UK IT SECURITY EVALUATION AND CERTIFICATION SCHEME

UK IT SECURITY EVALUATION AND CERTIFICATION SCHEME 122-B CERTIFICATION REPORT No. P149 CHECK POINT VPN-1/FIREWALL-1 Issue 1.0 January 2001 Crown Copyright 2001 Reproduction is authorised provided the report is copied in its entirety UK IT Security Evaluation and Certification Scheme Certification Body, PO Box 152 Cheltenham, Glos GL52 5UF United Kingdom

E3 Check Point VPN-1/FireWall-1 RECOGNITION AGREEMENT OF INFORMATION TECHNOLOGY SECURITY EVALUATION CERTIFICATES The Certification Body of the UK IT Security Evaluation and Certification Scheme is a member of the above Agreement Group and as such: - indicates that it is the issuer's claim that this certificate is a conformant certificate as defined in this Agreement; and - therefore gives grounds for confidence, though it cannot in itself guarantee, that the certificate is a conformant certificate and that it will in practice be recognised by the other Members of the Agreement Group. The judgements contained in the certificate and Certification Report are those of the Qualified Certification Body which issued it and of the Evaluation Facility which carried out the evaluation. There is no implication of acceptance by other Members of the Agreement Group of liability in respect of those judgements or for loss sustained as a result of reliance placed upon those judgements by a third party. Trademarks: AIX and IBM are trademarks or registered trademarks of IBM Corporation. Compaq and Deskpro are registered trademarks of Compaq Corporation. FireWall-1, VPN-1/FireWall-1 and Check Point are trademarks of Check Point Technologies Ltd. NT is a trademark of Microsoft Corporation. Pentium is a registered trademark of Intel Corporation. Solaris and Ultra Sparc are trademarks of Sun Microsystems, Inc. Unix is a registered trademark of X/Open Group Ltd. All other product or service names mentioned herein are trademarks of their respective owners. Page ii Issue 1.0 January 2001

Check Point VPN-1/FireWall-1 E3 CERTIFICATION STATEMENT Check Point Software Technologies Limited's VPN-1/FireWall-1 provides controlled access between physically connected networks by permitting or denying the flow of packets. It also provides IP address translation, IP address hiding and the logging of all attempts to communicate between physically connected networks. In addition, it provides a remote management capability and a Virtual Private Network which may be used to establish secure communications between two VPN-1/FireWall-1 firewalls. Check Point VPN-1/FireWall-1 has been evaluated under the terms of the UK IT Security Evaluation and Certification Scheme and has met the requirements of ITSEC Assurance Level E3 when running on the platforms specified in Annex B. Originator CESG Certifier Approval CESG Deputy Technical Manager of the Certification Body Authorisation CESG Senior Executive UK IT Security Evaluation and Certification Scheme Date authorised 31 January 2001 January 2001 Issue 1.0 Page iii

E3 Check Point VPN-1/FireWall-1 (This page is intentionally left blank) Page iv Issue 1.0 January 2001

Check Point VPN-1/FireWall-1 E3 TABLE OF CONTENTS CERTIFICATION STATEMENT... iii TABLE OF CONTENTS...v ABBREVIATIONS... vii REFERENCES... ix I. INTRODUCTION...1 Intended Audience...1 Identification of Target of Evaluation...1 Evaluation...2 General Points...2 II. EVALUATION FINDINGS...5 Introduction...5 Correctness - Construction...5 Correctness - Operation...6 Effectiveness - Construction...6 Effectiveness - Operation...7 Specific Functionality...8 III. CONCLUSIONS...9 Certification Result...9 Recommendations...9 ANNEX A: SUMMARY OF THE SECURITY TARGET...13 ANNEX B: EVALUATED CONFIGURATION...15 January 2001 Issue 1.0 Page v

E3 Check Point VPN-1/FireWall-1 (This page is intentionally left blank) Page vi Issue 1.0 January 2001

Check Point VPN-1/FireWall-1 E3 ABBREVIATIONS CESG CLEF CLI DES ETR GUI IP ITSEC ITSEM LDAP NIST SEF SMTP SoM SP TCP TOE UKSP VPN Communications-Electronics Security Group Commercial Evaluation Facility Command Line Interface Data Encryption Standard Evaluation Technical Report Graphical User Interface Internet Protocol Information Technology Security Evaluation Criteria Information Technology Security Evaluation Manual Light Directory Access Protocol National Institute for Standards and Technology Security Enforcing Function Simple Mail Transfer Protocol Strength of Mechanisms Service Pack Transmission Control Protocol Target of Evaluation United Kingdom Scheme Publication Virtual Private Network January 2001 Issue 1.0 Page vii

E3 Check Point VPN-1/FireWall-1 (This page is intentionally left blank) Page viii Issue 1.0 January 2001

Check Point VPN-1/FireWall-1 E3 REFERENCES a. Description of the Scheme, UK IT Security Evaluation and Certification Scheme, UKSP 01, Issue 3.0, 2 December 1996. b. The Appointment of Commercial Evaluation Facilities, UK IT Security Evaluation and Certification Scheme, UKSP 02, Issue 3.0, 3 February 1997. c. FireWall-1 Security Target, Admiral Management Services Ltd, 7044A/T51/1, Issue 1.2, July 1999. d. Check Point FireWall-1 Phase B Security Target Addendum, Admiral Management Services Ltd, 7044A/T51/2, Issue 6.0, December 2000. e. Harmonised Information Technology Security Evaluation Criteria, Commission of the European Communities, CD-71-91-502-EN-C, Version 1.2, June 1991. f. Information Technology Security Evaluation Manual, Commission of the European Communities, Version 1.0, 10 September 1993. g. Manual of Computer Security Evaluation, Part I, Evaluation Procedures, UK IT Security Evaluation and Certification Scheme, UKSP 05, Issue 3.0, October 1994. h. Manual of Computer Security Evaluation, Part III, Evaluation Techniques and Tools, UK IT Security Evaluation and Certification Scheme, UKSP 05, Issue 2.0, 30 July 1997. i. ITSEC Joint Interpretation Library (ITSEC JIL), Joint Interpretation Working Group, Version 2.0, November 1998. j. Evaluation Technical Report for FireWall-1/VPN-1, Admiral Management Services Ltd, 7044C/T8.15/1, Issue 2.0, December 2000. k. Certification Report No. P107, Check Point FireWall-1, Version 4.0, UK IT Security Evaluation and Certification Scheme, Issue 1.0, March 1999. January 2001 Issue 1.0 Page ix

E3 Check Point VPN-1/FireWall-1 l. FireWall-1 Security Target, Admiral Management Services Ltd, 7044A/T51/1, Issue 1.1, October 1998. m. Evaluation Technical Report for FireWall-1 Version 4.0, Admiral Management Services Ltd, 7044B/T8.15/1, Issue 1.0, October 1998. n. Addendum to Evaluation Technical Report for FireWall-1 Version 4.0, Admiral Management Services Ltd, 7044B/T8.15/2, Issue 1.0, February 1999. o. Getting Started with VPN/FireWall-1 User Guide, Check Point Software Technologies Ltd, Version 4.1 (6/99 Edition). p. VPN/FireWall-1 Architecture and Administration User Guide, Check Point Software Technologies Ltd, Version 4.1 (6/99 Edition). q. Virtual Private Networks, Check Point Software Technologies Ltd, Version 4.1 (6/99 Edition). r. VPN-1/FireWall-1 Addendum to Operational Documents, Check Point Software Technologies Ltd, Version 1.3, November 2000. s. FW-1 Product Architecture for Phase B, Check Point Software Technologies Ltd, 6 September 1999. t. VPN-1/FireWall-1 Detailed Design, Check Point Software Technologies Ltd, Version 2.0, June 2000. u. FireWall-1 Phase B Suitability Analysis, Check Point Software Technologies Ltd, Issue 3.0, March 2000. v. FireWall-1 Binding Analysis, Check Point Software Technologies Ltd, Issue 2.0, June 2000. w. FireWall-1 ITSEC Phase B Strength of Mechanisms Analysis, Check Point Software Technologies Ltd, Issue 1.0, March 2000. Page x Issue 1.0 January 2001

Check Point VPN-1/FireWall-1 E3 x. Developers Guide, Part III, Advice to Developers, UK IT Security Evaluation and Certification Scheme, UKSP 04, Issue 1.0, July 1996. January 2001 Issue 1.0 Page xi

E3 Check Point VPN-1/FireWall-1 (This page is intentionally left blank) Page xii Issue 1.0 January 2001

Check Point VPN-1/FireWall-1 E3 I. INTRODUCTION Intended Audience 1. This Certification Report states the outcome of the IT security evaluation of Check Point Software Technologies Limited s VPN-1/FireWall-1 to the Sponsor, Check Point Software Technologies Limited, and is intended to assist potential purchasers when judging the suitability of the product for their particular requirements. Identification of Target of Evaluation 2. The version of the product evaluated was: Check Point VPN-1/FireWall-1,. This product is also described in this report as the Target of Evaluation (TOE). The Developer was Check Point Software Technologies Ltd. 3. Check Point VPN-1/FireWall-1 is a firewall product which uses Stateful Inspection Technology to inspect all packets passing between networks connected to the product, permitting or denying the flow of packets according to a defined firewall flow policy. It supports the complete TCP/IP family of protocols up to the TCP level and selected protocols up to the application layer. The product also provides IP address translation, IP address hiding and the capability to log and generate alerts for all attempts to communicate between physically connected networks. 4. In addition, the product can operate as a Virtual Private Network (VPN) which is used to establish a secure communications channel over an unsecured network (eg the Internet) using 2 Check Point VPN-1/FireWall-1s. 5. The core functionality of Stateful Inspection, the Command Line Interface (CLI), IP address translation and auditing was evaluated against its Security Target [Reference l] and was certified to the IT Security Evaluation Criteria (ITSEC) assurance level E3 in March 1999 [k]. During the course of the evaluation of Check Point VPN-1/FireWall-1, the following additional functionality (as defined in the Security Target [c] and its addendum [d]) was examined: the Graphical User Interface (GUI) of Check Point VPN-1/FireWall-1 a Light Directory Access Protocol (LDAP) client interface a remote management capability (provided by the Management Server) a Security Server which is used to filter files in selected protocols a VPN facility authentication of end-users 6. The TOE was tested on 3 platforms as follows: a. Microsoft NT Version 4.0 (including Service Pack 5), Build No. 1381 running on Compaq Deskpro EP6500, Pentium III; January 2001 Issue 1.0 Page 1

E3 Check Point VPN-1/FireWall-1 b. Solaris 2.6SE running on Sun Ultra 10; and c. AIX Version 4.3 running on IBM RS/6000. 7. Further details of the evaluated version of the TOE and of trusted configurations of the product are contained in Annex B to this report. Evaluation 8. The evaluation was carried out in accordance with the requirements of the UK IT Security Evaluation and Certification Scheme as described in UKSP 01 and UKSP 02 [a, b]. The Scheme has established a Certification Body which is jointly managed by the Communications- Electronics Security Group (CESG) and the Department of Trade and Industry on behalf of Her Majesty s Government. 9. The purpose of the evaluation was to provide assurance about the effectiveness of the TOE in meeting its Security Target [c, d], which prospective users are advised to read. (A copy of the Security Target may be obtained from the Sponsor). The criteria against which the TOE was judged are described in the ITSEC [e]. This describes how the degree of assurance is expressed in terms of the levels E0 to E6 where E0 represents no assurance. The methodology used is described in the IT Security Evaluation Manual (ITSEM) [f], UKSP 05 [g, h] and the ITSEC Joint Interpretation Library [i]. 10. The Certification Body monitored the evaluation which was carried out by the Admiral Management Services Limited Commercial Evaluation Facility (CLEF). The evaluation was completed in December 2000 when the CLEF submitted the final version of the Evaluation Technical Report (ETR) [j] to the Certification Body which, in turn, produced this Certification Report. 11. The Target Assurance Level for the product, as required by the Security Target [c, d], was E3. The cryptographic mechanisms contained in the TOE are publicly known and as such it is the policy of the national authority for cryptographic mechanisms, CESG, not to comment on their appropriateness or strength. The correctness of the implementation of the DES and Triple DES algorithms was verified by CygnaCom Solutions for compliance with FIPS 140-1, and compliance with FIPS algorithms, and was certified by NIST. In addition, Check Point VPN-1/FireWall-1 has been certified under Version 1.0A Criteria of the ICSA Labs Program For IPSec Product Certification. 12. The minimum Strength of Mechanisms (SoM) for the search for vulnerabilities conducted by the Evaluators was High. General Points 13. Prospective users of the TOE are reminded that the security functionality evaluated is that claimed in the Security Target [c, d]. This functionality may not necessarily meet all the threats that a user has identified in a particular operating environment. The assumed threats, intended method of use and environment are as stated in the Security Target. The TOE should only be Page 2 Issue 1.0 January 2001

Check Point VPN-1/FireWall-1 E3 used in its evaluated configurations (as indicated in Annex B) and in accordance with the recommendations and caveats contained in this report. It is the responsibility of purchasers to ensure that Check Point VPN-1/FireWall-1 meets their requirements. 14. Certification is not a guarantee of freedom from security vulnerabilities; there remains a small probability (smaller with higher assurance levels) that exploitable vulnerabilities may be discovered after a certificate has been awarded. This Certification Report reflects the Certification Body's view at the time of certification. Purchasers (both prospective and existing) should check regularly for themselves whether any security vulnerabilities have been discovered since this report was issued and, if appropriate, should check with the Vendor to see if any patches exist for the product and whether such patches have been evaluated and certified. Users are reminded of the security dangers inherent in downloading 'hot-fixes' where these are available, and that the UK Certification Body provides no assurance whatsoever for patches obtained in this manner. 15. The issue of a Certification Report is not an endorsement of a product. January 2001 Issue 1.0 Page 3

E3 Check Point VPN-1/FireWall-1 (This page is intentionally left blank) Page 4 Issue 1.0 January 2001

Check Point VPN-1/FireWall-1 E3 II. EVALUATION FINDINGS Introduction 16. The evaluation of Check Point VPN-1/FireWall-1 followed the generic Evaluation Work Programme described in the ITSEM [f] with work packages structured around the evaluator actions described in the ITSEC [e]. The results of this work were reported in the ETR [j] under the ITSEC headings. This Certification Report summarises the assurance results in relation to the security functionality claimed in the Security Target [c, d]. Correctness - Construction 17. This aspect of the evaluation examined both the development process (ie the Security Target, the Architectural and Detailed Designs, the Implementation) and the environment in which it took place. The results were as follows: a. The final version of the Security Target [c, d] described the Security Enforcing Functions (SEFs) provided by the TOE, and contained a product rationale identifying its method of use and intended environment; it also described how the product's functionality was appropriate for that method of use and was adequate to counter the assumed threats. b. The Architectural Design [s] properly described the general structure of the TOE, together with any external interfaces and supporting hardware or firmware; it also clearly detailed how the SEFs of the TOE are provided and how the TOE is separated into security enforcing and other components. c. The final version of the Detailed Design [t] specified all basic components, identified all security mechanisms, described all SEFs and other security relevant functions, mapped SEFs to mechanisms and components, documented interfaces adequately and enabled the relationships between levels of specification to be identified. d. The correctness of the implementation was satisfactory, ie all security enforcing and security relevant functions offered in the Detailed Design were identifiable in the source code and test documentation and the associated tests were repeatable. e. Repeating an agreed sample of the Developer's functional tests produced no differences in the test results. The Evaluators were satisfied that their findings could be applied to the platforms identified in Annex B. 18. During a visit to the Developer s premises to witness the Developer s functional testing, the evaluators satisfied themselves that the configuration control, programming standards and security aspects of the Developer's working environment were as reported during the previous evaluation [m] and were, therefore, satisfactory. January 2001 Issue 1.0 Page 5

E3 Check Point VPN-1/FireWall-1 19. The Evaluators concluded that the TOE met the requirements for ITSEC E3 in respect of its Security Target, Architectural and Detailed Designs, Implementation and Development Environment. Correctness - Operation 20. The Evaluators checked and confirmed that: a. there are no SEFs directly relevant to end-users; b. the operations documentation adequately described the SEFs relevant to administrators and how to operate the TOE in a secure manner; c. the delivery and configuration documentation [o, r] described the delivery arrangements from the development environment to the customer and the required system installation aspects; d. the startup and operation documentation [p-r] adequately described the procedures for secure startup and operation and, where relevant, for the deactivation or modification of SEFs; and e. the information supplied described how these procedures maintain the security of the TOE. 21. The Evaluators concluded that the Operations Documentation and the Operational Environment met the requirements for ITSEC E3. Effectiveness - Construction 22. This aspect of the evaluation dealt with: a. the suitability of the TOE's SEFs to counter the threats identified in the Security Target; b. the ability of the SEFs and mechanisms to bind together in a way that is mutually supportive and provides an integrated and effective whole; c. the ability of the TOE's security mechanisms to withstand direct attack; and d. the question of whether known security vulnerabilities in the construction of the TOE could, in practice, compromise its security. 23. The Evaluators were satisfied that: a. the Suitability Analysis [u] confirmed that all the threats listed in the Security Target [c, d] were adequately countered by one or more of the stated SEFs and mechanisms; Page 6 Issue 1.0 January 2001

Check Point VPN-1/FireWall-1 E3 b. the Binding Analysis [v] demonstrated that it was not possible for any SEF or mechanism to conflict with or contradict the intent of any other SEF or mechanism; c. the procedural measures in the Sponsor's Security Target [c, d] and the Developer's operational documentation [o-r] were sufficient to prevent all known construction vulnerabilities from being exploited; d. the independent vulnerability analysis and penetration testing did not reveal any exploitable vulnerabilities in the TOE; and e. the SoM Analysis [w] listed all the security enforcing mechanisms and identified the IPSec, IKE, Diffie Hellman, SSL, RSA encryption schemes and the MD5, DES and Triple DES algorithms as the only critical mechanisms within the TOE; the effectiveness of these mechanisms is outside the scope of the evaluation. 24. The TOE was tested on each of the platforms identified in Annex B with the numbers of interfaces as stated. However, the rationale [n] provided by the Evaluators during the Phase A evaluation concerning the number of interfaces that may be supported remains valid for Check Point VPN-1/FireWall-1 Version 4.1 and therefore supports the Sponsor s claim in the Addendum to the Security Target [d] that the TOE supports up to 64 interfaces. 25. The Evaluators concluded that the TOE met the requirements for ITSEC E3 in respect of Suitability, Binding, SoM and Construction Vulnerability. Effectiveness - Operation 26. This work involved: a. checking that the TOE can be used in a secure manner and assessing whether known vulnerabilities in its operation could, in practice, compromise its security; and b. checking the List of Known Vulnerabilities in the operation of the TOE, as supplied by the Sponsor, and assessing the impact of these vulnerabilities and the measures proposed to counter their effects. 27. The evaluation confirmed that: a. the TOE could not be configured or used in a manner which was insecure but which an administrator would reasonably believe to be secure; b. the countermeasures proposed by the Sponsor in the List of Known Vulnerabilities in Operational Use were entirely satisfactory; and c. the independent vulnerability analysis and penetration testing on the platforms identified in Annex B did not reveal any exploitable vulnerabilities in the operation of the TOE. January 2001 Issue 1.0 Page 7

E3 Check Point VPN-1/FireWall-1 28. The Evaluators concluded that the TOE met the requirements for ITSEC E3 in respect of Ease of Use and Operational Vulnerability. Specific Functionality 29. The Evaluators concluded that all the functionality claimed in the Security Target [c, d] had been met. This included functionality claims for: Access Control Accountability Audit Data Exchange Remote Supervision Page 8 Issue 1.0 January 2001

Check Point VPN-1/FireWall-1 E3 III. CONCLUSIONS Certification Result 30. After due consideration of the ETR [j], produced by the Evaluators, and the conduct of the evaluation, as witnessed by the Certifier, the Certification Body has determined that Check Point VPN-1/FireWall-1 meets the requirements of ITSEC Assurance Level E3 when running on the platforms specified in Annex B. Recommendations 31. The product should only be used in accordance with the intended environment and method of use described in the Security Target [c, d]. Particular care should be taken that the product is configured and used in accordance with the operations documentation [o-r]. 32. In view of the complexity of the CLI, administrators are advised that they should exercise care when using it to configure VPN-1/FireWall-1 and to define firewall security policies. The CLI can be used, but it should not be used exclusively as the GUI provides built-in protections and is less prone to administrator error. 33. Administrators should note that VPN-1/FireWall-1 provides an increased level of functionality that was not evaluated during the evaluation of FireWall-1 Version 4.0 [m]. This means that FireWall-1 Version 4.0, in its evaluated configuration, cannot be configured, and have firewall security policies defined, using the Management Server of VPN-1/FireWall-1. It follows, therefore, that FireWall Version 4.0, in its evaluated configuration, cannot be used within an evaluated configuration of VPN-1/FireWall-1. However, FireWall-1 Version 4.0 can co-exist within the same network as VPN-1/FireWall-1 Version 4.1 provided each are configured, and their security policies defined, according to their evaluated configurations. 34. Administrators are recommended to inspect the TOE s audit trails on a regular basis. 35. Administrators should be aware that the firewall does not prevent hostile users on the internal network colluding with hostile attackers on the external network if the user is authorised to access and send the information to external hosts. 36. Administrators should note that any traffic on the internal network not routed through the firewall falls outside the administrator s control. Thus the firewall will not counter threats to the security of the internal network from authorised users of the internal network. 37. Administrators should be aware that the TOE does not counter the threat that the firewall could be bypassed by connecting the internal network directly to an external network. It is recommended that the TOE is placed in a physically secure environment to which only authorised personnel have access and that internal users are prevented from connecting their workstations or servers to the external network by any link (eg a modem) that does not pass through the firewall. January 2001 Issue 1.0 Page 9

E3 Check Point VPN-1/FireWall-1 38. Firewall flow policies are complex and they need to be tailored to fit specific requirements. Purchasers of the TOE should ensure that administrators are competent to determine the firewall flow policies to be implemented or have access to people who are competent to determine such policies. 39. Purchasers should note that the administrators of the firewall are assumed to be trusted individuals who are appropriately vetted and trained. The TOE does not counter threats from careless, negligent or hostile administrators. It is recommended that appropriate measures, including regular, independent audits of the firewall configuration, be taken to counter these threats. 40. The TOE provides the capability for an administrator to close the current audit log file and switch the recording of audit records to a new audit log file. The Evaluators confirmed during the evaluation of FireWall-1 Version 4.0 [m] that filling the audit log did not cause the TOE to operate in a potentially insecure state during startup. The Evaluators also confirmed during the same evaluation that when the disk containing an audit file fills up then logging stops. Administrators are recommended, therefore, to ensure that there is adequate disk space available for audit logs and to archive log files regularly to ensure that logging does not stop. 41. Administrators should be aware that the IP forwarding disabling only works between the time of the boot and the time that a policy is loaded (with fwstart). If a machine is booted with the IP forwarding disable option set, but without automatic fwstart, then IP packets can be forwarded through the machine. The problem does not occur if IP forwarding disablement is chosen during installation of VPN-1/FireWall-1, as detailed in [r]. 42. Potential purchasers of the TOE should be aware that the TOE does not claim to resist all denial-of-service attacks. Whilst the TOE does contain functionality to counter attacks using fragmented or overlapping IP packets, SYN flooding attacks are outside the scope of this evaluation because the SYNDefender component was not included in this evaluation. 43. Potential purchasers should note that the firewall, in common with similar TOEs, does not counter the threat of Session Hi-jacking (ie an external attacker taking over an authenticated session initiated by another external host). This threat should be considered when defining the internal network security policy. 44. To reduce the potential impact of Session Hi-jacking, it is recommended that the internal network security policy states what executable software is authorised to be received through the firewall from the external network. Corresponding operational procedures to quarantine such software may also be required. 45. To detect whether Session Hi-jacking has affected the firewall, it is recommended that a backup of the firewall in its initial operational configuration is retained and used for comparison at periodic intervals. Operational procedures should state when this comparison is to be made. 46. Potential purchasers should be aware that the TOE does not detect viruses. It is recommended that executable programs attached to incoming mail messages should be virus Page 10 Issue 1.0 January 2001

Check Point VPN-1/FireWall-1 E3 checked. Automatic explosion or execution of MIME-encoded attachments within SMTP messages should also be disabled. 47. The requirement for a SEF to threat mapping was addressed by the Suitability Analysis [u] rather than in the Security Target [c, d]. Therefore, it is recommended that the Suitability Analysis should be made available to the same audience as the Security Target. For the next evaluation, it is recommended that the Sponsor should include the SEF to threat mapping in the Security Target. 48. Potential users of the product should understand the specific scope of the certification by reading this report in conjunction with the Security Target [c, d]. January 2001 Issue 1.0 Page 11

E3 Check Point VPN-1/FireWall-1 (This page is intentionally left blank) Page 12 Issue 1.0 January 2001

Check Point VPN-1/FireWall-1 E3 Annex A ANNEX A: SUMMARY OF THE SECURITY TARGET Introduction 1. The Security Target is given in [c, d]. The Product Rationale is summarised below. Product Rationale Intended Method of Use 2. Section 6.1.2 of [d] defines a trusted configuration of the product as one that: a. executes on any computer system from the family of Workstations and Servers which support one of the following operating systems: i. Sun Solaris 2.6SE ii. AIX Version 4.3 iii. Windows NT Version 4.0 SP5 b. executes on a computer system which support up to 64 interfaces (note that VPN-1/FireWall-1 uses the concept of managed ports and does not use the traditional firewall terms of internal and external network) c. consists of: i. a Management Server which resides on a protected LAN ii. a Graphical User Interface which resides on a workstation running Microsoft Windows NT4 with SP5 which is part of the protected LAN that the Management Server is part of iii. a number of Firewall Modules which may or may not reside on the protected LAN that the Management Server is part of d. is configured, controlled and monitored using the GUI which communicates with the Management Server; the Management Server then configures the Firewall Modules e. has been installed, configured and started up, as described in the operations documentation [p-r]. 3. The product operates in 2 modes: a. as a firewall which used Stateful Inspection Technology to inspect all IP packets passing between networks connected to the product, promptly blocking all unwanted communication attempts (it supports the complete IP family of protocols); and b. and as a VPN which is used to establish a secure communications channel over an unsecured network (eg the Internet) using 2 Check Point VPN-1/FireWall-1 firewalls. January 2001 Issue 1.0 Page 13