Validated Product - Cisco Intrusion Prevention System (IPS) v6.0 Cisco 4200 Series Sensors (IPS 4255, IDS 4250, IPS4240, IDS4215, IPS4260); Cisco AIP-SSM-10 and AIP-SSM-20 for the ASA; NM-CIDS; IDSM-2

PRODUCT DESCRIPTION

Cisco® Intrusion Prevention System (IPS) solutions accurately identify, classify, and stop malicious traffic, including worms, spyware, adware, network viruses, and application abuse, before they affect business continuity, offering comprehensive integrated, collaborative, and adaptive network protection. All solutions are designed for high availability, backed by outstanding customer support, and available in a range of performance levels, from 45 Mbps up to multiple Gbps. Deployment options include dedicated appliances, switch and router modules, and software-based solutions.

The solutions include:

• Cisco IPS 4200 Series Sensors: Deliver intrusion prevention using dedicated, purpose-built devices that protect multiple network segments through the use of up to eight interfaces and support dual operation simultaneously, in both passive and inline modes. The appliance models are:
  • –Cisco IDS 4215 Sensor: 80 Mbps
  • –Cisco IPS 4240 Sensor: 250 Mbps
  • –Cisco IPS 4255 Sensor: 600 Mbps
  • –Cisco IDS 4260 Sensor: 1 Gbps

  Performance numbers are for tested intrusion detection throughput.

• Cisco IDSM-2 for the Cisco Catalyst 6500 Series-Integrates full IPS capabilities into Cisco Catalyst 6500 Series switches using a dedicated module, providing integrated inline protection at 500 Mbps and 2 Gbps with the IDSM-2 Bundle.
• Cisco IDS Network Module for Cisco access routers-Integrates traditional intrusion detection into the router using Cisco IPS Sensor Software Version 6.0. This provides added detection, correlation, and identification technology to effectively mitigate against and isolate threats at up to 45 Mbps.
• Cisco Advanced Inspection and Prevention Security Services Module (AIP SSM) for Cisco ASA 5500 Series Adaptive Security Appliances-Provides IPS capabilities as part of the Cisco ASA 5500 Series multifunction threat mitigation solution.
• Cisco IOS IPS-Provides a focused set of IPS capabilities using Cisco IOS Software on the router.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.3. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.3. ARCA CCTL determined that the evaluation assurance level (EAL) for the TOE is EAL 2 augmented with ALC_FLR.1. The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target. Several validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by ARCA. The evaluation was completed in May 2007.

ENVIRONMENTAL STRENGTHS

As a core component of the Cisco® Self-Defending Network, Cisco intrusion prevention system (IPS) solutions deliver comprehensive threat prevention from attacks and threats, regardless of their origin or history. Cisco IPS solutions deliver market-leading threat protection through:

• Pervasive network integration-Cisco IPS solutions defeat threats from multiple vectors, including network, server, and desktop endpoints. The solutions range from purpose-built appliances and integrated firewall and IPS devices to services modules for routers and switches. Cisco IPS solutions protect the network from policy violations, vulnerability exploitations, and anomalous activity through detailed inspection of traffic at Layers 2 through 7-across the network. The solutions also simplify deployment and provide contextual analysis through Risk Rating algorithms, giving the user up-to-the-minute security posture information.
• Collaborative threat prevention-Cisco IPS solutions employ a unique, system wide security ecosystem that assesses and reacts to threats, delivering unmatched network scalability and resiliency. This collaborative system includes cross-solution feedback linkages, common policy management, multivendor event correlation, attack path identification, passive/active fingerprinting, host-based (Cisco Security Agent) IPS collaboration, load-balancing capabilities, and visibility into encrypted traffic.
• Proactive posture adaptation-As your network threat posture changes, a Cisco IPS solution evolves and adapts to stay ahead of the security landscape, mitigating threats by both known and unknown attacks. Extensive behavioral analysis, anomaly detection, policy adjustments, and rapid threat response techniques save time, resources, and most importantly--your organization's assets and productivity.

The result is a pervasive, comprehensive, and proactive threat prevention solution that provides end-to-end, day-zero protection of your network.