Validated Product - Sidewinder G2 Security Appliance Model 2150 with Sidewinder G2 Software v 6.1.0.05.E51

PRODUCT DESCRIPTION

The Sidewinder G2 Security Appliance Target of Evaluation (TOE) consists of the following:

• Sidewinder G2 Security Appliance Model 2150
• Software version 6.1.0.05.E51
• Hardware version: SW61-2UA-8/S rev A

The Sidewinder G2 Security Appliance, herein called simply Sidewinder, is a comprehensive network security gateway designed and manufactured by Secure Computing Corporation, headquartered at 4810 Harwood Road, San Jose, CA 95124. Sidewinder consolidates a wide variety of security functions into one Unified Threat Management (UTM) system to reduce the management complexity for IT professionals. As an application-level firewall, Sidewinder employs proxy technology to scrutinize all traffic by reassembling the entire objects and looking at the application content to determine its true makeup, thus protecting against the latest attacks which often occur at the application level. Sidewinder also provides packet filtering, stateful inspection.

The Sidewinder G2 ® Security Appliance line is comprised of a variety of appliance models which all include the same Sidewinder software. The full line of appliance models ranges from the small remote office and small businesses to enterprise gigabit, large business performance requirements. Sidewinder's hardened core, the SecureOS® UNIX operating system, includes patented Type Enforcement® technology and forensic auditing facilities. This provides a secure environment for all application-layer security processing and intrusion prevention. The GUI-based management tools and access controls let organizations implement flexible, site-specific security policies. Sidewinder interoperates with a variety of third-party products, such as strong authentication products, including SafeWord® products from Secure Computing® and the web filtering product SmartFilter.

The Sidewinder G2 ® Security Appliance consolidates a wide variety of security functions in one system, including an Application Defenses™ firewall with application-level intrusion prevention; traffic anomaly detection; a secure email, Web and DNS gateway; anti-spam; anti-virus; IPSec VPN; IDS and response; outbound Web access filtering; SSL termination; and clientless VPN access. Some of these functions such as VPN, SSL termination, anti-spam and anti-virus are outside of the scope of evaluation; see the Security Target and Validation Report for more details. Sidewinder, as evaluated, is described in the following paragraphs.

The Sidewinder Target of Evaluation (TOE) includes the software and hardware which enforce Information Flow policies upon all data attempting to traverse the Sidewinder appliance. These policies are configurable by an authorized administrator and are based on the presumed source and destination IP addresses, protocol, source and destination interface, and service. In addition, the administrator determines whether controls are applied at the application level or at the IP network layer of the network stack. He or she may also require user authentication, even “strong” authentication, as a prerequisite for particular proxies. The TOE protects the user data as it flows through the appliance, preventing data leakage from one network message to another.

The Sidewinder TOE requires administrative users to identify and authenticate themselves before they are allowed to exercise administrative control over the appliance. Similarly, the TOE can require communication users (i.e. non-admin users) to authenticate prior to using specified protocols through the firewall. The TOE itself includes a multi-use password mechanism, but interoperates with commercially available single-use authentication servers to provide for strong authentication. A compatible single-use authentication server is part of the environment for the TOE.

Security Management is provided through an admin console with a graphical user interface (GUI). The GUI client software is part of the TOE and only allows authorized users to perform administrative functions. The console platform, a generic computer running a Windows OS, is part of the TOE environment and is physically protected from unauthorized users.

The Sidewinder TOE generates audit records corresponding to identification and authentication, traffic flow, changes to the security policy, and security-relevant changes to the system configuration. The TOE provides interfaces that allow the administrator to review the audit records, including the ability to search and sort audit records. The TOE also provides mechanisms to protect the audit records and to limit the loss of audit data due to storage exhaustion.

The basic integrity of the TOE system operation is provided by the Sidewinder’s Type Enforcement technology facilities which control the range of operation that can be performed by each process. The TOE provides additional protections which include the use of a two state processing model to limit privileged instructions to the SecureOS kernel, separation of process address spaces, and a system clock managed by the administrator for reliable audit timestamps. The TOE includes a separate administrative interface that is not connected to the managed networks and, thus, is immune from general network attacks.

SECURITY EVALUATION SUMMARY

The Sidewinder G2 Security Appliance is a commercial network product that provides identification and authentication, information flow control, and audit capabilities. Compliance with the U.S. DoD Application-Level Firewall Protection Profile demonstrates that Sidewinder provides a level of protection that is appropriate for U. S. Government organizations and others that handle unclassified information in moderate risk environments. Sidewinder fits within an organization’s overall security defense by isolating internal networks from the Internet or other external networks. The Sidewinder G2 Security Appliance and its administrative console must be appropriately protected from physical attacks within these environments.