Validated Product - Blue Coat ProxySG Operating System V3.2.4.8

PRODUCT DESCRIPTION

Blue Coat ProxySG Operating System 3.2.4.8 is a proxy appliance running a unique object-based operating system developed specifically for use as an Internet proxy for real-time communications requiring wire speeds and very low latency times. Blue Coat ProxySG Operating System runs atop ProxySG 400, 800 and 8000 series hardware appliances; the hardware was not evaluated. The purpose of the appliance is to provide a layer of security (visibility and control of web communications) between an Internal and External Network, typically an office network and the Internet. This layer of security can be used to control, protect, accelerate, and monitor the Internal Network's use of controlled protocols on the External Network, useful in forward proxy deployments. The controlled protocols are HTTP, FTP, SOCKS, and AIM, MSN and Yahoo Instant Messengers. This is achieved by enforcing a configurable policy of over 40 policy triggers and actions on controlled protocol traffic to and from the Internal Network users. The policy may include authentication, authorization, content filtering, web content virus scanning, spyware prevention, and auditing. In reverse proxy deployments, ProxySG isolates general-purpose origin servers from direct Internet access, caches, compresses, and accelerates web content delivery to users, and provides the option to virus scan uploaded content to origin servers.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the Blue Coat ProxySG Operating System v3.2.4.8 TOE meets the security requirements contained in the Security Target.

The criteria against which the Blue Coat ProxySG Operating System v3.2.4.8 TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.1. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 1.0. The COACT, Inc. CAFE Lab determined that the evaluation assurance level (EAL) for the Blue Coat ProxySG Operating System v3.2.4.8 TOE is EAL 2. The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target.

A Validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by the COACT, Inc. CAFE Lab. The evaluation team activities were completed in July, 2005. Results of the evaluation and associated validation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report.

ENVIRONMENTAL STRENGTHS

The assets of the TOE are the local user list, the Proxy Policy Rules, the Administrative Access Policy Rules, the audit logs, and the system configuration. The two primary security capabilities of the TOE are restricting controlled protocol traffic between the networks and configuring SGOS policy rules. The tangible assets and management functions are protected by restricting access to administrators. Only administrators can log into the TOE CLI, access its configuration and configure policies. There are also assets of the IT Environment that need to be enumerated, for they are protected by the TOE as well. The TOE protects the IP addresses of Internal Network machines and protects these machines from malicious content delivered via controlled protocols. An End User's Internal Network IP address is obfuscated by SGOS when their controlled protocol traffic is sent to the External Network. Also, malicious content carried by controlled protocols from the External Network can be blocked, stripped or scanned by the ProxySG Policy Rules.