluation Cisco Integrated Services Router (ISR) 800 Series Security Target (Version 0.9) Assurance Activities Report (AAR) Version 1.0 10/31/2014 Evaluated

More information

Protection Profile for Network Devices

Protection Profile for Network Devices Protection Profile for Network Devices Information Assurance Directorate 08 June 2012 Version 1.1 Table of Contents 1 INTRODUCTION... 1 1.1 Compliant Targets of Evaluation... 1 2 SECURITY PROBLEM DESCRIPTION...

More information

collaborative Protection Profile for Network Devices

collaborative Protection Profile for Network Devices collaborative Protection Profile for Network Devices Version 0.1 05-Sep-2014 Acknowledgements This collaborative Protection Profile (cpp) was developed by the Network international Technical Community

More information

Security Requirements for Network Devices

Security Requirements for Network Devices Security Requirements for Network Devices Information Assurance Directorate 10 December 2010 Version 1.0 Table of Contents 1 INTRODUCTION... 1 1.1 Compliant Targets of Evaluation... 1 2 SECURITY PROBLEM

More information

Dell Networking Switches Security Target. Version 1.0 January 22, 2015

Dell Networking Switches Security Target. Version 1.0 January 22, 2015 Version 1.0 January 22, 2015 Revision History Date Version Author Description 06/16/2014 0.1 Cygnacom Solutions First Draft 08/01/2014 0.2 Cygnacom Solutions Vendor review & OS v9.6 updates 08/31/2014

More information

Cisco Email Security Appliance. Security Target. Version 1.0. October 2014

Cisco Email Security Appliance. Security Target. Version 1.0. October 2014 Cisco Email Security Appliance Security Target Version 1.0 October 2014 Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA 2014 Cisco Systems, Inc. All rights

More information

Supporting Document Mandatory Technical Document. Evaluation Activities for Network Device cpp. September-2014. Version 0.1

Supporting Document Mandatory Technical Document. Evaluation Activities for Network Device cpp. September-2014. Version 0.1 Supporting Document Mandatory Technical Document Evaluation Activities for Network Device cpp September-2014 Version 0.1 CCDB- Foreword This is a supporting

More information

Network Device Collaborative Protection Profile (NDcPP) Extended Package Session Border Controller. July 24, 2015 Version 1

Network Device Collaborative Protection Profile (NDcPP) Extended Package Session Border Controller. July 24, 2015 Version 1 Network Device Collaborative Protection Profile (NDcPP) Extended Package Session Border Controller July 24, 2015 Version 1 1 Table of Contents 1 Introduction... 4 1.1 Conformance Claims...4 1.2 How to

More information

Certification Report

Certification Report Certification Report HP Network Automation Ultimate Edition 10.10 Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government

More information

3e Technologies International 3e-636 Series Network Security Device. Security Target

3e Technologies International 3e-636 Series Network Security Device. Security Target 3e Technologies International 3e-636 Series Network Security Device Security Target 45040-007-01 Revision J March 12, 2015 Version 1.0 Page 1 2015 3e Technologies International, Inc. All rights reserved.

More information

Protection Profile for Mobile Device Management

Protection Profile for Mobile Device Management 31 December 2014 Version 2.0 REVISION HISTORY Version Date Description 1.0 21 October 2013 Initial Release 1.1 7 February 2014 Typographical changes and clarifications to front-matter 2.0 31 December 2014

More information

HP StoreOnce Backup System Generation 3 Version 3.6.6 Security Target

HP StoreOnce Backup System Generation 3 Version 3.6.6 Security Target HP StoreOnce Backup System Generation 3 Version 3.6.6 Security Target Version 1.0 February 12, 2014 Prepared for: Hewlett-Packard Long Down Avenue Stoke Gifford Bristol BS34 8QZ UK Prepared By: Leidos

More information

Mobile Billing System Security Target

Mobile Billing System Security Target Mobile Billing System Security Target Common Criteria: EAL1 Version 1.2 25 MAY 11 Document management Document identification Document ID Document title Product version IDV_EAL1_ASE IDOTTV Mobile Billing

More information

U.S. Government Protection Profile for Application-level Firewall In Basic Robustness Environments

U.S. Government Protection Profile for Application-level Firewall In Basic Robustness Environments U.S. Government Protection Profile for Application-level Firewall In Basic Robustness Environments Information Assurance Directorate Version 1.1 July 25, 2007 Forward This Protection Profile US Government

More information

FIPS 140-2 Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0

FIPS 140-2 Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0 FIPS 40-2 Non- Proprietary Security Policy McAfee SIEM Cryptographic Module, Version.0 Document Version.4 December 2, 203 Document Version.4 McAfee Page of 6 Prepared For: Prepared By: McAfee, Inc. 282

More information

FIPS 140-2 SECURITY POLICY FOR

FIPS 140-2 SECURITY POLICY FOR FIPS 140-2 SECURITY POLICY FOR SPECTRAGUARD ENTERPRISE SERVER August 31, 2011 FIPS 140-2 LEVEL-1 SECURITY POLICY FOR AIRTIGHT NETWORKS SPECTRAGUARD ENTERPRISE SERVER 1. Introduction This document describes

More information

Extended Package for Mobile Device Management Agents

Extended Package for Mobile Device Management Agents Extended Package for Mobile Device Management Agents 31 December 2014 Version 2.0 REVISION HISTORY Version Date Description 1.0 21 October 2013 Initial Release 1.1 7 February 2014 Typographical changes

More information

Complying with PCI Data Security

Complying with PCI Data Security Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring

More information

Protection Profile for Mobile Device Management

Protection Profile for Mobile Device Management Protection Profile for Mobile Device Management 7 March 2014 Version 1.1 1 Revision History Version Date Description 1.0 21 October 2013 Initial Release 1.1 7 March 2014 Typographical changes and clarifications

More information

Security Target. ST Version 1.1. August 26, 2014

Security Target. ST Version 1.1. August 26, 2014 Security Target Juniper Networks M, T, MX and PTX Routers and EX9200 Switches running Junos OS 13.3R1.8 and Juniper QFX and EX Switches Running Junos OS 13.2X50-D19 and Junos OS 13.2X51-D20 ST Version

More information

Protection Profile for Wireless Local Area Network (WLAN) Access Systems

Protection Profile for Wireless Local Area Network (WLAN) Access Systems Protection Profile for Wireless Local Area Network (WLAN) Access Systems Information Assurance Directorate 01 December 2011 Version 1.0 Table of Contents 1 Introduction to the PP... 1 1.1 PP Overview of

More information

McAfee Web Gateway Version 7.2.0.1 EAL 2 + ALC_FLR.2 Security Target

McAfee Web Gateway Version 7.2.0.1 EAL 2 + ALC_FLR.2 Security Target McAfee Web Gateway Version 7.2.0.1 EAL 2 + ALC_FLR.2 Release Date: 5 October 2012 Version: 1.0 Prepared By: Primasec Ltd. Prepared For: McAfee Inc. 3965 Freedom Circle Santa Clara, CA 95054 Document Introduction

More information

Samsung SDS Co., LTD Samsung SDS CellWe EMM (MDMPP11) Security Target

Samsung SDS Co., LTD Samsung SDS CellWe EMM (MDMPP11) Security Target Samsung SDS Co., LTD Samsung SDS CellWe EMM (MDMPP11) Security Target Version 0.6 2015/05/08 Prepared for: Samsung SDS 123, Olympic-ro 35-gil, Songpa-gu, Seoul, Korea 138-240 Prepared By: www.gossamersec.com

More information

Cisco Unified Communications Manager

Cisco Unified Communications Manager Cisco Unified Communications Manager Security Target Version 1.0 10 August 2015 EDCS - 1502591 Page 1 of 53 Table of Contents 1 SECURITY TARGET INTRODUCTION... 8 1.1 ST and TOE Reference... 8 1.2 TOE Overview...

More information

McAfee Firewall Enterprise 8.2.1

McAfee Firewall Enterprise 8.2.1 Configuration Guide FIPS 140 2 Revision A McAfee Firewall Enterprise 8.2.1 The McAfee Firewall Enterprise FIPS 140 2 Configuration Guide, version 8.2.1, provides instructions for setting up McAfee Firewall

More information

Protection Profile for Server Virtualization

Protection Profile for Server Virtualization Protection Profile for Server Virtualization 29 October 2014 Version 1.0 i 0 Preface 0.1 Objectives of Document This document presents the Common Criteria (CC) Protection Profile (PP) to express the fundamental

More information

For the protocol access paths listed in the following table, the Sentry firmware actively listens on server ports to provide security for the CDU.

For the protocol access paths listed in the following table, the Sentry firmware actively listens on server ports to provide security for the CDU. CDU Security This provides a quick reference for access paths to Server Technology s Cabinet Distribution Unit (CDU) products, shows if the access path is secure, and if so, provides an overview of how

More information

National Information Assurance Partnership

National Information Assurance Partnership National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme Validation Report 3eTI 3e-636 Series Network Security Devices Report Number: CCEVS-VR-VID10580 Dated: March 25,

More information

SSL-TLS VPN 3.0 Certification Report. For: Array Networks, Inc.

SSL-TLS VPN 3.0 Certification Report. For: Array Networks, Inc. SSL-TLS VPN 3.0 Certification Report For: Array Networks, Inc. Prepared by: ICSA Labs 1000 Bent Creek Blvd., Suite 200 Mechanicsburg, PA 17050 USA http://www.icsalabs.com SSL-TLS VPN 3.0 Certification

More information

McAfee Firewall Enterprise 8.3.1

McAfee Firewall Enterprise 8.3.1 Configuration Guide Revision A McAfee Firewall Enterprise 8.3.1 FIPS 140-2 The McAfee Firewall Enterprise FIPS 140-2 Configuration Guide, version 8.3.1, provides instructions for setting up McAfee Firewall

More information

Secure Network Communications FIPS 140 2 Non Proprietary Security Policy

Secure Network Communications FIPS 140 2 Non Proprietary Security Policy Secure Network Communications FIPS 140 2 Non Proprietary Security Policy 21 June 2010 Table of Contents Introduction Module Specification Ports and Interfaces Approved Algorithms Test Environment Roles

More information

SECURITY TARGET FOR FORTIANALYZER V4.0 MR3 CENTRALIZED REPORTING

SECURITY TARGET FOR FORTIANALYZER V4.0 MR3 CENTRALIZED REPORTING SECURITY TARGET FOR FORTIANALYZER V4.0 MR3 CENTRALIZED REPORTING Document No. 1735-005-D0001 Version: 1.0, 3 June 2014 Prepared for: Fortinet, Incorporated 326 Moodie Drive Ottawa, Ontario Canada, K2H

More information

Mapping Between Collaborative Protection Profile for Network Devices, Version 1.0, 27-Feb-2015 and NIST SP 800-53 Revision 4

Mapping Between Collaborative Protection Profile for Network Devices, Version 1.0, 27-Feb-2015 and NIST SP 800-53 Revision 4 Mapping Between Collaborative Protection Profile for Network Devices, Version 1.0, 27-Feb-2015 and NIST SP 800-53 Revision 4 Introduction Several of the NIST SP 800-53/CNSS 1253 controls are either fully

More information

PT Activity: Configure Cisco Routers for Syslog, NTP, and SSH Operations

PT Activity: Configure Cisco Routers for Syslog, NTP, and SSH Operations PT Activity: Configure Cisco Routers for Syslog, NTP, and SSH Operations Instructor Version Topology Diagram Addressing Table Device Interface IP Address Subnet Mask Default Gateway Switch Port R1 FA0/1

More information

Imperva SecureSphere Security Target

Imperva SecureSphere Security Target Imperva SecureSphere Security Target Version 0.4 12 November 2015 Prepared for: Imperva Inc. 3400 Bridge Parkway, Suite 200 Redwood Shores, CA 94065 United States Prepared by: Leidos Inc. (formerly Science

More information

Australasian Information Security Evaluation Program

Australasian Information Security Evaluation Program Australasian Information Security Evaluation Program Juniper Networks, Inc. JUNOS 12.1 X46 D20.6 for SRX-Series Platforms Certification Report 2015/90 3 July 2015 Version 1.0 Commonwealth of Australia

More information

Security Target. NetIQ Access Manager 4.0. Document Version 1.13. August 7, 2014. Security Target: NetIQ Access Manager 4.0

Security Target. NetIQ Access Manager 4.0. Document Version 1.13. August 7, 2014. Security Target: NetIQ Access Manager 4.0 Security Target NetIQ Access Manager 4.0 Document Version 1.13 August 7, 2014 Document Version 1.13 NetIQ Page 1 of 36 Prepared For: Prepared By: NetIQ, Inc. 1233 West Loop South Suite 810 Houston, TX

More information

FIPS 140-2 Non-Proprietary Security Policy. IBM Internet Security Systems SiteProtector Cryptographic Module (Version 1.0)

FIPS 140-2 Non-Proprietary Security Policy. IBM Internet Security Systems SiteProtector Cryptographic Module (Version 1.0) FIPS 140-2 Non-Proprietary Security Policy IBM Internet Security Systems SiteProtector Document Version 2.3 August 5, 2010 Document Version 2.3 IBM Internet Security Systems Page 1 of 24 Prepared For:

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

Protection Profile for Full Disk Encryption

Protection Profile for Full Disk Encryption Protection Profile for Full Disk Encryption Mitigating the Risk of a Lost or Stolen Hard Disk Information Assurance Directorate 01 December 2011 Version 1.0 Table of Contents 1 Introduction to the PP...

More information

www.xceedium.com 2: Do not use vendor-supplied defaults for system passwords and other security parameters

www.xceedium.com 2: Do not use vendor-supplied defaults for system passwords and other security parameters 2: Do not use vendor-supplied defaults for system passwords and other security parameters 2.1: Always change vendor-supplied defaults and remove or disable unnecessary default accounts before installing

More information

Protection Profile for Voice Over IP (VoIP) Applications

Protection Profile for Voice Over IP (VoIP) Applications Protection Profile for Voice Over IP (VoIP) Applications 21 October 2013 Version 1.2 Table of Contents 1 INTRODUCTION... 1 1.1 Overview of the TOE... 1 1.2 Usage of the TOE... 1 2 SECURITY PROBLEM DESCRIPTION...

More information

Cisco Aggregation Services Router (ASR) 900 Series

Cisco Aggregation Services Router (ASR) 900 Series Cisco Aggregation Services Router (ASR) 900 Series Security Target Version 1.0 26 March 2015 Table of Contents 1 SECURITY TARGET INTRODUCTION...8 1.1 ST AND TOE REFERENCE... 8 1.2 TOE OVERVIEW... 8 1.2.1

More information

Chapter 17. Transport-Level Security

Chapter 17. Transport-Level Security Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics

More information

Enterasys Networks, Inc. Netsight/Network Access Control v3.2.2. Security Target

Enterasys Networks, Inc. Netsight/Network Access Control v3.2.2. Security Target Enterasys Networks, Inc. Netsight/Network Access Control v3.2.2 Security Target Evaluation Assurance Level: EAL2+ Document Version: 0.7 Prepared for: Prepared by: Enterasys Networks, Inc. Corsec Security,

More information

McAfee Firewall Enterprise v8.2.0 and McAfee Firewall Enterprise Control Center v5.2.0 Security Target

McAfee Firewall Enterprise v8.2.0 and McAfee Firewall Enterprise Control Center v5.2.0 Security Target v8.2.0 and McAfee Firewall Enterprise Control Center v5.2.0 10 January 2012 Version 1.1 Prepared By: Primasec Ltd For McAfee Inc 2340 Energy Park Drive St. Paul, MN 55108 USA Contents 1 Introduction...

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security

More information

Cisco 800, 1900, 2900, 3900 Series Integrated Service Routers (ISR) Security Target

Cisco 800, 1900, 2900, 3900 Series Integrated Service Routers (ISR) Security Target Cisco 800, 1900, 2900, 3900 Series Integrated Service Routers (ISR) Security Target Revision 1.0 August 2011 1 Table of Contents 1 SECURITY TARGET INTRODUCTION... 6 1.1 ST and TOE Reference... 6 1.2 Acronyms

More information

Nortel Networks, Inc. VPN Client Software (Software Version: 7_11.101) FIPS 140-2 Non-Proprietary Security Policy

Nortel Networks, Inc. VPN Client Software (Software Version: 7_11.101) FIPS 140-2 Non-Proprietary Security Policy Nortel Networks, Inc. VPN Client Software (Software Version: 7_11.101) FIPS 140-2 Non-Proprietary Security Policy Level 1 Validation Document Version 0.5 Prepared for: Prepared by: Nortel Networks, Inc.

More information

Certification Report

Certification Report Certification Report McAfee Network Security Platform v7.1 (M-series sensors) Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification

More information

CCNA Security. Chapter Two Securing Network Devices. 2009 Cisco Learning Institute.

CCNA Security. Chapter Two Securing Network Devices. 2009 Cisco Learning Institute. CCNA Security Chapter Two Securing Network Devices 1 The Edge Router What is the edge router? - The last router between the internal network and an untrusted network such as the Internet - Functions as

More information

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2 BlackBerry Enterprise Service 10 BlackBerry Device Service Solution Version: 10.2 Security Technical Overview Published: 2014-09-10 SWD-20140908123239883 Contents 1 About BlackBerry Device Service solution

More information

National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report

National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report National Information Assurance Partnership TM Common Criteria Evaluation and Validation Scheme Validation Report Cisco Intrusion Detection System Sensor Appliance IDS-4200 series Version 4.1(3) Report

More information

Marimba Client and Server Management from BMC Software Release 6.0.3

Marimba Client and Server Management from BMC Software Release 6.0.3 Marimba Client and Server Management from BMC Software Release 6.0.3 Version 2.3.0 4 June, 2007 Prepared by: BMC Software, Inc. 2101 City West Blvd. Houston, Texas 77042 TABLE OF CONTENTS 1. Introduction...

More information

Remote Administration

Remote Administration Windows Remote Desktop, page 1 pcanywhere, page 3 VNC, page 7 Windows Remote Desktop Remote Desktop permits users to remotely execute applications on Windows Server 2008 R2 from a range of devices over

More information

McAfee Web Gateway Version 7.0.1.1 EAL 2 + ALC_FLR.2 Security Target

McAfee Web Gateway Version 7.0.1.1 EAL 2 + ALC_FLR.2 Security Target McAfee Web Gateway Version 7.0.1.1 EAL 2 + ALC_FLR.2 Security Target Release Date: September 2010 Document ID: Version: Draft J Prepared By: Primasec Ltd. Prepared For: McAfee Inc. 3965 Freedom Circle

More information

FIPS 140-2 Security Policy LogRhythm 6.0.4 or 6.3.4 Windows System Monitor Agent

FIPS 140-2 Security Policy LogRhythm 6.0.4 or 6.3.4 Windows System Monitor Agent FIPS 140-2 Security Policy LogRhythm 6.0.4 or 6.3.4 Windows System Monitor Agent LogRhythm, Inc. 4780 Pearl East Circle Boulder, CO 80301 May 1, 2015 Document Version 2.0 Module Versions 6.0.4 or 6.3.4

More information

FIPS 140-2 Security Policy LogRhythm 6.0.4 Log Manager

FIPS 140-2 Security Policy LogRhythm 6.0.4 Log Manager FIPS 140-2 Security Policy LogRhythm 6.0.4 Log Manager LogRhythm 3195 Sterling Circle, Suite 100 Boulder CO, 80301 USA September 17, 2012 Document Version 1.0 Module Version 6.0.4 Page 1 of 23 Copyright

More information

Criteria for web application security check. Version 2015.1

Criteria for web application security check. Version 2015.1 Criteria for web application security check Version 2015.1 i Content Introduction... iii ISC- P- 001 ISC- P- 001.1 ISC- P- 001.2 ISC- P- 001.3 ISC- P- 001.4 ISC- P- 001.5 ISC- P- 001.6 ISC- P- 001.7 ISC-

More information

Chapter 7 Transport-Level Security

Chapter 7 Transport-Level Security Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell

More information

Evaluating Windows: Something Old, Something New, Something Borrowed, Something Blue. September 11, 2013 Mike Grimm, Microsoft Corp.

Evaluating Windows: Something Old, Something New, Something Borrowed, Something Blue. September 11, 2013 Mike Grimm, Microsoft Corp. Evaluating Windows: Something Old, Something New, Something Borrowed, Something Blue September 11, 2013 Mike Grimm, Microsoft Corp. Agenda History of Windows CC evaluations Experiences with Windows 7 and

More information

Security Policy Revision Date: 23 April 2009

Security Policy Revision Date: 23 April 2009 Security Policy Revision Date: 23 April 2009 Remote Desktop Support Version 3.2.1 or later for Windows Version 3.1.2 or later for Linux and Mac 4 ISL Light Security Policy This section describes the procedure

More information

AppGate Security Server, Version 8.0.4. Security Target. Document Version: 2.9 Date: 2008-04-10

AppGate Security Server, Version 8.0.4. Security Target. Document Version: 2.9 Date: 2008-04-10 AppGate Security Server, Version 8.0.4 Security Target Document Version: 2.9 Date: 2008-04-10 Contents 1 INTRODUCTION...6 1.1 ST Identification...6 1.2 ST Overview...6 1.3 CC Conformance Claim...6 1.4

More information

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc.

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc. Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0 Accellion, Inc. December 24, 2009 Copyright Accellion, Inc. 2009. May be reproduced only in its original entirety

More information

Computer Security: Principles and Practice

Computer Security: Principles and Practice Computer Security: Principles and Practice Chapter 24 Windows and Windows Vista Security First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Windows and Windows Vista Security

More information

Cisco Email Security Appliance (ESA), with Software Version AsyncOS 9.1

Cisco Email Security Appliance (ESA), with Software Version AsyncOS 9.1 Cisco Email Security Appliance (ESA), with Software Version AsyncOS 9.1 CC Configuration Guide Version 1.4 September 1, 2015 Table of Contents 1 Introduction... 7 1.1 Audience... 7 1.2 Purpose... 7 1.3

More information

Configuration Backup and Restore. Dgw v2.0 May 14, 2015. www.media5corp.com

Configuration Backup and Restore. Dgw v2.0 May 14, 2015. www.media5corp.com Dgw v2.0 May 14, 2015 www.media5corp.com Table of Contents Configuration Backup and Restore... 3 File Servers... 4 Configuring the FTP Server...4 Configuring the TFTP Server...4 Configuring the HTTP Server...

More information

CrashPlan Security SECURITY CONTEXT TECHNOLOGY

CrashPlan Security SECURITY CONTEXT TECHNOLOGY TECHNICAL SPECIFICATIONS CrashPlan Security CrashPlan is a continuous, multi-destination solution engineered to back up mission-critical data whenever and wherever it is created. Because mobile laptops

More information

Protection Profile for Software Full Disk Encryption

Protection Profile for Software Full Disk Encryption Protection Profile for Software Full Disk Encryption Mitigating the Risk of a Lost or Stolen Hard Disk Information Assurance Directorate 14 February 2013 Version 1.0 Table of Contents 1 Introduction to

More information

Protection Profile for USB Flash Drives

Protection Profile for USB Flash Drives Protection Profile for USB Flash Drives Mitigating the Risk of a Manipulated, Misplaced, or Stolen USB Flash Drive Information Assurance Directorate 01 December 2011 Version 1.0 Table of Contents 1 Introduction

More information

Security Target. Security Target SQL Server 2008 Team. Author: Roger French Version: 1.04 Date: 2011-09-26

Security Target. Security Target SQL Server 2008 Team. Author: Roger French Version: 1.04 Date: 2011-09-26 SQL Server 2008 Team Author: Roger French Version: 1.04 Date: 2011-09-26 Abstract This document is the (ST) for the Common Criteria certification of the database engine of Microsoft SQL Server 2008 R2.

More information

Cisco Adaptive Security Appliances (ASA) Firewall and Virtual Private Network (VPN) Platform Security Target

Cisco Adaptive Security Appliances (ASA) Firewall and Virtual Private Network (VPN) Platform Security Target Cisco Adaptive Security Appliances (ASA) Firewall and Virtual Private Network (VPN) Platform Security Target This document provides the basis for an evaluation of a specific Target of Evaluation (TOE).

More information

SonicWALL PCI 1.1 Implementation Guide

SonicWALL PCI 1.1 Implementation Guide Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard

More information

Locking down a Hitachi ID Suite server

Locking down a Hitachi ID Suite server Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime

More information

PrintFleet Enterprise 2.2 Security Overview

PrintFleet Enterprise 2.2 Security Overview PrintFleet Enterprise 2.2 Security Overview PageTrac Support PrintFleet Enterprise 2.2 Security Overview PrintFleet Inc. is committed to providing software products that are secure for use in all network

More information

Data Sheet. NCP Secure Enterprise Management. Next Generation Network Access Technology

Data Sheet. NCP Secure Enterprise Management. Next Generation Network Access Technology Centrally Managed VPN Fully Automatic Operation of a Remote Access VPN via a Single Console Enables easy rollout and operation of secure remote access infrastructures Central creation of client configuration

More information

INTEGRATION GUIDE. DIGIPASS Authentication for Cisco ASA 5505

INTEGRATION GUIDE. DIGIPASS Authentication for Cisco ASA 5505 INTEGRATION GUIDE DIGIPASS Authentication for Cisco ASA 5505 Disclaimer DIGIPASS Authentication for Cisco ASA5505 Disclaimer of Warranties and Limitation of Liabilities All information contained in this

More information

COMMON CRITERIA CERTIFICATION REPORT

COMMON CRITERIA CERTIFICATION REPORT COMMON CRITERIA CERTIFICATION REPORT EMC Data Domain version 5.5 Date: 30 June 2016 Version: 1.0 Government of Canada. This document is the property of the Government of Canada. It shall not be altered,

More information

Common Criteria Security Target For XenApp 6.0 for Windows Server 2008 R2 Platinum Edition

Common Criteria Security Target For XenApp 6.0 for Windows Server 2008 R2 Platinum Edition Common Criteria Security Target For XenApp 6.0 for Windows Server 2008 R2 Platinum Edition Version 1-0 7 February 2011 2011 Citrix Systems, Inc. All rights reserved. Summary of Amendments Version 1-0 7

More information

Protection Profile for Email Clients

Protection Profile for Email Clients Protection Profile for Email Clients 1 April 2014 Version 1.0 Page 1 of 69 1 Introduction... 4 1.1 Overview of the TOE... 4 1.2 Usage of the TOE... 4 2 SECURITY PROBLEM DESCRIPTION... 6 2.1 Threats...

More information

VASCO Data Security International, Inc. DIGIPASS GO-7. FIPS 140-2 Non-Proprietary Cryptographic Module Security Policy

VASCO Data Security International, Inc. DIGIPASS GO-7. FIPS 140-2 Non-Proprietary Cryptographic Module Security Policy VASCO Data Security International, Inc. DIGIPASS GO-7 FIPS 140-2 Non-Proprietary Cryptographic Module Security Policy Security Level: 2 Version: 1.7 Date: August 12, 2015 Copyright VASCO Data Security

More information

SENSE Security overview 2014

SENSE Security overview 2014 SENSE Security overview 2014 Abstract... 3 Overview... 4 Installation... 6 Device Control... 7 Enrolment Process... 8 Authentication... 9 Network Protection... 12 Local Storage... 13 Conclusion... 15 2

More information

Introduction to Endpoint Security

Introduction to Endpoint Security Chapter Introduction to Endpoint Security 1 This chapter provides an overview of Endpoint Security features and concepts. Planning security policies is covered based on enterprise requirements and user

More information

Certification Report

Certification Report Certification Report HP Universal CMDB and Universal Discovery v10.21 Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government

More information

ACS 5.x and later: Integration with Microsoft Active Directory Configuration Example

ACS 5.x and later: Integration with Microsoft Active Directory Configuration Example ACS 5.x and later: Integration with Microsoft Active Directory Configuration Example Document ID: 113571 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information

More information

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc. Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet

More information

McAfee Firewall Enterprise v7.0.1.02 Security Target

McAfee Firewall Enterprise v7.0.1.02 Security Target McAfee Firewall Enterprise v7.0.1.02 Security Target 8 Nov 2010 Version 1.3 Prepared By: Primasec Ltd For McAfee Inc 2340 Energy Park Drive St. Paul, MN 55108 USA McAfee Inc. Page 1 of 60 Contents 1 Introduction...

More information

RSA SecurID Ready Implementation Guide

RSA SecurID Ready Implementation Guide RSA SecurID Ready Implementation Guide Partner Information Last Modified: December 18, 2006 Product Information Partner Name Microsoft Web Site http://www.microsoft.com/isaserver Product Name Internet

More information

74% 96 Action Items. Compliance

74% 96 Action Items. Compliance Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated

More information

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui School of Engineering and Computer Science Te Kura Mātai Pūkaha, Pūrorohiko PO Box 600 Wellington New Zealand Tel: +64 4 463

More information

Gigabyte Management Console User s Guide (For ASPEED AST 2400 Chipset)

Gigabyte Management Console User s Guide (For ASPEED AST 2400 Chipset) Gigabyte Management Console User s Guide (For ASPEED AST 2400 Chipset) Version: 1.4 Table of Contents Using Your Gigabyte Management Console... 3 Gigabyte Management Console Key Features and Functions...

More information

National Information Assurance Partnership

National Information Assurance Partnership National Information Assurance Partnership TM Common Criteria Evaluation and Validation Scheme Validation Report Protection Profile for Software Full Disk Encryption, Version 1.1 Report Number: CCEVS-VR-PP-0003

More information

SNAPcell Security Policy Document Version 1.7. Snapshield

SNAPcell Security Policy Document Version 1.7. Snapshield SNAPcell Security Policy Document Version 1.7 Snapshield July 12, 2005 Copyright Snapshield 2005. May be reproduced only in its original entirety [without revision]. TABLE OF CONTENTS 1. MODULE OVERVIEW...3

More information

Executive Summary and Purpose

Executive Summary and Purpose ver,1.0 Hardening and Securing Opengear Devices Copyright Opengear Inc. 2013. All Rights Reserved. Information in this document is subject to change without notice and does not represent a commitment on

More information

Symantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version: 1.0.0.2

Symantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version: 1.0.0.2 Symantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version: 1.0.0.2 FIPS 140 2 Non Proprietary Security Policy FIPS Security Level: 1 Document Version: 1.1 Prepared for: Prepared

More information

NCP Secure Enterprise Management Next Generation Network Access Technology

NCP Secure Enterprise Management Next Generation Network Access Technology Data Sheet NCP Secure Enterprise Management Next Generation Network Access Technology Centrally Managed VPN fully Automatic Operation of a Remote Access VPN via a Single Console Enables easy rollout and

More information

Supporting Document Mandatory Technical Document. Evaluation Activities for Stateful Traffic Filter Firewalls cpp. February-2015. Version 1.

Supporting Document Mandatory Technical Document. Evaluation Activities for Stateful Traffic Filter Firewalls cpp. February-2015. Version 1. Supporting Document Mandatory Technical Document Evaluation Activities for Stateful Traffic Filter Firewalls cpp February-2015 Version 1.0 CCDB-2015-01-002 Foreword This is a supporting document, intended

More information

Xerox DocuShare Security Features. Security White Paper

Xerox DocuShare Security Features. Security White Paper Xerox DocuShare Security Features Security White Paper Xerox DocuShare Security Features Businesses are increasingly concerned with protecting the security of their networks. Any application added to a

More information