Low Assurance Protection Profile for a Software Based Personal Firewall for home Internet use



Similar documents
Low Assurance Protection Profile for a VoIP Infrastructure

Low Assurance Security Target for a Cisco VoIP Telephony System

Low Assurance Protection Profile for a VPN gateway

Security Target: Symantec Mail Security 8300 Series Appliances Version 5.0

Security Target for BorderWare Firewall Server 6.5

Firewall Protection Profile V

SECURITY TARGET FOR FORTIANALYZER V4.0 MR3 CENTRALIZED REPORTING

IronMail Secure Gateway Software Version Security Target April 27, 2006 Document No. CipherTrust E2-IM4.0.0

U.S. Government Protection Profile for Application-level Firewall In Basic Robustness Environments

Firewall Protection Profile

Security Target for Cisco Secure PIX Firewall 515, 520, 525 Version 5.2(3)

RSA, The Security Division of EMC RSA Data Loss Prevention Suite v6.5. Security Target

Security Target. Astaro Security Gateway V8 Packet Filter Version Assurance Level EAL4+ Common Criteria v3.1

Mobile Billing System Security Target

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

TRUSTED SECURITY FILTER SECURITY TARGET

EMC Documentum. EMC Documentum Content Server TM V5.3. and EMC Documentum Administrator TM V5.3. Security Target V2.0

Security Target SQL Server 2012 Team

Microsoft Forefront UAG 2010 Common Criteria Evaluation Security Target Microsoft Forefront Unified Access Gateway Team

Natek Network Access Control (NAC)

Symantec Security Information Manager Version 4.8.1

Enterasys Networks, Inc. Netsight/Network Access Control v Security Target

Common Criteria Security Target For 1E Power and Patch Management Pack

Network Intrusion Prevention System Protection Profile V1.1

Océ Technologies B.V. Oce Venlo DAC Security Target 3.0.doc

Security Target. Symantec TM Network Access Control Version Document Version February 14, 2013

National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report

IMPP. Identity Management Protection Profile BSI-PP-0024

Security Target. McAfee Enterprise Mobility Management 9.7. Document Version 0.9. July 5, 2012

Security Target Microsoft SQL Server Team

Korean National Protection Profile for Voice over IP Firewall V1.0 Certification Report

Citrix Systems, Inc. NetScaler Platinum Edition Load Balancer Version 9.1 Security Target

U.S. Government Protection Profile for Database Management Systems

Author: Roger French Version: 1.2 Date:

Trustwave Secure Web Gateway Security Target

EAL4+ Security Target

EMC Corporation Data Domain Operating System Version Security Target. Evaluation Assurance Level (EAL): EAL2+ Document Version: 0.

Trustwave DbProtect Version Security Target

EPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION

Security Target. McAfee Host Intrusion Prevention 8 and epolicy Orchestrator 4.5. Document Version 1.1. September 9, 2011

How To Evaluate A Security Target Of Evaluation (Toe)

Certification Report BSI-DSZ-CC for. Cisco VoIP Telephony Solution. Version 1.0. from. Cisco Systems, Inc.

McAfee Web Gateway Version EAL 2 + ALC_FLR.2 Security Target

isas Security Target Lite EWSE23EN

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Security Target. McAfee Enterprise Mobility Management Document Version 1.16

Marimba Client and Server Management from BMC Software Release 6.0.3

MINISTERIO DE DEFENSA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN

Security Target. Securonix Security Intelligence Platform 4.0. Document Version January 9, 2015

Computer and Network Security Policy

Security Technology: Firewalls and VPNs

Australasian Information Security Evaluation Program

Intrusion, Inc. SecureNet Pro Intrusion Detection System Version 4.1 SP1 Security Target December 20, 2002 Document No.

Computer and Network Security

Security Target. Security Target SQL Server 2008 Team. Author: Roger French Version: 1.04 Date:

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

DataPower XS40 XML Security Gateway and DataPower XI50 Integration Appliance Version 3.6. Security Target Version 0.75

Cryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik

Trust Technology Assessment Program. Validation Report

Intrusion Detection System System Protection Profile

OmniPCX Enterprise Common Criteria Security Target

Protection Profile for UK Dual-Interface Authentication Card

Check Point Endpoint Security Media Encryption Security Target

JMCS Northern Light Video Conferencing System Security Target

Wyse Technology Inc. Wyse Device Manager Enterprise Edition Version Security Target

McAfee Web Gateway Version EAL 2 + ALC_FLR.2 Security Target

National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report

Network Device Collaborative Protection Profile (NDcPP) Extended Package Session Border Controller. July 24, 2015 Version 1

SenSage, Inc. SenSage Security Target. Evaluation Assurance Level: EAL2+ Document Version: 1.2

AppGate Security Server, Version Security Target. Document Version: 2.9 Date:

Teradata Database Version 2 Release (V2R6.1.0) Security Target

Security Target for Cisco Remote Access VPN

Determine if the expectations/goals/strategies of the firewall have been identified and are sound.

C038 Certification Report

SolarWinds Log and Event Manager Software Security Target

RSA, The Security Division of EMC envision platform v4.0 SP 1. Security Target

Supporting Document Mandatory Technical Document. Evaluation Activities for Stateful Traffic Filter Firewalls cpp. February Version 1.

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

UK IT SECURITY EVALUATION AND CERTIFICATION SCHEME

Multi-Functional Printer (Digital Copier) 7222/7322/7228/7235 Series Security Target Version 10

Security Target: Symantec Endpoint Protection Version 11.0

Protection Profile for Portable Storage Media (PSMPP) Common Criteria Protection Profile BSI-CC-PP Version 1.0

How To Protect Your Computer From Being Hacked

Secuware Virtual System (SVS)

IBM WebSphere Message Broker Security Target

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

BMC ProactiveNet Performance Management 9.5. Security Target

SECURITY TARGET CITADEL HERCULES ENTERPRISE VULNERABILITY MANAGEMENT (EVM) VERSION 4.1

Secondary DMZ: DMZ (2)

Security Requirement of Mobile Application Based Mobile Payment System

Blue Coat Systems, Inc. ProxySG v running on SG510, SG810, and SG8100. Security Target

Network Security: From Firewalls to Internet Critters Some Issues for Discussion

HP IMC Firewall Manager

Security Target. NetIQ Access Manager 4.0. Document Version August 7, Security Target: NetIQ Access Manager 4.0

School of Information Science (IS 2935 Introduction to Computer Security, 2003)

Operating System Protection Profile. Common Criteria Protection Profile BSI-CC-PP-0067 Version 2.0

Certification Report - Firewall Protection Profile and Firewall Protection Profile Extended Package: NAT

COMMON CRITERIA PROTECTION PROFILE. for SECURE COMMUNICATION MODULE FOR WATER TRACKING SYSTEM (SCM-WTS PP)

Common Criteria for Information Technology Security Evaluation. Part 2: Security functional components. September Version 3.

Transcription:

TNO report PP-Software Based Personal Firewall-1.2 Low Assurance Protection Profile for a Software Based Personal Firewall for home Internet use Version 1.2 Date 6 th April 2005 Author(s) Rob Hunter Dirk-Jan Out Certification ID Sponsor File name No of pages 12 TNO-ITSEF BV Software Based Personal Firewall Low Assurance Protection Profile 1.2.doc 2005 TNO-ITSEF BV FINAL

PP-Software Based Personal Firewall-1.2 (Distribution) 2 of 12 Document information Date of issue 6 th April 2005 Author(s) Rob Hunter Dirk-Jan Out Version number report 1.2 Certification ID Scheme BSI Sponsor TNO-ITSEF BV Delftechpark 1 Sponsor address 2628XJ Delft The Netherlands Evaluation Lab SRC Graurheindorferstrasse 149a Evaluation Lab address D-53117 Bonn Germany Project leader Rob Hunter Target of Evaluation (TOE) Software Based Personal Firewall TOE reference name Software Based Personal Firewall CC-EAL number 1 Classification Final Low Assurance Protection Profile for a Report title Software Based Personal Firewall for home Internet use Report reference name PP-Software Based Personal Firewall- 1.2 Document history Version Date Comment 0.1 7-04-04 Initial version 0.2 28-04-04 Review comments included 0.3 29-04-04 Second review round comments included 0.4 6-07-04 Comments from BSI included 1.0 3-09-04 Evaluation comments from SRC included 1.1 4-09-04 Lapp number changed from 2 to 3 1.2 6-04-05 Incorporation of Raised Interpretations, added certification ID

PP-Software Based Personal Firewall-1.2 (Distribution) 3 of 12 1. PP Introduction 1.1 PP Reference This is the Low Assurance Protection Profile for a Software Based Personal Firewall for home Internet use 1.2, TNO-ITSEF BV, 6 th April 2005 1.2 TOE overview The TOE is a software-based firewall, as is typically used in a typical home computing network environment to protect a personal computer that is connected to the Internet. The diagram below shows where the TOE can be placed in its environment: the TOE can operate as an application (from the home users point of view) or as part of the OS (from the computer applications point of view) and may also operate at both levels. Applications TOE TOE Operating System Hardware Network Card or Modem

PP-Software Based Personal Firewall-1.2 (Distribution) 4 of 12 The TOE is used to regulate the flow of network traffic to and from the environment in which it is installed. As the TOE is connected to the Internet, the types of traffic that is regulated are: outgoing traffic: data that flows from the computing environment to the Internet incoming traffic: data that flows from the Internet to the computing environment. The TOE intercepts, respectively, incoming and outgoing traffic that attempts to enter and exit the computing environment and applies a set of rules that define under which conditions network traffic is either allowed to proceed or is discarded. The TOE may warn the user of the home PC when certain violations of the rules governing network traffic to and from the TOE occurs. A warning could relate to: A single violation of the rules, for example, an application attempts to make a outbound connection during installation in order to send customer information to a remote site A combination of violations of the rules, for example, a hacker runs a port scan on the computer in order to identify possible attack entry points. The TOE also keeps an event log of violations. The TOE is not a stand-alone device, and requires a supporting computing platform with at least one network interface.

PP-Software Based Personal Firewall-1.2 (Distribution) 5 of 12 2. Conformance claims 2.1 Conformance claim This Protection Profile: claims conformance to CC version 2.4 release 256 and v2.4draft Interpretation 1 #1-#17 is CC Part 2 conformant and CC Part 3 conformant. does not claim conformance to any other PP. is EAL 1 conformant 2.2 Conformance claim rationale PP-related conformance claim rationale This PP does not claim conformance to another PP, so there is no rationale related to this. Package-related conformance claim rationale This PP is EAL1 conformant. The EAL1 package contains no uncompleted operations. As no SARs were added to EAL1, the SARs in this PP are consistent with EAL1. 2.3 Conformance statement Security targets or other PPs wishing to claim conformance to this PP can do so as strict-pp-conformance. Demonstrable-PP-conformance is not allowed for this PP. 1 V2.4 Draft Interpretation #n are interpretations that are made during the v2.4 Trial Period. They address problems with CC v2.4 as they occur.

PP-Software Based Personal Firewall-1.2 (Distribution) 6 of 12 3. Security Requirements 3.1 Extended components definition As this PP does not contain extended security requirements, there are no extended components. 3.2 Definition of subjects, information, operations and objectives for the environment This section is added to define the terms that are used in the SFRs. 3.2.1 Subjects The following diagram indicates the subjects as seen from the perspective of the TOE. S.USER (Home user) S.USER (Applications) TOE TOE Operating System Hardware Network Card or Modem S.OUTSIDE S.USER A person or entity that uses the TOE. S.OUTSIDE Any entity on the Internet side of the TOE. All subjects have a single security attribute, which is identical to its name.

PP-Software Based Personal Firewall-1.2 (Distribution) 7 of 12 3.2.2 Objects D.RULE_SET Object containing TSF data that defines how the firewall handles incoming and outgoing data. D.INBOUND_TRAFFIC D.OUTBOUND_TRAFFIC User data that enters the TOE from S.OUTSIDE. This object has the following security attributes: Source Address, Destination Address, Source Port, Destination Port, Packet type. User data that leaves the TOE to S.OUTSIDE. This object has the following security attributes: Source Address, Destination Address, Source Port, Destination Port, Packet type. 3.2.3 Operations The operations that are performed by the TOE are (in alphabetical order): R.ENTER R.EXIT The TSF allows D.INBOUND_TRAFFIC to enter the TOE. The TSF allows D.OUTBOUND_TRAFFIC to leave the TOE.

PP-Software Based Personal Firewall-1.2 (Distribution) 8 of 12 4. Security Objectives for the Operational Environment The operational environment of the TOE shall conform to the following objectives: OE.USER OE.ENVIRONMENT OE.HOME 2 S.USER shall keep the computing environment on which the TOE installed integer. To this end he shall: Install anti-virus software and ensure it is kept upto-date. Update his entire computing environment with the latest patches and updates for this environment Use his judgment when downloading and running executable content such as programs, scripts and macros etc in order to prevent attacks on the integrity of the computing environment. The computing environment on which the TOE is installed shall communicate with S.OUTSIDE only through the TOE. The operational environment of the TOE shall be a general home-type environment. This means low physical security measures. 2 Application Note: The goal of this security objective is to ensure that any PP or ST claiming compliance to this PP cannot add objectives for the operational environment that are inconsistent with this objective, such as The TOE shall be guarded for 24 hours a day.

PP-Software Based Personal Firewall-1.2 (Distribution) 9 of 12 5. SFRs The SFRs in this PP can be divided into three groups according to the three main functionalities: filtering management logging and auditing 5.1 SFRs for filtering FDP_ACC.1 Subset access control FDP_ACC.1.1 The TSF shall enforce the FIREWALL_POLICY 3 on: D.INBOUND_TRAFFIC, D.OUTBOUND_TRAFFIC. FDP_ACF.1 Security attribute based access control 4 FDP_ACF.1.1 The TSF shall enforce the FIREWALL_POLICY to objects based on: Source address, Destination address, Source port, Destination port, Packet type. FDP_ACF.1.2 5, 6 The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed: The TOE performs R.ENTER on D.INBOUND_TRAFFIC if Destination Port(D.INBOUND_TRAFFIC) and Source Address(D.INBOUND_TRAFFIC) and 3 The firewall policy consists of the elements FDP_ACF.1.1 and FDP_ACF.1.2 4 The third and fourth element were empty and therefore refined away. 5 In the rule definition, the words matches a rule defined is used to indicate that the S.USER has created a rule that tells the TSF how to handle the network traffic when a particular condition is met. 6 This SFR presents a logical view on D.RULE_SET: D.RULE_SET is the set of all that is allowed. Developers typically implement D.RULE_SET with ALLOW and DENY rules or a combination of both. However, logically, DENY rules are excluded from the set of permitted traffic operations and are therefore not permitted to pass through the TSF.

PP-Software Based Personal Firewall-1.2 (Distribution) 10 of 12 Packet Type(D.INBOUND_TRAFFIC) matches a rule defined in D.RULE_SET. The TOE performs R.EXIT on D.OUTBOUND_TRAFFIC if Source Port(D.OUTBOUND_TRAFFIC) and Destination Address(D.OUTBOUND_TRAFFIC) and Packet Type(D.OUTBOUND_TRAFFIC) matches a rule defined in D.RULE_SET. 5.2 SFRs for management FMT_MTD.1 Management of TSF data FMT_MTD.1.1. The TSF shall restrict the ability to modify the D.RULE_SET and the rules for FAU_SAA to S.USER. FMT_MTD.3 Secure TSF data FMT_MTD.3.1. The TSF shall ensure that D.RULE_SET has no rules for D.INBOUND traffic on installation. 7, FMT_SMR.1 Security roles FMT_SMR.1.1 The TSF shall maintain the roles: S.USER, S.OUTSIDE. FMT_SMR.1.2 The TSF shall be able to associate the users with roles by the interface they use to communicate with the TOE 8. 7 This requirement was refined to show that it only applies to the TSF data D.RULESET and not to the TSF data rules for FAU_SAA. It was also refined to show that it also applies only directly after installation. The reason for this is that recent research has shown that unprotected PCs survive only a few minutes on the Internet. Therefore the firewall (and the platform) needs to be protected against these attacks immediately. S.USER can then customise the firewall rules and alarms as he wishes, but he is still protected while doing so. FMT_MTD.3 will allow S.USER to configure the TOE to modes generally considered to be unsafe (e.g. allow everything and report nothing). This is covered by the AGD_ADM.1 component in EAL1. The administrator guidance will tell S.USER what the consequences of his modifications are and what modifications he should / should not make.

PP-Software Based Personal Firewall-1.2 (Distribution) 11 of 12 5.3 SFRs for logging and auditing FAU_GEN.1 Audit data generation FAU_GEN.1.1 The TSF shall be able to generate an audit record of the following auditable events: a) Start-up and shutdown of the audit functions b) - 9 c) All attempted violations of FDP_ACF.1 FAU_GEN.1.2 The TSF shall record within each audit record at least the following information: a) Date and time of the event 10, type of event, subject identity, and the outcome (success or failure) of the event; and b) For each audit event type, based on the auditable event definitions of the functional components included in the PP/ST, the following information will be recorded: Source address, Destination address, Source port, Destination port, Packet type. FAU_SAA.1 Potential violation analysis FAU_SAA.1.1 FAU_SAA.1.2 The TSF shall be able to apply a set of rules in monitoring the audited events and based upon these rules indicate a potential violation of the TSP The TSF shall enforce the following rules for monitoring audited events: Accumulation or combination of [assignment: user definable subset of auditable events 11 ] known to indicate a potential security violation; 8 Typically S.USER will be associated with some sort of application or management interface, while S.OUTSIDE will use the network interface. Because of this requirement, FIA_UID has not been included. 9 This element was first completed with not specified and subsequently refined away (editorial refinement). 10 The TSF will obtain time-stamp information from the OS. This time information is not trusted since it is easy to modify on many computing environments.

PP-Software Based Personal Firewall-1.2 (Distribution) 12 of 12 FAU_ARP.1 Security alarms [assignment: any other rules]. FAU_ARP.1.1 The TSF shall 12 warn S.USER upon detection of a potential security violation as indicated by FAU_SAA.1 13. 5.4 SARs The SARs for this PP are the package EAL 1. 11 This requirement has been refined to show that the list is not static, but can be set by S.USER. 12 Editorial refinement for readability 13 This refinement shows the relation between FAU_SAA and FAU_ARP in this PP.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information