Validated Product - Fortress Wireless Secure Gateway Version 1.0

Certificate Date: 23 October 2007

Validation Report Number: CCEVS-VR-VID10174-2007

Product Type: Miscellaneous

Conformance Claim: EAL3

PP Identifiers: None

CC Testing Lab: COACT Inc. CAFE Laboratory

Security Target [PDF]
Validation Report [PDF]
CC Certificate [PDF]

PRODUCT DESCRIPTION

The Fortress Secure Gateway® (FSG) is a security appliance that provides a secure perimeter to an enterprise network by protecting communications between wireless devices on a Wireless Local Area Network (WLAN) and the rest of the network (Local Area Network (LAN)) and restricting the wireless systems that may access the LAN. The objective of the TOE is to safeguard confidential and sensitive information. The FSG implements encryption at the Media Access Control (MAC) layer, and by doing so, enables the FSG to prevent vulnerabilities to confidentiality and integrity from being exploited. Once implemented, the operation of the FSG is automatic, requiring no administrator intervention.

The following FSG models are included in this product line: AF2100, AF7500, FC-X

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the Fortress Wireless Secure Gateway meets the security requirements contained in the Security Target.

The criteria against which the Fortress Wireless Secure Gateway were judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.3. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.3. The COACT, Inc. CAFE Lab determined that the evaluation assurance level (EAL) for the Fortress Wireless Secure Gateway is EAL 3. The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target.

A Validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by the COACT, Inc. CAFE Lab. The evaluation was completed in June 2007. Results of the evaluation and associated validation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report.

ENVIRONMENTAL STRENGTHS

The TOE’s Security Functions are:

Audit – Audit services that allow authorized administrators to detect and analyze potential security violations. When an FSG state changes (its starts or stops), an audit record is generated. Additionally, when a potential violation of security policy has been detected, an audit record is generated. In all cases, timestamps are applied to audit records and the FSG supplies its own timestamps.

Packet Encryption/Decryption – Packet encryption and decryption services provide mechanisms to encrypt and decrypt data as it is exchanged with wireless endpoints on the WLAN for the purpose of preserving confidentiality and integrity. Cryptographic key agreement between wireless endpoints and the FSG occurs using the Diffie-Hellman protocol.

Information Flow Control – The TOE receives plaintext from the LAN, and then encrypts it, retransmitting it out encrypted on the WLAN side.

The FSG receives ciphertext from the WLAN side, decrypts it, and then retransmits it out in plaintext on the LAN side. Plaintext received from the wireless network side will be discarded unless a bypass feature is specified for that traffic. A common Access ID must be configured on the FSG and all wireless endpoints that desire to communicate through the FSG. Only wireless endpoints that are configured for the same Access ID as the FSG, except for systems specified for bypass operation, may transmit information through the FSG.

Administrators authenticate to the TOE prior to managing security functions.

Identification and Authentication – The FSG requires that authorized administrative users are uniquely identified and authenticated before accessing audit/configuration information stored on the system.

Security Management – Security Management provides administrators with the capabilities to configure monitor and manage the FSG. The FSG supports multiple administrative roles to provide a “least privilege” model for TOE administrative access:

  1. Admin – The privileged account has full permissions to manage the FSG. This account is accessible via both FISh and AFWeb.
  2. Operator – The operator account has view-only permission to monitor the current settings and status of the AFSG via AFWeb. The TOE provides for management of security functions. A summary of the TOE security functions appears in Section 2, TOE Description. A detailed description of the security functions appears in Section 6, TOE Summary Specification.

Protection of the TOE – The TOE protects itself through Identity and Access Control and also by ensuring that attempts to modify, deactivate, or circumvent the TOE security functions are prevented.

Self-tests execute when the system starts, periodically during system execution, and on command of an admin. During self-tests, cryptographic keys are not calculated and traffic is not passed. Failure of any self-test puts the module in an error state (indicated by the Status LED) and updates the log file. Once in the error state, the system must be returned to the vendor for repair.

Vendor Information


Fortress Technologies, Inc.
Bill McIntosh
813-288-7388
813-288-7389 (Fax)
bmcintosh@fortresstech.com

http://www.fortresstech.com