Validated Product - NetScreen Appliances includes models 5XP, 5XT, 25, 50, 204, 208, 500, and 5200 each with ScreenOS 4.0.2r6

PRODUCT DESCRIPTION

The NetScreen Appliances Target of Evaluation (TOE) consists of any one of the following products:

• NetScreen 5XP (Part number: NS-5XP-00*, NS-5XP-10*, where * = 1, 3, 5, 7, or 9)
  • Firmware version: 4.0.2r6
  • Hardware version: 3010
• NetScreen 5XT (Part number: NS-5XT-00*, NS-5XT-10*, where * = 1, 3, 5, 7, or 9)
  • Firmware version: 4.0.2r6
  • Hardware version: 3010
• NetScreen 25 (Part number: NS-025-00*, where * = 1, 3, 5, or 7)
  • Firmware version: 4.0.2r6
  • Hardware version: 4010
• NetScreen 50 (Part number: NS-050-00*, where * = 1, 3, 5, or 7)
  • Firmware version: 4.0.2r6
  • Hardware version: 4010
• NetScreen 204 (Part number: NS-204-00*, where * = 1, 3, 5, or 7)
  • Firmware version: 4.0.2r6
  • Hardware version: 0110
• NetScreen 208 (Part number: NS-208-00*, where * = 1, 3, 5, or 7)
  • Firmware version: 4.0.2r6
  • Hardware version: 0110
• NetScreen 500 (Part number: NS-500-SK1, NS-500ES-GB1-**, NS-500ES-GB2-**, NS-500SP-GB1-**, NS-500SP-GB2-**, NS-500ES-FE1-**, NS-500ES-FE2-**, where ** = AC or DC)
  • Firmware version: 4.0.2r6
  • Hardware version: 4110
• NetScreen 5200 (Part number: NS-5200-P01*-S00, NS-5200-P01*-S01, NS-5200-P01*-S02, where * = A or D)
  • Firmware version: 4.0.2r6
  • Hardware version: 3110

Henceforth, the above components are referred to as the NetScreen appliances.

NetScreen appliances are integrated security network devices designed and manufactured by NetScreen Technologies, Incorporated, 805 11th Ave, Building 3, Sunnyvale, CA 94089 U.S.A, herein called simply NetScreen.

NetScreen products are integrated security network appliances that operate as the central security hub in a network configuration. The NetScreen appliances control traffic flow through the network. The NetScreen appliances integrate stateful packet inspection firewall and traffic management features. Although the TOE includes a VPN (encryption) capability, this functionality was not evaluated and administrators are prevented from configuring such functionality in the evaluated configuration per the administrative guidance.

Each identified model consists of hardware and firmware, and each runs ScreenOS 4.0.2r6 in firmware, a proprietary operating system. The differences have no effect on the security functions claimed in the Security Target.

The TOE generates audit records corresponding to traffic flow, administrator actions, identification and authentication. The TOE provides interfaces that allow the administrator to review the audit records, including the ability to search and sort upon the audit records. Additionally, the TOE provides the ability to protect the audit records and limit the loss of records due to storage exhaustion.

The TOE enforces an Information Flow policy upon all packets attempting to traverse the NetScreen appliance. The policy is configurable by the administrator and is based on the presumed source IP address, destination IP address, protocol, source and destination interface, and service. The TOE has a packet buffer for temporary storage of packet information. All of the temporary storage is accounted for in that the size of the temporary storage relative to every packet is known ensuring that the TOE does not reuse any previous packet information.

Administrators are the only users of the TOE and are forced to identify and authenticate themselves by the TOE before they are allowed to invoke any administrator commands. Note that the TOE includes the console port. However, the actual console used is not part of the TOE but is part of the environment. The Security Target includes an assumption that a VT-100 terminal or any device that can emulate a VT-100 terminal is required for use as a locally connected console.

Security Management is provided through the Administrator Interface. This interface allows an administrator (when properly identified and authenticated) to configure the NetScreen device. Therefore, the security management functions are not available to non-administrative users.

The security functions of the TOE are protected by the administrative interface being a separate interface that is not connected to the network and, therefore, not susceptible to many of the general threats on the network such as sniffing packets or attempts to log into a public administrative interface. The administrative commands are limited to the console port, in the evaluation configuration, and the console port does not pass network traffic. Additionally, the TOE includes a system clock that can only be set and modified by the administrator, providing reliable timestamps for audit information.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the NetScreen appliances meet the security requirements contained in the “NetScreen Appliance Security Target: EAL4”. The criteria against which the NetScreen appliances was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.1 and National and International Interpretations effective on November 20, 2002. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 1.0. Science Application International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the NetScreen appliances TOE is EAL4. The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target. Two validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in June 2003. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report for NetScreen Appliances prepared by CCEVS.

ENVIRONMENTAL STRENGTHS

The NetScreen appliance is a commercial network product that provides identification and authentication, information flow control, and audit. NetScreen appliances provide a level of protection that is appropriate for IT environments that require that information flows be controlled and restricted among network nodes where the NetScreen appliance components can be appropriately protected from physical attacks.