McAfee Firewall Enterprise v Security Target
|
|
- Edward Houston
- 8 years ago
- Views:
Transcription
1 McAfee Firewall Enterprise v Security Target 8 Nov 2010 Version 1.3 Prepared By: Primasec Ltd For McAfee Inc 2340 Energy Park Drive St. Paul, MN USA McAfee Inc. Page 1 of 60
2 Contents 1 Introduction ST Introduction Security Target, TOE and CC Identification Conformance Claims Common Criteria Protection Profile Conventions Terminology & Acronyms References TOE Description Product Type Application Context Physical and Logical Boundaries Evaluation Application Context Proxy agents to be Evaluated Features not to be Evaluated Physical Scope and Boundary Logical Scope and Boundary TOE Documentation Security problem definition Assumptions Threats Threats Addressed by the TOE Threat to be Addressed by Operating Environment Organisational security policies Security objectives Security objectives for the TOE Security objectives for the environment Security requirements Security functional requirements FMT_SMR.1 Security roles FIA_ATD.1 User attribute definition FIA_UID.2 User identification before any action FIA_AFL.1 Authentication failure handling McAfee Inc. Page 2 of 60
3 5.1.5 FIA_UAU.5 Multiple authentication mechanisms FIA_UAU.8 (X) Invocation of authentication mechanism FIA_SOS.2 TSF Generation of secrets FDP_IFC.1 Subset information flow control (1) FDP_IFC.1 Subset information flow control (2) FDP_IFC.1 Subset information flow control (3) FDP_IFF.1 Simple security attributes (1) FDP_IFF.1 Simple security attributes (2) FDP_IFF.1 Simple security attributes (3) FDP_UCT.1 Basic data exchange confidentiality FTP_ITC.1 Inter-TSF trusted channel FMT_MSA.1 Management of security attributes (1) FMT_MSA.1 Management of security attributes (2) FMT_MSA.1 Management of security attributes (3) FMT_MSA.1 Management of security attributes (4) FMT_MSA.1 Management of security attributes (5) FMT_MSA.1 Management of security attributes (6) FMT_MSA.3 Static attribute initialization FMT_MTD.1 Management of TSF data (1) FMT_MTD.1 Management of TSF data (2) FMT_MTD.2 Management of limits on TSF data FDP_RIP.1 Subset residual information protection FCS_COP.1 Cryptographic operation (1 data encryption) FCS_COP.1 Cryptographic operation (2 cryptographic signature services) FCS_COP.1 Cryptographic operation (3 cryptographic hashing) FCS_COP.1 Cryptographic operation (4 cryptographic key agreement) FPT_STM.1 Reliable time stamps FAU_GEN.1 Audit data generation FAU_SAR.1 Audit review FAU_SAR.3 Selectable audit review FAU_STG.1 Protected audit trail storage FAU_STG.4 Prevention of audit data loss FMT_MOF.1 Management of security functions behaviour (1) FMT_MOF.1 Management of security functions behaviour (2) Security assurance requirements McAfee Inc. Page 3 of 60
4 5.3 Definition of Extended Components TOE Summary Specification Security audit (SF-FAU) Cryptographic support (SF-FCS) User data protection (SF-FDP) Identification and authentication (SF-FIA) Security management (SF-FMT) Protection of the TSF (SF-FPT) Rationale Rationale for TOE security objectives Rationale for security objectives for the environment Rationale for security requirements Dependency rationale Rationale for TOE summary specification Rationale for security assurance requirements Loss of audit data McAfee Inc. Page 4 of 60
5 1 Introduction 1.1 ST Introduction This section presents the Security Target (ST) and Target of Evaluation (TOE) identification, ST conventions, ST conformance claims, and the ST organization. The TOE is McAfee Firewall Enterprise HW02. Within this ST, McAfee Firewall is used to identify the combination of a particular version of the McAfee Firewall Enterprise software, including its SecureOS operating system, the corresponding Admin console client software, and the hardware or virtual platform for running the firewall software. The specific firewall software version, management tool version, and hardware/virtual platforms to be evaluated are all specified in Section 1.2. McAfee Firewall is a firewall and access control security platform for the enterprise; McAfee Firewall configured in its operational environment delivers strong security while maintaining performance and scalability. It provides access control of communication and information flow between two or more networks, usually the Internet and internal networks, using application-level proxy and packet filtering technology. The operational environment for the McAfee Firewall software is a dedicated McAfee appliance platform or virtual appliance, supporting a typical Intel-based instruction architecture. The configured McAfee Firewall provides the highest levels of security by using SecureOS, an enhanced UNIX operating system that employs McAfee's patented Type Enforcement security technology. Type Enforcement technology protects McAfee Firewall by separating all processes and services on the firewall. McAfee Firewall supports user identification and authentication (I&A) where "user" is defined to be a human user acting in an Administrative role, an authenticated proxy user, or an authorized IT entity. It provides the capability to pass and block information flows based on a set of rules defined by the Administrator. Additionally, it enforces security policies which restrict host-to-host connections to common Internet services such as: Telnet, File Transfer Protocol (FTP), Hypertext Transfer Protocol (HTTP and HTTPS), and Simple Mail Transfer Protocol (SMTP). McAfee Firewall supports encryption for remote administration, remote proxy users and authorized IT entities (e.g. certificate server, NTP server), and generates audit data of security relevant events. McAfee Firewall also provides VPN capability to encrypt out-going traffic flowing to a geographically separated enclave and decrypt incoming traffic from such an enclave. This ST contains the following additional sections: TOE Description (Section 2) Security Problem Definition (Section 3) Security Objectives (Section 4) Security Requirements (Section 5) TOE Summary Specification (Section 6) Rationale (Section 8). 1.2 Security Target, TOE and CC Identification ST Title McAfee Firewall Enterprise v Security Target ST Version 1.3 ST Date 8 November 2010 McAfee Inc. Page 5 of 60
6 TOE Identification McAfee Firewall Enterprise HW02 Software: McAfee Firewall Enterprise HW02revB, McAfee Firewall Enterprise (Sidewinder) Admin Console 4.10 Hardware: Models S1104, FW-410F, FW-510F, FW-1100F, FW-2100F, FW-2150F, FW- 4150F, FW-2150F-VX04, and RM700F; also VMware (3.5 or 4) ESX Server, and Riverbed Steelhead 250, 550, and 1050 appliances TOE Developer McAfee Evaluation Sponsor McAfee CC Identification Common Criteria for Information Technology Security Evaluation, Version 3.1r3 1.3 Conformance Claims Common Criteria This TOE and ST are conformant to the following CC specifications: [CC_PART2] Extended [CC_PART3] Conformant Assurance Level: EAL 4 augmented with ALC_FLR Protection Profile This TOE and ST are conformant to [FWPP] (Augmented). The TOE type is a firewall, and the TOE type in the PP is stated to be a firewall. The TOE type is therefore consistent with the PP. The statement of security problem definition in the ST is consistent with that in the PP. All threats, assumptions and organizational security policies in the PP are included in the ST. One threat has been added to address confidentiality and integrity of network traffic in support of claims made in relation to VPNs. The statement of security objectives in the ST is consistent with that in the PP. The security objectives for the TOE in the ST include all those in the PP. One security objective for the TOE has been added, covering use of VPN. This does not conflict with the other objectives. One of the security objectives for the TOE has been repeated in the statement of security objectives for the environment, to reflect use of an external single-use authentication server. Some of the security objectives for the environment have been reworded for clarity, but in each case the objective is unaltered. The statement of security requirements in the ST is consistent with that in the PP. Additional security functional requirements have been added to reflect use of VPN. These additional security functional requirements are consistent with those from the PP. An additional security functional requirement has been added to reflect use of an external authentication server. This approach was validated with the PP authors during evaluation of an earlier version of the TOE in The security assurance requirements in the ST are hierarchical to those in the PP. The PP calls up EAL2 augmented with ALC_FLR.2, whereas the TOE uses EAL4 augmented with ALC_FLR.3. McAfee Inc. Page 6 of 60
7 1.4 Conventions Since this security target is claiming compliance with a protection profile, the conventions used are intended to highlight the completion of operations made within this security target. While this security target will include the operations made by the protection profile upon the CC requirements it is not the author s intent to highlight those operations (i.e., use bold, italics or special fonts). Therefore, keywords (e.g. selection, assignment and refinement) and formatting (e.g., special fonts) used within the protection profile to designate operations are being removed by this ST. The brackets used by the protection profile to designate operations completed by the PP are left in the requirements. The following conventions have been applied to indicate operations that this ST is making to the requirements in the protection profile: Security Functional Requirements Part 2 of the CC defines the approved set of operations that may be applied to functional requirements: iteration, assignment, selection, and refinement. o Iteration: allows a component to be used more than once with varying operations. In the ST, iteration is indicated by a number in brackets placed at the end of the component. For example FDP_ACC.1 (1) and FDP_ACC.1 (2) indicate that the ST includes two iterations of the FDP_ACC.1 requirement, 1 and 2. o Assignment: allows the specification of an identified parameter. Assignments are indicated using bold and are surrounded by brackets (e.g., [assignment]). Note that an assignment within a selection would be identified in italics and with embedded bold brackets (e.g. [[selected-assignment]]). o Selection: allows the specification of one or more elements from a list. Selections are indicated using bold italics and are surrounded by brackets (e.g., [selection]). o Refinement: allows the addition of details. Refinements are indicated using bold, for additions, and strike-through, for deletions (e.g., all objects or some big things ). Other sections of the ST Other sections of the ST use bolding to highlight text of special interest, such as captions. 1.5 Terminology & Acronyms In the Common Criteria, many terms are defined in Section 4 of [CCPART1]. The following terms are a subset of those definitions. They are listed here to aid the user of the Security Target. External Entity User Authorized User Role Any entity (human or IT) outside the TOE that interacts (or may interact) with the TOE. Same as External Entity A user who may, in accordance with the SFRs, perform an operation. A predefined set of rules establishing the allowed interactions between a user and the TOE. McAfee Inc. Page 7 of 60
8 Identity Authentication data A representation (e.g., a string) uniquely identifying an authorized user, which can either be the full or abbreviated name of that user or a pseudonym. Information used to verify the claimed identity of a user. In addition to the above general definitions, this Security Target provides the following specialized definitions: Administrator Any human user who has been identified and authenticated to act in the administrative role defined in the ST. An authorized administrator is an administrator who may, in accordance with the SFRs, perform an operation. A non-administrator is, obviously, someone who is not an administrator. Application-Level Proxy A proxy server acts on behalf of the user. All requests from clients to the Internet go to the proxy server first. The proxy evaluates the request, and if allowed, re-establishes it on the outbound side to the Internet. Likewise, responses from the Internet go to the proxy server to be evaluated. The proxy then relays the message to the client. Both client and server think they are communicating with one another, but, in fact, are dealing only with the proxy. Proxy servers are available for common Internet services; for example, an HTTP proxy is used for Web access, and an FTP proxy is used for file transfers. Such proxies are called "application-level proxies because they are dedicated to a particular application and protocol, and are aware of the content of the packets being sent. Authenticated Proxy User A user who has been identified and authenticated to satisfy the requirements for using a proxy according to the authenticated policy enforced by the TOE. A proxy user is any user, either authenticated or not, who is sending traffic through a proxy according to any security policy enforced by the TOE. A remote proxy user is a proxy user who is also a remote user. Authorized IT entity Any IT entity outside the TOE that may, in accordance with the SFRs, perform an operation on the TOE. Local Administration Console This is the physically connected, generic hardware platform (part of the IT environment) running the McAfee Firewall Administration Console client (part of the TOE). Both the local administration console hardware and its network connection to the McAfee Firewall are physically protected. McAfee Firewall must be configured to accept administrative commands from the local administration console. Local Administrator This is an administrator who uses a local administration console to manage McAfee Firewall. Remote Administration Console This is also a generic hardware platform running the McAfee Firewall Administration Console client; it has a network connection to McAfee Firewall, but it is not a local administration console. McAfee Firewall must be configured to accept administrative commands from such a remote administration console. Remote User - A user that communicates with the TOE by means of a network connection. Since administrators are users, a remote administrator is an administrator who is also a remote user. Remote Administrator This is an administrator who uses a remote administration console to manage McAfee Firewall. McAfee Inc. Page 8 of 60
9 Single-Use Authentication Data for single-use authentication can be something the user has or knows, but not something the user is. Examples of single-use authentication data include single-use passwords, encrypted time-stamps, and/or random numbers from a secret lookup table. The following abbreviations are used in this Security Target: AES ANSI BSD CC CD CPU DSA EAL ECB ESP FIPS FIPS PUB FLR FTP GHz GUI HTTP HTTPS I&A ICMP IKE IPSEC IT LAN MB MMU NAT NTP OS OSP PC Advanced Encryption Standard American National Standards Institute Berkley Software Distribution Common Criteria for Information Technology Security Evaluation Compact Disk Central Processing Unit Digital Signature Algorithm Evaluation Assurance Level Electronic Codebook Encapsulating Security Payload Federal Information Processing Standard Federal Information Processing Standard Publication Flaw Remediation File Transfer Protocol Gigahertz Graphical User Interface Hypertext Transfer Protocol Hypertext Transfer Protocol Secure Identification and Authentication Internet Control Message Protocol Internet Key Exchange Internet Protocol Security Information Technology Local Area Network Megabyte Memory Management Unit Network Address Translation Network Time Protocol Operating System Organizational Security Policy Personal Computer McAfee Inc. Page 9 of 60
10 PP PRNG PS/2 RAM RDSA RFC RNG SA SAR SFP SFR SHA SMTP SSL ST SVGA TCP/IP TLS TOE TSC TSF TSP URL US VPN Protection Profile Pseudo Random Number Generator Personal System/2 Random Access Memory RSA Digital Signature Algorithm Request For Comment Random Number Generator Security Association Security Assurance Requirement Security Function Policy Security Functional Requirement Secure Hash Algorithm Simple Mail Transfer Protocol Secure Sockets Layer Security Target Super Video Graphics Array Transmission Control Protocol/Internet Protocol Transport Layer Security Target of Evaluation TSF Scope of Control TOE Security Functions TOE Security Policy Uniform Resource Locator United States Virtual Private Network 1.6 References The following documentation was used to prepare this ST: [CC_PART1] [CC_PART2] Common Criteria for Information Technology Security Evaluation Part 1: Introduction and general model, dated July 2009, version 3.1 revision 3, CCMB Common Criteria for Information Technology Security Evaluation Part 2: Security functional components, dated July 2009, version 3.1 revision 3, CCMB McAfee Inc. Page 10 of 60
11 [CC_PART3] [CEM] [FWPP] [FIPS 140-2] [FIPS 180-3] [FIPS 197] [SP ] Common Criteria for Information Technology Security Evaluation Part 3: Security assurance components, dated July 2009, version 3.1 revision 3, CCMB Common Methodology for Information Technology Security Evaluation July 2009, version 3.1 revision 3, CCMB U.S. Government Protection Profile for Applicationlevel Firewall in Basic Robustness Environments Version 1.1, July 25, Security Requirements for Cryptographic Modules, Federal Information Processing Standard, May 2001 Secure Hash Standard (SHS), Federal Information Processing Standard, Oct 2008 Advanced Encryption Standard, Federal Information Processing Standard, Nov 2001 Recommendation for Key Management, NIST Special Publication, March 2007 McAfee Inc. Page 11 of 60
12 2 TOE Description This section provides context for the TOE evaluation by identifying the product type and describing the evaluated configuration. 2.1 Product Type McAfee Firewall operating with two or more network interfaces provides a hybrid firewall solution that supports both application-level proxy and packet filtering. The McAfee Firewall software version consists of a collection of integrated firewall applications and SecureOS, a secure operating system. This OS is an extended version of the FreeBSD UNIX operating system. It includes McAfee's patented Type Enforcement security technology, additional network separation control, network-level packet filtering support and improved auditing facilities. SecureOS also provides the secured computing environment in which all McAfee Firewall firewall application layer processing is done. McAfee Firewall also provides VPN capability between separated network enclaves. In addition to the McAfee Firewall appliance model running the firewall application with SecureOS, the TOE also includes the Admin Console client software (McAfee Firewall Enterprise (sidewinder) Admin Console). The Admin Console is separately installed on a generic windows platform that is part of the IT environment: it is used to manage McAfee Firewall. 2.2 Application Context McAfee Firewall operates in an environment where it provides a single point of connectivity between at least two networks. Typically one network is viewed as the inside of an organization, where there is some assumption of control over access to the computing network. The other network is typically viewed as an external network, similar to the Internet, where there is no practical control over the actions of its processing entities. McAfee Firewall's role is to limit and control all information flow between the networks. 2.3 Physical and Logical Boundaries Evaluation Application Context The following contextual assumptions apply to the TOE: a) It shall be newly installed and configured in accordance with the directives contained in the supplied guidance documentation; b) Physical access to the configured McAfee Firewall shall be controlled; c) The configured McAfee Firewall shall be connected only to networks between which it controls information flow; d) The configured McAfee Firewall shall manage traffic for at least two (2) networks, at least one of which is designated as internal and one is designated as external; e) The configured McAfee Firewall shall support administrative operations via a GUI application, known as Admin Console, running on a Windows system; f) The configured McAfee Firewall shall be connected to its administrative workstation either directly or remotely, but in either case the communications are encrypted and the workstation is physically protected; g) Only authorized administrators shall be allowed physical access to the McAfee Firewall hardware computing platform or to the administrative workstation for such purposes as starting the system. McAfee Inc. Page 12 of 60
13 2.3.2 Proxy agents to be Evaluated The FTP, HTTP, HTTPS, SMTP, Telnet, and Generic proxy agents are all included within the scope of the evaluation. Other protocol-aware proxy agents and services provided by McAfee Firewall are excluded from the scope of the evaluation Features not to be Evaluated McAfee Firewall provides additional capabilities by means of optional add-on features that require additional equipment and/or licensing. The following extra functionality of this type is specifically excluded from the scope of this evaluation: a) Failover/High Availability; b) Anti-Virus; c) SmartFilter (URL Filtering); d) Signature based IPS; e) Policy Acceleration Network Cards; f) SSL Termination; g) McAfee Firewall Enterprise Control Center (product to manage multiple McAfee Firewalls); h) Network analysis capability; i) Security Reporter (optional tool to view audit) McAfee Firewall includes functions that are explicitly excluded from the scope of the evaluation: a) Built-in servers other than ICMP; b) Trusted Source (reputation service for senders); c) Use of the command line to manage the TOE (disabled in the evaluated configuration) Physical Scope and Boundary The TOE consists of McAfee Firewall software Version , which includes the firewall application and the SecureOS operating system, running on a dedicated McAfee appliance platform or virtual appliance. The TOE also includes the Admin Console client software (the McAfee Firewall Enterprise (Sidewinder) Admin Console version 4.10). This software is provided with every McAfee Firewall appliance, and it is also provided as a separate part of every McAfee Firewall software product distribution. The administration client software runs on a generic computing platform with a Windows operating system. However, the platform and Windows OS are not part of the TOE TOE Environment Requirements The McAfee Firewall appliance is configured to control the flow of TCP/IP traffic between two network interfaces. McAfee offers a family of appliance models with various hardware combinations to address a wide range of customer performance needs. In addition, a second hardware platform is required in the IT environment to run the McAfee Firewall Admin Console software for remote or local administration. The evaluated configuration must include at least one administration console. The minimum configuration required for this platform is as follows: CPU: Intel, 1GHz RAM: 512 MB OS: MS Windows 2003 Server, Windows 2008 Server, Windows XP Professional or Windows Vista McAfee Inc. Page 13 of 60
14 Media: o Minimum of 300 MB of available disk storage o CD drive Network: One network interface SVGA video and display PS/2 or Serial Mouse Keyboard The McAfee Firewall is available in two virtual forms: the Multi-Firewall Edition, provided in partnership with VMware, and the Virtual Appliance. The Multi-Firewall Edition appliance models come preinstalled on the same Dell hardware used for non-virtual appliances, preloaded with either 4, 8, 16 or 32 virtual firewalls, VMware ESX Server, and a virtual instance of McAfee Firewall Enterprise Control Center. The Virtual Firewall is delivered as software only, and is intended to be installed on existing VMware infrastructure installed on ESX Server. All specific TOE or TOE Environment settings and requirements are documented in guidance supplied with the TOE Hardware Security Considerations No extraordinary security demands are placed upon the hardware platforms and peripheral equipment used by the McAfee Firewall software. This equipment is expected to meet the customary demands for reliable operation of typical Unix or Microsoft Servers as provided by standard Intel PC computing platforms. The security features assumed to be present and operational on the hardware platforms include: The CPU must provide a two-state processing model to support the separation of the kernel processing from the application processing. The CPU and /or the supporting motherboard must provide a Memory Management Unit (MMU) to support separate memory spaces for the kernel and each process. The system motherboard must provide a battery backup for the clock to maintain time information when the system is shut down. Also the CPU or ancillary hardware must provide a periodic timer to support the internal time management within the kernel. If any of the network interface cards support features such as wake-on LAN, special external command features, or special protocol processing, the hardware connections to support those features should not be connected. In the evaluated configuration, McAfee Firewall will not enable any such special features. For those instances of the TOE that run on VMware, the virtual environment is assumed to emulate these hardware security features. Secure isolation of the virtual environments is the responsibility of the VMware environment, and is outside the scope of this ST Logical Scope and Boundary The TOE with support from the IT environment provides the following security features: a) Security Management [SF_FMT] b) Identification and Authentication [SF_FIA] c) User Data Protection [SF_FDP] d) Protection of Security Functions [SF_FPT] e) Audit [SF_FAU] f) Cryptographic support [SF_FCS] McAfee Inc. Page 14 of 60
15 Security Management An administrator uses the McAfee Firewall Admin Console client (part of the TOE) running on a Windows computer (part of the IT environment) to perform management functions on the McAfee Firewall. This administrative workstation can communicate with the McAfee Firewall remotely or via a locally connected network. All administration consoles, whether they are local or remote, use the same management interface and encrypted communications Identification and Authentication The McAfee Firewall TOE, along with support from the IT environment, supports standard UNIX password authentication. Identification attributes are assigned to each administrative user and each authenticated proxy user. McAfee Firewall gathers data from the user and the associated service connection, and consults the rules to determine what form of authentication is required for the service (including use of an external authentication server). McAfee Firewall consults its stored user information, determines the password s validity, and enforces the result of the validity check. McAfee Firewall provides a mechanism for managing user access following authentication failures. McAfee Firewall also strictly limits the actions it will perform on behalf of a user before the user is authenticated. When establishing VPNs, McAfee Firewall will exchange identities and perform device-level authentication of the remote device (peer McAfee Firewall or remote VPN gateway). Device-level authentication is performed using authentication techniques specified in RFC 2409 and RFC Peers will mutually authenticate themselves to each other before establishing the secure channel User Data Protection McAfee Firewall allows an administrator to define security attributes to permit or deny information flows to or through the TOE. The set of security attributes will include items such as source and destination identification, service identifiers, application level commands and user authentication. The TOE Administrator uses the security attributes to construct one or more access control rules. Packets arriving at the TOE interface are compared to the security attributes in the rules. When the packet attributes match the rules security attributes, that packet or connection is approved; otherwise the packet is dropped and the connection disallowed. In addition to restricting access via the rules, the TOE must generate and maintain state information for all approved connections mediated by the TOE. The TOE utilizes the state information to monitor the status of an approved connection and validate incoming packets purporting to be part of an approved connection. McAfee Firewall restricts information flows via application level commands by incorporating application proxies. Proxies understand the operation of a particular application protocol and can filter the application data portion of a packet according to Administrator defined security attributes (e.g. commands, data types, etc.). Proxies originate all proxy controlled information flows through the TOE on behalf of the communicating end points, which are not allowed to establish a direct connection through the TOE. In the evaluated configuration, McAfee Firewall provides 4 application proxies that can be configured to require user authentication: FTP, Telnet, HTTP and HTTPS. McAfee Firewall also provides a proxy for SMTP, and a generic proxy that don t require user authentication. In the evaluated configuration, the FTP, Telnet, HTTP and HTTPS proxies can also be configured without requiring user authentication. McAfee Inc. Page 15 of 60
16 McAfee Firewall uses the same security attributes discussed above to control access to its own services. McAfee Firewall supports Internet Control Message Protocol (ICMP) as an unauthenticated information flow, which can be enabled or disabled. McAfee Firewall also allows an administrator to establish a VPN policy to control data flows with remote VPN devices. McAfee Firewall provides for authentication to and from the remote device, agreement on cryptographic keys and algorithms, secure generation and distribution of session keys, and encryption of network traffic in accordance with the policy. User data is protected by different facilities depending upon the protocol and stage of processing. While user data is within the network stack, it is part of the kernel memory space, and as such is protected from all user state processing elements on the system. While user data is in the control of a proxy process, it is protected by the SecureOS processing model and Type Enforcement facilities. McAfee Firewall network stack processing ensures that there is no leakage of residual information from previous packets to new packets as they are transferred through the firewall. The memory system zeros storage blocks before they are reused to prevent residual information leakage Protection of Security Functions Audit McAfee Firewall, with its SecureOS operating system, has been designed to be highly resistant to both malicious and accidental attack. It includes system elements that provide several levels of protection for its security functions. The lowest level of protection is provided by the computing platform Central Processing Unit (CPU). The CPU provides a two-state processing model that limits access to certain privileged instructions to the SecureOS kernel. The SecureOS kernel provides a second layer of protection by limiting user mode access to kernel memory. SecureOS also extends the normal FreeBSD UNIX network stack processing with additional separation control to restrict inter-process communication to certain interfaces. SecureOS includes McAfee's patented Type Enforcement facilities that enforce mandatory security policy control over all user state processing. The Type Enforcement policy data is loaded onto the system during installation and cannot be modified on an operational system. Type Enforcement ensures that critical data is accessible only via programs designed to use the data and that the impact of any failure will be confined in scope. McAfee Firewall also provides a reliable time stamp that is used by its audit mechanism. SecureOS supplements the normal UNIX Syslog Facilities by providing an audit device to which all processes and the kernel may write audit data. The SecureOS audit device adds security relevant information, such as the time and the identity of the generating process, to the audit data when it passes through the device within the kernel. The Administrator can view the contents of the audit records, and delete the audit trail. McAfee Firewall provides a sort and search capability to improve audit analysis. The Administrator can configure auditable events, and can configure the TOE to take appropriate actions in the event that the audit trail is close to being exhausted. The TOE provides the Administrator with a configurable audit trail threshold to track the storage capacity of the audit trail. As soon as the threshold is met, the TOE generates an audit record and displays a message on the console. In addition to displaying the message, the Administrator may configure the TOE to prevent all auditable events except for those McAfee Inc. Page 16 of 60
17 performed by the Administrators, or may configure the TOE to overwrite the oldest audit records in the audit trail Cryptographic support McAfee Firewall establishes encrypted communications (acting as the initiator or responder) with authorized remote users and external IT entities. McAfee Firewall includes a software cryptographic module that is validated to FIPS (Level 1) as a minimum. McAfee Firewall performs data encryption/decryption using the Advanced Encryption Standard (AES) algorithm with a minimum key size of 128 bits. McAfee Firewall also performs digital signature generation/verification, random number generation and cryptographic hashing. McAfee Firewall implements VPN mechanisms using cryptography and key management, using algorithms that have been validated to FIPS (Level 1) as a minimum. 2.4 TOE Documentation McAfee offers a series of documents that describe the installation of McAfee Firewall as well as guidance for subsequent use and administration of the applicable security features. McAfee Inc. Page 17 of 60
18 3 Security problem definition This section sets out the threats, assumptions and organisational security policies for the TOE. These are all taken from [FWPP]. 3.1 Assumptions The following conditions are assumed to exist in the operational environment. A.PHYSEC A.LOWEXP A.GENPUR A.PUBLIC A.NOEVIL A.SINGEN A.DIRECT A.NOREMO A.REMACC The TOE is physically secure. The threat of malicious attacks aimed at discovering exploitable vulnerabilities is considered low. There are no general-purpose computing capabilities (e.g. the ability to execute arbitrary code or applications) and storage repository capabilities on the TOE. The TOE does not host public data. Authorized administrators are non-hostile and follow all administrator guidance; however, they are capable of error. Information cannot flow among the internal and external networks unless it passes through the TOE. Human users within the physically secure boundary protecting the TOE may attempt to access the TOE from some direct connection (e.g., a console port) if the connection is part of the TOE. Human users who are not authorized administrators cannot access the TOE remotely from the internal or external networks. 1 Authorized administrators may access the TOE remotely from the internal and external networks. 3.2 Threats The following threats are addressed either by the TOE or the environment Threats Addressed by the TOE The threat agents are either unauthorized persons or external IT entities not authorized to use the TOE itself. T.NOAUTH T.REPEAT T.REPLAY An unauthorized person may attempt to bypass the security of the TOE so as to access and use security functions and/or non-security functions provided by the TOE. An unauthorized person may repeatedly try to guess authentication data in order to use this information to launch attacks on the TOE. An unauthorized person may use valid identification and authentication data obtained to access functions provided by the TOE. 1 All assumptions in this ST are taken from [FWPP]. The assumption is interpreted to refer to direct access to TOE administrative functions, rather than to send traffic via the TOE. As such, the assumption is unnecessary, since such access is controlled via TOE identification and authentication controls, and also requires access to the management application. McAfee Inc. Page 18 of 60
19 T.ASPOOF T.MEDIAT T.OLDINF T.PROCOM T.AUDACC T.SELPRO T.AUDFUL An unauthorized person on an external network may attempt to by-pass the information flow control policy by disguising authentication data (e.g. spoofing the source address) and masquerading as a legitimate user or entity on an internal network. An unauthorized person may send impermissible information through the TOE, which results in the exploitation of resources on the internal network. Because of a flaw in the TOE functioning, an unauthorized person may gather residual information from a previous information flow or internal TOE data by monitoring the padding of the information flows from the TOE. An unauthorized person or unauthorized external IT entity may be able to view, modify, and/or delete security related information that is sent between a remotely located authorized administrator and the TOE. Persons may not be accountable for the actions that they conduct because the audit records are not reviewed, thus allowing an attacker to escape detection. An unauthorized person may read, modify, or destroy security critical TOE configuration data. An unauthorized person may cause audit records to be lost or prevent future records from being recorded by taking actions to exhaust audit storage capacity, thus masking an attackers actions. T. LOWEXP The threat of malicious attacks aimed at discovering exploitable vulnerabilities is considered low. T.NETSEC An unauthorised person or unauthorised external I T entity may be able to view or modify private information that is sent between the TOE and another TOE or trusted IT product Threat to be Addressed by Operating Environment The threat possibility discussed below must be countered by procedural measures and/or administrative methods. T.TUSAGE 3.3 Organisational security policies The TOE may be inadvertently configured, used, and administered in an insecure manner by either authorized or unauthorized persons. US Federal agencies are required to protect sensitive but unclassified information with cryptography. The following organisational security policy must be met: P.CRYPTO AES (Advanced Encryption Standard as specified in FIPS 197) encryption must be used to protect remote administration functions, and the associated cryptographic module must comply, at a minimum, with [FIPS 140-2] (level 1). McAfee Inc. Page 19 of 60
20 4 Security objectives 4.1 Security objectives for the TOE The following are the IT security objectives for the TOE: O.IDAUTH O.SINUSE O.MEDIAT O.SECSTA O.ENCRYP O.SELPRO O.AUDREC O.ACCOUN O.SECFUN O.LIMEXT O.EAL The TOE must uniquely identify and authenticate the claimed identity of all users, before granting a user access to TOE functions or, for certain specified services, to a connected network. The TOE must prevent the reuse of authentication data for users attempting to authenticate to the TOE from a connected network. The TOE must mediate the flow of all information between clients and servers located on internal and external networks governed by the TOE, and must ensure that residual information from a previous information flow is not transmitted in any way. Upon initial start-up of the TOE or recovery from an interruption in TOE service, the TOE must not compromise its resources or those of any connected network. The TOE must protect the confidentiality of its dialogue with an authorized administrator through encryption, if the TOE allows administration to occur remotely from a connected network. The TOE must protect itself against attempts by unauthorized users to bypass, deactivate, or tamper with TOE security functions. The TOE must provide a means to record a readable audit trail of security-related events, with accurate dates and times, and a means to search and sort the audit trail based on relevant attributes. The TOE must provide user accountability for information flows through the TOE and for authorized administrator use of security functions related to audit. The TOE must provide functionality that enables an authorized administrator to use the TOE security functions, and must ensure that only authorized administrators are able to access such functionality. The TOE must provide the means for an authorized administrator to control and limit access to TOE security functions by an authorized external IT entity. The TOE must be structurally tested and shown to be resistant to obvious vulnerabilities. O.NETSEC The TOE must provide a means to maintain the confidentiality and integrity of information sent between itself and another instance of the TOE or other trusted IT product. For a detailed mapping between threats and the IT security objectives listed above, see section 7.1 of the Rationale. McAfee Inc. Page 20 of 60
21 4.2 Security objectives for the environment All of the assumptions stated in section 3.1 are considered to be security objectives for the environment. The following are the security objectives that, in addition to those assumptions, are to be satisfied without imposing technical requirements on the TOE. That is, they will not require the implementation of functions in the TOE hardware and/or software. Thus, they will be satisfied largely through application of procedural or administrative measures. OE.PHYSEC OE.LOWEXP OE.GENPUR OE.PUBLIC OE.NOEVIL OE.SINGEN OE.DIRECT OE.NOREMO OE.REMACC OE.GUIDAN OE.ADMTRA OE.SINUSE The TOE is physically secure. The threat of malicious attacks aimed at discovering exploitable vulnerabilities is considered low. There are no general-purpose computing capabilities (e.g. the ability to execute arbitrary code or applications) and storage repository capabilities on the TOE. The TOE does not host public data. Authorized administrators are non-hostile and follow all administrator guidance; however, they are capable of error. Information cannot flow among the internal and external networks unless it passes through the TOE. Human users within the physically secure boundary protecting the TOE may attempt to access the TOE from some direct connection (e.g. a console port) if the connection is part of the TOE. Human users who are not authorized administrators cannot access the TOE remotely from the internal or external networks. Authorized administrators may access the TOE remotely from the internal and external networks. The TOE must be delivered, installed, administered, and operated in a manner that maintains security. Authorized administrators must be trained as to establishment and maintenance of security policies and practices. The TOE must prevent the reuse of authentication data for users attempting to authenticate to the TOE from a connected network. 2 For a detailed mapping between threats, assumptions, and the security objectives listed above see section 7.1 of the Rationale. 2 This objective for the environment is included to reflect the use in this ST of an authentication server in the environment. McAfee Inc. Page 21 of 60
22 5 Security requirements This section provides functional and assurance requirements that must be satisfied by the TOE. These requirements are expressed using functional components from Part 2 of the CC, and assurance components, including Evaluation Assurance Level (EAL), taken from Part 3 of the CC. 5.1 Security functional requirements The security functional requirements for the TOE are summarised in the table below. They are a superset of [FWPP], with additions for VPN and use of an external authentication server. Extended components are indicated by (X). Additions to the PP are indicated by *. FMT_SMR.1 FIA_ATD.1 FIA_UID.2 FIA_AFL.1 FIA_UAU.5 FIA_UAU.8 (x)* FIA_SOS.2* Security roles User attribute definition User identification before any action Authentication failure handling Multiple authentication mechanisms Invocation of authentication mechanism TSF generation of secrets FDP_IFC.1 (1) Subset information flow control (1) FDP_IFC.1 (2) Subset information flow control (2) FDP_IFC.1 (3)* Subset information flow control (3) FDP_IFF.1 (1) Simple security attributes (1) FDP_IFF.1 (2) Simple security attributes (2) FDP_IFF.1 (3)* Simple security attributes (3) FDP_UCT.1* FTP_ITC.1* Basic data exchange confidentiality Inter-TSF trusted channel FMT_MSA.1 (1) Management of security attributes (1) FMT_MSA.1 (2) Management of security attributes (2) FMT_MSA.1 (3) Management of security attributes (3) FMT_MSA.1 (4) Management of security attributes (4) FMT_MSA.1 (5) Management of security attributes (5) FMT_MSA.1 (6) Management of security attributes (6) FMT_MSA.3 Static attribute initialization FMT_MTD.1 (1) Management of TSF data (1) FMT_MTD.1 (2) Management of TSF data (2) FMT_MTD.2 FDP_RIP.1 FCS_COP.1 (1) Management of limits on TSF data Subset residual information protection Cryptographic operation McAfee Inc. Page 22 of 60
23 FCS_COP.1 (2)* Cryptographic operation FCS_COP.1 (3)* Cryptographic operation FCS_COP.1 (4)* Cryptographic operation FPT_STM.1 Reliable time stamps FAU_GEN.1 Audit data generation FAU_SAR.1 Audit review FAU_SAR.3 Selectable audit review FAU_STG.1 Protected audit trail storage FAU_STG.4 Prevention of audit data loss FMT_MOF.1 (1) Management of security functions behaviour (1) FMT_MOF.1 (2) Management of security functions behaviour (2) FMT_SMR.1 Security roles FMT_SMR.1.1 FMT_SMR FIA_ATD.1 User attribute definition FIA_ATD.1.1 The TSF shall maintain the role [authorized administrator]. The TSF shall be able to associate users with the authorized administrator role. The TSF shall maintain the following list of security attributes belonging to individual users: [ a) identity; b) association of a human user with the authorized administrator role; c) hashed value of password d) login specific data] FIA_UID.2 User identification before any action FIA_UID.2.1 The TSF shall require each user to identify itself before allowing any other TSF-mediated actions on behalf of that user FIA_AFL.1 Authentication failure handling FIA_AFL.1.1 FIA_AFL.1.2 The TSF shall detect when [a non-zero number determined by the authorized administrator] of unsuccessful authentication attempts occur related to [authorized TOE administrator access or authorized TOE IT entity access]. When the defined number of unsuccessful authentication attempts has been met or surpassed, the TSF shall [prevent the offending user from successfully authenticating until an authorized administrator takes some action to make authentication possible for the user in question] FIA_UAU.5 Multiple authentication mechanisms FIA_UAU.5.1 The TSF shall provide [password and single-use authentication mechanisms] to support user authentication. McAfee Inc. Page 23 of 60
24 FIA_UAU.5.2 The TSF shall authenticate any user's claimed identity according to the [following multiple authentication mechanism rules: a) single-use authentication mechanism shall be used for authorized administrators to access the TOE remotely such that successful authentication must be achieved before allowing any other TSFmediated actions on behalf of that authorized administrator; b) single-use authentication mechanism shall be used for authorized external IT entities accessing the TOE such that successful authentication must be achieved before allowing any other TSFmediated actions on behalf of that authorized external IT entity; c) single-use authentication mechanism shall be used for human users sending or receiving information through the TOE using HTTP, HTTPS, FTP or Telnet such that successful authentication must be achieved before allowing any other TSF-mediated actions on behalf of that human user; d) reusable password mechanism shall be used for authorized administrators to access the TOE via a directly connected terminal such that successful authentication must be achieved before allowing any other TSF-mediated actions on behalf of that authorized administrator]. Application Notes: 1. In the above list a) refers to remote administration, b) relates to VPN, c) relates to proxy users, and d) relates to local console access. 2. Under item c) it should be noted that the requirement for FTP, HTTP and HTTPS authentication is a configurable option in the TOE. This also applies to item c) under FIA_UAU The single-use authentication mechanism is provided in conjunction with the following requirement, FIA_UAU.8, which invokes a single-use authentication mechanism from the TOE operating environment. This approach is consistent with the industry view that a firewall supplier should not mandate selection of a single (possibly weak) single-use authentication product, but should allow choice of state of the art products from a range of third party vendors. The "directly connected terminal" for authorized administrator access is provided by an administration workstation connected to the TOE via a protected local area network FIA_UAU.8 (X) Invocation of authentication mechanism FIA_UAU.8.1 (X) The TSF shall invoke the external single-use authentication server to authenticate a user s claimed identity according to [the following rules: a) single-use authentication mechanism shall be used for authorized administrators to access the TOE remotely such that successful authentication must be achieved before allowing any other TSF-mediated actions on behalf of that authorized administrator; b) single-use authentication mechanism shall be used for authorized external IT entities accessing the TOE such that successful authentication must be achieved before allowing any McAfee Inc. Page 24 of 60
McAfee Firewall Enterprise v8.2.0 and McAfee Firewall Enterprise Control Center v5.2.0 Security Target
v8.2.0 and McAfee Firewall Enterprise Control Center v5.2.0 10 January 2012 Version 1.1 Prepared By: Primasec Ltd For McAfee Inc 2340 Energy Park Drive St. Paul, MN 55108 USA Contents 1 Introduction...
More informationU.S. Government Protection Profile for Application-level Firewall In Basic Robustness Environments
U.S. Government Protection Profile for Application-level Firewall In Basic Robustness Environments Information Assurance Directorate Version 1.1 July 25, 2007 Forward This Protection Profile US Government
More informationMcAfee Web Gateway Version 7.0.1.1 EAL 2 + ALC_FLR.2 Security Target
McAfee Web Gateway Version 7.0.1.1 EAL 2 + ALC_FLR.2 Security Target Release Date: September 2010 Document ID: Version: Draft J Prepared By: Primasec Ltd. Prepared For: McAfee Inc. 3965 Freedom Circle
More informationMcAfee Web Gateway Version 7.2.0.1 EAL 2 + ALC_FLR.2 Security Target
McAfee Web Gateway Version 7.2.0.1 EAL 2 + ALC_FLR.2 Release Date: 5 October 2012 Version: 1.0 Prepared By: Primasec Ltd. Prepared For: McAfee Inc. 3965 Freedom Circle Santa Clara, CA 95054 Document Introduction
More informationCisco 800, 1900, 2900, 3900 Series Integrated Service Routers (ISR) Security Target
Cisco 800, 1900, 2900, 3900 Series Integrated Service Routers (ISR) Security Target Revision 1.0 August 2011 1 Table of Contents 1 SECURITY TARGET INTRODUCTION... 6 1.1 ST and TOE Reference... 6 1.2 Acronyms
More informationDataPower XS40 XML Security Gateway and DataPower XI50 Integration Appliance Version 3.6. Security Target Version 0.75
DataPower S40 ML Security Gateway and DataPower I50 Integration Appliance Version 3.6 Security Target Version 0.75 10/09/2008 Prepared for: IBM SOA Appliance Group One Rogers St Cambridge, MA 02142 Prepared
More informationFirewall Protection Profile
samhällsskydd och beredskap 1 (38) ROS-ISÄK Ronny Janse 010-2404426 ronny.janse@msb.se Firewall Protection Profile samhällsskydd och beredskap 2 (38) Innehållsförteckning 1. Introduction... 4 1.1 PP reference...
More informationMcAfee Firewall Enterprise
122-B CERTIFICATION REPORT No. CRP261 McAfee Firewall Enterprise Version 7.0.1.02HW02 running on S1104, FW-410F, FW-510F, FW-1100F, FW-2100F, FW-2150F, FW-4150F, FW-2150F-VX04, and RM700F; also VMware
More informationMicrosoft Forefront UAG 2010 Common Criteria Evaluation Security Target Microsoft Forefront Unified Access Gateway Team
Microsoft Forefront UAG 2010 Common Criteria Evaluation Security Target Microsoft Forefront Unified Access Gateway Team Author: Microsoft Corp. Version: 1.0 Last Saved: 2011-03-10 File Name: MS_UAG_ST_1.0.docx
More informationSecurity Target. Symantec TM Network Access Control Version 12.1.2. Document Version 0.12. February 14, 2013
Security Target Symantec TM Network Access Control Version 12.1.2 Document Version 0.12 February 14, 2013 Document Version 0.12 Symantec Page 1 of 39 Prepared For: Prepared By: Symantec Corporation 350
More informationMobile Billing System Security Target
Mobile Billing System Security Target Common Criteria: EAL1 Version 1.2 25 MAY 11 Document management Document identification Document ID Document title Product version IDV_EAL1_ASE IDOTTV Mobile Billing
More informationSECURITY TARGET FOR FORTIANALYZER V4.0 MR3 CENTRALIZED REPORTING
SECURITY TARGET FOR FORTIANALYZER V4.0 MR3 CENTRALIZED REPORTING Document No. 1735-005-D0001 Version: 1.0, 3 June 2014 Prepared for: Fortinet, Incorporated 326 Moodie Drive Ottawa, Ontario Canada, K2H
More informationSecurity Target for Cisco Remote Access VPN
Security Target for Cisco Remote Access VPN Reference: ST 16 May 2007 Version 1.17 CISCO Systems Inc. 170 West Tasman Drive San Jose CA 95124-1706 USA Copyright: 2007 Cisco Systems, Inc. Table of Contents
More informationEAL4+ Security Target
EAL4+ Security Target Common Criteria: EAL4 augmented with ALC_FLR.3 Version 1.0 21-DEC-10 Document management Document identification Document ID Document title Release authority E14_EAL4_ASE Microsoft
More informationEnterasys Networks, Inc. Netsight/Network Access Control v3.2.2. Security Target
Enterasys Networks, Inc. Netsight/Network Access Control v3.2.2 Security Target Evaluation Assurance Level: EAL2+ Document Version: 0.7 Prepared for: Prepared by: Enterasys Networks, Inc. Corsec Security,
More informationSecurity Target. Astaro Security Gateway V8 Packet Filter Version 1.000. Assurance Level EAL4+ Common Criteria v3.1
Astaro Security Gateway V8 Packet Filter Version 1.000 Assurance Level EAL4+ Common Criteria v3.1 This Security Target also covers the secunet wall 2 packet filter Version : 1.03 Date: 2011-05-20 Author:
More informationAppGate Security Server, Version 8.0.4. Security Target. Document Version: 2.9 Date: 2008-04-10
AppGate Security Server, Version 8.0.4 Security Target Document Version: 2.9 Date: 2008-04-10 Contents 1 INTRODUCTION...6 1.1 ST Identification...6 1.2 ST Overview...6 1.3 CC Conformance Claim...6 1.4
More informationSecurity Target. NetIQ Access Manager 4.0. Document Version 1.13. August 7, 2014. Security Target: NetIQ Access Manager 4.0
Security Target NetIQ Access Manager 4.0 Document Version 1.13 August 7, 2014 Document Version 1.13 NetIQ Page 1 of 36 Prepared For: Prepared By: NetIQ, Inc. 1233 West Loop South Suite 810 Houston, TX
More informationSecurity Target. Security Target SQL Server 2008 Team. Author: Roger French Version: 1.04 Date: 2011-09-26
SQL Server 2008 Team Author: Roger French Version: 1.04 Date: 2011-09-26 Abstract This document is the (ST) for the Common Criteria certification of the database engine of Microsoft SQL Server 2008 R2.
More informationSecurity Target: Symantec Endpoint Protection Version 11.0
Security Target: Symantec Endpoint Protection Version 11.0 ST Version 1.6 June 2, 2008 Document Version 1.6 Symantec Corporation Page 1 of 68 Prepared For: Prepared By: Symantec Corporation 20330 Stevens
More informationSecurity Target. McAfee Enterprise Mobility Management 9.7. Document Version 0.9. July 5, 2012
Security Target McAfee Enterprise Mobility Management 9.7 Document Version 0.9 July 5, 2012 Document Version 0.9 McAfee Page 1 of 39 Prepared For: Prepared By: McAfee, Inc. 2821 Mission College Blvd. Santa
More informationFirewall Protection Profile V2.0 2008. 4. 24
Firewall Protection Profile V2.0 2008. 4. 24 (This page left blank on purpose for double-side printing) Protection Profile Title Firewall Protection Profile for Government Evaluation Criteria Version This
More informationWindows Mobile 6.5 Security Target
EAL4 augmented with ALC_FLR.1 Version 1.0 January 2010 The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication.
More informationTrust Technology Assessment Program. Validation Report
Trust Technology Assessment Program Validation Report U.S. Government Traffic Filter Firewall Protection Profile for Low-Risk Environments version 1.1 TTAP Report Number: TTAP-VR-0007 June, 1999 Mutual
More informationARKOON FAST Firewall v3.0 SECURITY TARGET
Version Date October 28, 2004 Version 2.7p Ref. AKV3-CRT-EAL2-ST ARKOON FAST Firewall v3.0 SECURITY TARGET 20 Prepared for 40 ARKOON Network Security 13A avenue Victor HUGO F-69160 Tassin La Demi-Lune
More informationCitrix Systems, Inc. NetScaler Platinum Edition Load Balancer Version 9.1 Security Target
Citrix Systems, Inc. NetScaler Platinum Edition Load Balancer Version 9.1 Security Target Evaluation Assurance Level: EAL2 augmented with ALC_FLR.2 Document Version: 1 Prepared for: Prepared by: Citrix
More informationSecurity Target for Cisco Secure PIX Firewall 515, 520, 525 Version 5.2(3)
Security Target for Cisco Secure PIX Firewall 515, 520, 525 Version 5.2(3) Reference: ST January 2001 Version: 1.6 Europe: USA: CISCO Systems Ltd CISCO Systems Inc. 3 The Square 170 West Tasman Drive Stockley
More informationEPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION
COMMON CRITERIA PROTECTION PROFILE EPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION Draft Version 1.0 TURKISH STANDARDS INSTITUTION TABLE OF CONTENTS Common Criteria Protection Profile...
More informationMarimba Client and Server Management from BMC Software Release 6.0.3
Marimba Client and Server Management from BMC Software Release 6.0.3 Version 2.3.0 4 June, 2007 Prepared by: BMC Software, Inc. 2101 City West Blvd. Houston, Texas 77042 TABLE OF CONTENTS 1. Introduction...
More informationIMPP. Identity Management Protection Profile BSI-PP-0024
Identity Management Protection Profile IMPP BSI-PP-0024 Version Number 1.17 Date: January 12, 2006 Status: Final Author: David Ochel Owner: Brian Matthiesen Note: This document will become a public document
More informationSecurity Target for the Fortinet FortiGate -200B and 620B Unified Threat Management Solution and FortiOS 4.0 CC Compliant Firmware: EAL4+
Security Target for the Fortinet FortiGate -200B and 620B Unified Threat Management Solution and FortiOS 4.0 CC Compliant Firmware: EAL4+ EWA Document No. 1708-001-D002 Fortinet Document No. ST0007 Version
More informationNetwork Intrusion Prevention System Protection Profile V1.1
Network Intrusion Prevention System Protection Profile V1.1 December 21, 2005 (This page left blank on purpose for double-side printing) Protection Profile Title Network Intrusion Prevention System Protection
More informationSecurity Target for Cisco Firewall Services Module (FWSM)
Security Target for Cisco Firewall Services Module (FWSM) April 2007 This document includes the following sections: Security Target Introduction, page 1 TOE Description, page 3 TOE Security Environment,
More informationNational Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report
National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme Validation Report TM HP Network Node Management Advanced Edition Software V7.51 with patch PHSS_35278 Report
More informationAustralasian Information Security Evaluation Program
Australasian Information Security Evaluation Program Certification Report Certificate Number: 2010/66 10 Mar 2010 Version 1.0 Commonwealth of Australia 2010. Reproduction is authorised provided that the
More informationNatek Network Access Control (NAC)
Natek Network Access Control (NAC) V 5.4.2 Security Target Release Date: 28.08.2014 Version 1.13 AUTHOR: NATEK BİLİŞİM BİLGİSAYAR EĞİTİM DANIŞMANLIK YAZILIM TİCARET SANAYİ ANONİM ŞİRKETİ 1 Revision History
More informationCommon Criteria Security Target For XenApp 6.0 for Windows Server 2008 R2 Platinum Edition
Common Criteria Security Target For XenApp 6.0 for Windows Server 2008 R2 Platinum Edition Version 1-0 7 February 2011 2011 Citrix Systems, Inc. All rights reserved. Summary of Amendments Version 1-0 7
More informationSecurity Target. McAfee Data Loss Prevention Endpoint 9.4 and epolicy Orchestrator 5.1.3. Document Version 1.0
Security Target McAfee Data Loss Prevention Endpoint 9.4 and epolicy Orchestrator 5.1.3 Document Version 1.0 November 24, 2015 Prepared For: Prepared By: Intel Corporation. 2821 Mission College Blvd. Santa
More informationHP StoreOnce Backup System Generation 3 Version 3.6.6 Security Target
HP StoreOnce Backup System Generation 3 Version 3.6.6 Security Target Version 1.0 February 12, 2014 Prepared for: Hewlett-Packard Long Down Avenue Stoke Gifford Bristol BS34 8QZ UK Prepared By: Leidos
More informationSecurity Target SQL Server 2012 Team
Microsoft SQL Server 2012 Database Engine Common Criteria Evaluation (EAL2) Security Target SQL Server 2012 Team Author: Version: 1.2 Roger French (Microsoft Corporation) Date: 2012-08-07 Abstract This
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationHow To Evaluate Watchguard And Fireware V11.5.1
Certification Report EAL 4+ Evaluation of WatchGuard and Fireware XTM Operating System v11.5.1 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation
More informationAuthor: Roger French Version: 1.2 Date: 2009-01-23
Security Target SQL Server 2008 Team Author: Roger French Version: 1.2 Date: 2009-01-23 Abstract This document is the Security Target (ST) for the Common Criteria certification of the database engine of
More informationSecurity Target for BorderWare Firewall Server 6.5
Security Target for BorderWare Firewall Server 6.5 Reference: ST January 2002 Version : 2.4 North America: Europe: 50 Burnhamthorpe Rd. W. 1 The Harlequin Centre Suite 502 Southall Lane Mississauga Southall
More informationRSA, The Security Division of EMC RSA Data Loss Prevention Suite v6.5. Security Target
RSA, The Security Division of EMC RSA Data Loss Prevention Suite v6.5 Security Target Evaluation Assurance Level: EAL2 Augmented with ALC_FLR.1 Document Version: 0.7 Prepared for: Prepared by: RSA, The
More informationGuardianEdge Data Protection Framework 9.0.1 with GuardianEdge Hard Disk Encryption 9.0.1 and GuardianEdge Removable Storage Encryption 3.0.
GuardianEdge Data Protection Framework 9.0.1 with GuardianEdge Hard Disk Encryption 9.0.1 and GuardianEdge Removable Storage Encryption 3.0.1 Security Target Version 2.01 Common Criteria EAL4 augmented
More informationEMC Corporation Data Domain Operating System Version 5.2.1.0. Security Target. Evaluation Assurance Level (EAL): EAL2+ Document Version: 0.
EMC Corporation Data Domain Operating System Version 5.2.1.0 Security Target Evaluation Assurance Level (EAL): EAL2+ Document Version: 0.11 Prepared for: Prepared by: EMC Corporation 176 South Street Hopkinton,
More informationJMCS Northern Light Video Conferencing System Security Target
JMCS Northern Light Video Conferencing System Security Target Common Criteria: EAL2 Version 1.2 22 FEB 12 Document management Document identification Document ID Document title Product version NLVC_ST_EAL2
More informationSecurity Target. McAfee VirusScan Enterprise 8.8 and epolicy Orchestrator 4.5. Document Version 1.3. October 12, 2011
Security Target McAfee VirusScan Enterprise 8.8 and epolicy Orchestrator 4.5 Document Version 1.3 October 12, 2011 Document Version 1.3 McAfee Page 1 of 69 Prepared For: Prepared By: McAfee, Inc. 2821
More informationIronMail Secure Email Gateway Software Version 4.0.0 Security Target April 27, 2006 Document No. CipherTrust E2-IM4.0.0
IronMail Secure Email Gateway Software Version 4.0.0 Security Target April 27, 2006 Document No. CipherTrust E2-IM4.0.0 CipherTrust 4800 North Point Parkway Suite 400 Alpharetta, GA 30022 Phone: 678-969-9399
More informationEMC Documentum. EMC Documentum Content Server TM V5.3. and EMC Documentum Administrator TM V5.3. Security Target V2.0
EMC Documentum EMC Documentum Content Server TM V5.3 and EMC Documentum Administrator TM V5.3 Security Target V2.0 December 8, 2005 ST prepared by Suite 5200, 4925 Jones Branch Drive McLean, VA 22102-3305
More informationTop Layer Networks IPS 5500 E Security Target
Top Layer Networks IPS 5500 E Security Target Version 1.1 April 10, 2009 Prepared For: Top Layer Networks 2400 Computer Drive Westborough, MA 01581 Prepared By: CygnaCom Solutions Security Evaluations
More informationCheck Point Endpoint Security Full Disk Encryption Security Target
Check Point Endpoint Security Full Disk Encryption Security Target ST Version 2.4 June 22, 2009 Prepared for: 5 Ha Solelim St. Tel Aviv, Israel 67897 Prepared by: Metatron Ltd. 66 Yosef St., Modiin, Israel
More informationSecurity Target. McAfee Host Intrusion Prevention 8 and epolicy Orchestrator 4.5. Document Version 1.1. September 9, 2011
Security Target McAfee Host Intrusion Prevention 8 and epolicy Orchestrator 4.5 Document Version 1.1 September 9, 2011 Document Version 1.1 McAfee Page 1 of 61 Prepared For: Prepared By: McAfee, Inc. 2821
More informationOperating System Protection Profile. Common Criteria Protection Profile BSI-CC-PP-0067 Version 2.0
Common Criteria Protection Profile BSI-CC-PP-0067 Version 2.0 Bundesamt für Sicherheit in der Informationstechnik Postfach 20 03 63 53133 Bonn Tel.: +49 22899 9582-111 E-Mail: zertifizierung@bsi.bund.de
More informationSecurity Target Microsoft SQL Server Team
Security Target Microsoft SQL Server Team Author: Roger French Version: 1.27 Date 2008-07-23 File Name: MS_SQL_ST_1.27 Abstract This document is the Security Target (ST) for the Common Criteria evaluation
More informationU.S. Government Protection Profile for Database Management Systems
U.S. Government Protection Profile for Database Management Systems Information Assurance Directorate Version 1.3 December 24, 2010 Protection Profile Title: 1 U.S. Government Protection Profile for Database
More informationNetwork Device Collaborative Protection Profile (NDcPP) Extended Package Session Border Controller. July 24, 2015 Version 1
Network Device Collaborative Protection Profile (NDcPP) Extended Package Session Border Controller July 24, 2015 Version 1 1 Table of Contents 1 Introduction... 4 1.1 Conformance Claims...4 1.2 How to
More informationSenSage, Inc. SenSage 4.6.2. Security Target. Evaluation Assurance Level: EAL2+ Document Version: 1.2
SenSage, Inc. SenSage 4.6.2 Security Target Evaluation Assurance Level: EAL2+ Document Version: 1.2 Prepared for: Prepared by: SenSage, Inc. 55 Hawthorne Street San Francisco, CA 94105 United States of
More informationCryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik
Common Criteria Protection Profile Cryptographic Modules, Security Level Enhanced BSI-CC-PP-0045 Endorsed by the Foreword This Protection Profile - Cryptographic Modules, Security Level Enhanced - is issued
More informationTop Layer Networks. Security Target V2.3
Top Layer Networks IDS Balancer TM Version 2.2 Appliance (IDSB3531-CCV1.0, IDSB3532-CCV1.0, IDSB4508-CCV1.0) Security Target V2.3 August 31, 2004 AppBalancing, AppSafe, DCFD, Flow Mirror, SecureWatch,
More informationCheck Point Endpoint Security Media Encryption Security Target
Check Point Endpoint Security Media Encryption Security Target Version 1.0 June 23, 2010 Prepared for: 5 Ha Solelim St. Tel Aviv, Israel 67897 Prepared By: Science Applications International Corporation
More informationCertification Report - Firewall Protection Profile and Firewall Protection Profile Extended Package: NAT
Template: CSEC_mall_doc.dot, 7.0 Ärendetyp: 6 Diarienummer: 14FMV10188-21:1 Dokument ID CB-015 HEMLIG/ enligt Offentlighets- och sekretesslagen (2009:400) 2015-06-12 Country of origin: Sweden Försvarets
More informationTrustwave Secure Web Gateway Security Target
Trustwave Secure Web Gateway Security Target Version 1.5 September 18, 2013 Trustwave 70 West Madison Street Suite 1050 Chicago, IL 60602 Prepared By: Common Criteria Consulting LLC 15804 Laughlin Lane
More informationHow To Protect Your Computer From Being Hacked
Senforce Endpoint Security Suite Version 3.1.175 Security Target Version 1.0 06/19/07 Prepared for: Senforce Technologies, Inc. 147 W Election Rd Ste 110 Draper UT 84020 Prepared By: Science Applications
More informationTeradata Database Version 2 Release 6.1.0 (V2R6.1.0) Security Target
Teradata Database Version 2 Release 6.1.0 (V2R6.1.0) Security Target Version 2.0 February 2007 TRP Number: 541-0006458 NCR, Teradata and BYNET are registered trademarks of NCR Corporation. Microsoft, Windows,
More informationCisco Adaptive Security Appliances (ASA) Firewall and Virtual Private Network (VPN) Platform Security Target
Cisco Adaptive Security Appliances (ASA) Firewall and Virtual Private Network (VPN) Platform Security Target This document provides the basis for an evaluation of a specific Target of Evaluation (TOE).
More informationProtection Profile for Portable Storage Media (PSMPP) Common Criteria Protection Profile BSI-CC-PP-0081-2012 Version 1.0
Protection Profile for Portable Storage Media (PSMPP) Common Criteria Protection Profile BSI-CC-PP-0081-2012 Version 1.0 German Federal Office for Information Security PO Box 20 03 63 D-53133 Bonn Tel.:
More informationSecurity Target. McAfee Enterprise Mobility Management 12.0. Document Version 1.16
Security Target McAfee Enterprise Mobility Management 12.0 Document Version 1.16 September 17, 2014 Prepared For: Prepared By: McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 Primasec Ltd
More informationSecurity Target for Citrix Presentation Server 4.0 For Windows
Security Target for Citrix Presentation Server 4.0 For Windows Reference: ST/T488 July 2005 Version: 1.0 This document has been prepared on behalf of: Prepared by: Citrix Systems, Inc BT 851 West Cypress
More informationU. S. Government Protection Profile Anti-Virus Applications for Workstations In Basic Robustness Environments, Version 1.0
National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme Common Criteria Evaluation and Validation Scheme Validation Report U. S. Government Protection Profile Anti-Virus
More informationCOMMON CRITERIA PROTECTION PROFILE. for SECURE COMMUNICATION MODULE FOR WATER TRACKING SYSTEM (SCM-WTS PP)
COMMON CRITERIA PROTECTION PROFILE for SECURE COMMUNICATION MODULE FOR WATER TRACKING SYSTEM (SCM-WTS PP) Revision No 1.1 Revision Date 11.07.2014 Document Code File Name SCM-WTS PROTECTION PROFILE Prepared
More informationMINISTERIO DE DEFENSA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN
REF: 2010-12-INF-626 V1 Distribution: Public Date: 29.04.2011 Created: CERT3 Reviewed: TECNICO Approved: JEFEAREA CERTIFICATION REPORT FOR EADS GROUND SEGMENT SYSTEMS PROTECTION PROFILE (GSS-PP) ISSUE
More informationCommon Criteria Security Target For NetScaler Platinum Edition Load Balancer Version 10.0
Common Criteria Security Target For NetScaler Platinum Edition Load Balancer Version 10.0 Version 1-1 5 July 2013 2013 Citrix Systems, Inc. All rights reserved. Summary of Amendments Version 1-1 5 July
More informationAustralasian Information Security Evaluation Program
Australasian Information Security Evaluation Program Juniper Networks, Inc. JUNOS 12.1 X46 D20.6 for SRX-Series Platforms Certification Report 2015/90 3 July 2015 Version 1.0 Commonwealth of Australia
More informationProtection Profile for Wireless Local Area Network (WLAN) Access Systems
Protection Profile for Wireless Local Area Network (WLAN) Access Systems Information Assurance Directorate 01 December 2011 Version 1.0 Table of Contents 1 Introduction to the PP... 1 1.1 PP Overview of
More informationHow To Evaluate A Security Target Of Evaluation (Toe)
Security Target McAfee Enterprise Security Manager with Event Receiver, Enterprise Log Manager, Advanced Correlation Engine, Application Data Monitor and Database Event Monitor 9.1 Document Version 1.1
More informationXceedium GateKeeper Version 5.2.1 Security Target
ceedium GateKeeper Version 521 Security Target February 3, 2011 Prepared for: ceedium, Inc 30 Montgomery Street Jersey City, NJ 07302 Prepared By: Science Applications International Corporation Common
More informationSecurity Target: Symantec Mail Security 8300 Series Appliances Version 5.0
Security Target: Symantec Mail Security 8300 Series Appliances Version 5.0 ST Version 1.6 August 20, 2007 Document Version 1.6 Symantec Corporation Page 1 of 55 Prepared For: Prepared By: Symantec Corporation
More informationCertification Report StoneGate FW/VPN 5.2.5
Ärendetyp: 6 Diarienummer: 11FMV3127-87:1 Dokument ID HEMLIG/ enligt Offentlighets- och sekretesslagen (2009:400) 2012-01-23 Country of origin: Sweden Försvarets materielverk Swedish Certification Body
More informationCertification Report
Certification Report EAL 2+ Evaluation of Symantec Endpoint Protection Version 12.1.2 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and
More informationSecurity Target for LANCOM Systems Operating System LCOS 8.70 CC with IPsec VPN
Security Target for LANCOM Systems Operating System LCOS 8.70 CC with IPsec VPN Version 1.15 Release LANCOM Systems GmbH 2013 LANCOM Systems GmbH LANCOM, LANCOM Systems and LCOS are registered trademarks.
More informationCisco Email Security Appliance. Security Target. Version 1.0. October 2014
Cisco Email Security Appliance Security Target Version 1.0 October 2014 Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA 2014 Cisco Systems, Inc. All rights
More informationConsiderations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.
Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet
More informationAustralasian Information Security Evaluation Program
Australasian Information Security Evaluation Program Certification Report Certificate Number: 2010/70 23 November 2010 Version 1.0 Commonwealth of Australia 2010. Reproduction is authorised provided that
More informationChapter 17. Transport-Level Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
More informationSecurity Target: IBM Internet Security Systems GX Series Security Appliances Version 4.1 and SiteProtector Version 2.0 Service Pack 8.
Security Target IBM Internet Security Systems GX Series Security Appliances Version 4.1 and Document Version 0.6 February 27, 2012 Document Version 0.6 IBM Internet Security Systems Page 1 of 55 Prepared
More informationProtection Profile for Server Virtualization
Protection Profile for Server Virtualization 29 October 2014 Version 1.0 i 0 Preface 0.1 Objectives of Document This document presents the Common Criteria (CC) Protection Profile (PP) to express the fundamental
More informationSECURITY TARGET FOR CENTRIFY SUITE VERSION 2013.2
SECURITY TARGET FOR CENTRIFY SUITE VERSION 2013.2 Document No. 1769-000-D0007 Version: v0.89, 12 September 2013 Prepared for: Centrify Corporation 785 N. Mary Avenue, Suite 200 Sunnyvale, California USA,
More informationCommon Criteria Security Target
Common Criteria Security Target for Citrix XenDesktop 5.6 Platinum edition Version 1-1 16 November 2012 2012 Citrix Systems, Inc. All rights reserved Summary of Amendments Version Date Notes 1-1 16 November
More informationMicrosoft Windows Common Criteria Evaluation
Microsoft Windows Common Criteria Evaluation Microsoft Windows 8 Microsoft Windows Server 2012 Document Information Version Number 1.0 Updated On December 19, 2014 Microsoft 2014 Page 1 of 446 This is
More informationCisco Catalyst Switches (3560-X and 3750-X) Security Target
Cisco Catalyst Switches (3560- and 3750-) Security Target Revision 1.0 6 June 2012 1 Table of Contents 1 SECURITY TARGET INTRODUCTION... 6 1.1 ST and TOE Reference... 6 1.2 Acronyms and Abbreviations...
More informationRSA, The Security Division of EMC envision platform v4.0 SP 1. Security Target
RSA, The Security Division of EMC envision platform v4.0 SP 1 Security Target Evaluation Assurance Level: 3+ Document Version: 0.8 Prepared for: Prepared by: RSA, The Security Division of EMC 174 Middlesex
More informationCommon Criteria for Information Technology Security Evaluation Protection Profile. General-Purpose Operating System Protection Profile
Common Criteria for Information Technology Security Evaluation Protection Profile General-Purpose Operating System Protection Profile 09 09 2013 Table of contents Table of Contents 1 INTRODUCTION... 7
More informationgateprotect Firewall Packet-Filtering-Core v10.3 Security Target Version:
Version: Status: Last Update: Classification: 1.0 Release 2013-02-08 public Legal tice This document is provided AS IS with no express or implied warranties. Use the information in this document at your
More informationApplication Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )
Application Note Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder ) This document describes how to configure McAfee Firewall Enterprise to provide
More informationIBM Internet Security Systems GX6116 Security Appliance Version 2.2 and SiteProtector Version 2.0 Service Pack 7.0 with Reporting Module
Security Target IBM Internet Security Systems GX6116 Security Appliance Version 2.2 and SiteProtector Version 2.0 Service Pack 7.0 with Reporting Module Document Version 2.0 July 6, 2011 Document Version
More informationHP TippingPoint Intrusion Prevention Systems Security Target
HP TippingPoint Intrusion Prevention Systems Security Target Version 1.0 July 29, 2011 Prepared for: TippingPoint/Hewlett-Packard Corporation 14231 Tandem Blvd Austin, TX 78728 USA Prepared By: Science
More informationSecurity Target. Symantec Data Loss Prevention 11.1.1. Document Version 1.0. January 23, 2012
Security Target Symantec Data Loss Prevention 11.1.1 Document Version 1.0 January 23, 2012 Document Version 1.0 Symantec Corporation Page 1 of 40 Prepared For: Prepared By: Symantec Corporation 350 Ellis
More informationFirewall Introduction Several Types of Firewall. Cisco PIX Firewall
Firewall Introduction Several Types of Firewall. Cisco PIX Firewall What is a Firewall? Non-computer industries: a wall that controls the spreading of a fire. Networks: a designed device that controls
More information