Validated Product - Sourcefire Intrusion Detection Sensors (v. 3.2.3): NS500, NS1000, NS2000, NS2100, NS3000, Sourcefire Management Consoles (v. 3.2.3): MC1000, MC3000

PRODUCT DESCRIPTION

The Sourcefire Intrusion Detection System TOE are Intrusion Detection appliances that combine open-source and proprietary technology to create a scalable and flexible IDS. SFIDS is used to monitor incoming (and outgoing) network traffic, generally from outside the firewall. All packets on the monitored network are scanned and then compared against a set of rules to determine whether inappropriate traffic, such as system attacks, is being passed over the network. The system then notifies administrators of these attempts.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Sourcefire TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.1 and International Interpretations effective on 19, February 2003. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 1.0. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 2 family of assurance requirements. The product, when configured as specified in the installation guides and user guides, satisfies all of the security functional requirements stated in the Sourcefire Intrusion Detection System Security Target. A validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in May 2005. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report for Sourcefire Intrusion Detection System, prepared by CCEVS.

ENVIRONMENTAL STRENGTHS

The Sourcefire Intrusion Detection System is a commercial intrusion detection product that provides intrusion detection, identification and authentication, audit, protection of security functions and security management.