Validated Product - Cryptek, Inc., DiamondTEK (DiamondCentral (NSC Application S/W version 2.4.0.5, NSD-Prime F/W version 2.4.0.3) and NSD (DiamondLink, DiamondPak, DiamondVPN, DiamondSAT, DiamondUTC) F/W version 2.4.0.3) 04, CP106), Diamond VPN (also sold as CV100); DiamondSAT

PRODUCT DESCRIPTION

The DiamondTEK Target of Evaluation (TOE) consists of the following components:

• DiamondCentral (also sold under the name CC200)
  • Part number: DC1-C, DC2-C, DC3-C (DC1-C supports 250 DiamondTEK nodes.  DC2-C supports 1000 DiamondTEK nodes.  DC3-C supports unlimited DiamondTEK nodes), CC200-C
  • NSC Application  S/W version 2.4.0.5
  • NSD-Prime F/W version 2.4.0.3
• DiamondLink (also sold under the name CL100)
  • Part number: DL100-C, DL100F-C (DL100-C/CL100-C supports RJ-45 copper network interface. DL100F-C/CL100-Fiber supports a fiber optic network interface), CL100-C, CL100-Fiber
  • F/W version 2.4.0.3
• DiamondPak (also sold under the name CP102, CP104, CP106)
  • Part number: DP200-C, DP400-C, DP600-C  (DP200-C/CP102-C supports two servers. DP400-C/CP104-C supports four servers. DP600-C/CP106-C supports six servers), CP102-C CP104-C, CP106-C
  • F/W version 2.4.0.3
• DiamondVPN (also sold under the name CV100)
  • Part number: DV100-C, CV100-C
  • F/W version 2.4.0.3
• DiamondSAT (also sold under the name CS101, CS102)
  • Part number: DS100-C, DS200-C, CS101, CS102
  • F/W version 2.4.0.3
• DiamondUTC (also sold under the name CT100)
  • Part number: DU100-C, CT100-C)
  • F/W version 2.4.0.3

It is important to note that the TOE is a subset of the DiamondTEK product.  The DiamondTEK product also includes the Windows 2000 or 2003 Server operating system (henceforth, referred to as Windows) and a SQL server database as part of the DiamondCentral® that is not part of the TOE.  However, the DiamondTEK TOE comes packaged within the DiamondTEK product. Additionally, the DiamondUTC comes packaged with a host (specifically a Sun Microsystems’ Sun Ray™) providing an integrated secure ultra-thin client desktop. The DiamondUTC host is not part of the TOE while part of the product.

Henceforth, the above components are referred to as DiamondTEK.

DiamondTEK is a secure network product designed to control the flow of information to and from nodes and access to Nodes on a network.  It can be used on a closed, or otherwise protected, network using clear text interactions or alternately on an open, or unprotected, network using encryption technology, if necessary, to protect data and enforce policies.

DiamondTEK consists of a number of components.  Each protected Node (the combination of Host and NSD being referred to as a Node) is connected to the physical network via a NSD.  For a single Host, the NSD is a DiamondLink that is installed between any NIC and a physical network.  When dealing with multiple nodes (e.g., a sub-network or group of servers), the NSD may be either a DiamondVPN that is installed as a single point of control for all of the nodes (collectively referred to as a Host) that may be attached to it, or a DiamondPak that is rack mounted and can serve to protect a set of Hosts (e.g., servers) each with its own Operational Profile, or a DiamondSAT that combines the functions of a DiamondVPN with built-in network acceleration to support VPN tunnels in high latency environments (e.g., across satellites) or a DiamondUTC that combines the capabilities of a Sun Microsystems’ Sun Ray™ and DiamondLink capabilities into an integrated secure ultra-thin client desktop. Each of the NSDs has an associated card reader that can be used to install the device and read the cards of individual users in order to identify and authenticate them.  However, NSDs can be configured to not require card-based authentication (i.e., No-Card Nodes).  This option is used for fixed, permanent network entities (e.g., servers, sub-network) where a user will be defined exclusively to represent the Node in the DiamondTEK system.

Note that while the DiamondTEK system can include a number of NSDs, it can also be configured to recognize clear text nodes (CTNs) and other IPsec (OIPS) nodes. While the DiamondTEK system cannot fully control information flows between CTNs and OIPSs, it does control the flow of information between them and NSDs.  As such, CTNs and OIPSs can only interact with NSDs after they have been defined in the DiamondTEK system and are assigned appropriate information flow attributes to control information flows appropriately.

The NSC is a special purpose application (includes a special purpose drivers) designed to manage the DiamondTEK system.  The NSC communicates with NSDs under its control via its own special NSD (sometimes referred to as NSD Prime).  The NSC provides an interface and tools for the Network Security Manager (NSM).  Via the NSC, the NSM configures and manages the DiamondTEK system, including controlling access policies, reviewing audit data, defining operational parameters, defining users, configuring NSDs, etc.

When a NSD state changes (e.g., it starts) or a NSD determines that an attempt to violate a security policy has occurred, it forwards an audit record to the NSC.  Additionally, NSDs can forward audit records related to general network usage (e.g., TCP connects) that will optionally be recorded by the NSC.  The NSC relies upon its host operating system to supply it with at a reliable time source and uses the host operating system to store audit records received from NSDs as well as audit records related to security management of the DiamondTEK system generated by the NSC itself, as well as other data (e.g. configuration parameters)

DiamondTEK offers three distinct information flow security features.  One is based on security labels (Mandatory Security Policy), another is based on explicitly defined information flow paths (Association Security Policy), and the last is based on source and destination addresses in combination with network protocol and service (Packet Filter Policy).

DiamondTEK requires each user of the DiamondTEK system to be identified and authenticated prior to allowing the user to perform any other security functions.  There are two roles supported by the DiamondTEK system and each is identified and authenticated differently.

Network Security Manager (NSM) – the NSM must log into the NSC application using a user name and password.

User – a user of a NSD generally must insert their personal card into a card reader, attached to the NSD, and enter the associated PIN.  The exception to this rule is that the NSM can configure static Nodes that can operate without a card inserted (i.e., No-Card Nodes). The NSM must configure the associated NSD to operate in No-Card mode and must associate a user with the Node and select the appropriate Operational Profile.

DiamondTEK offers security management functions via the NSC. Using the NSC, the NSM can add, remove, and configure security properties of NSDs; add, remove, and configure security properties of users; manage the information flow security policies; and manage the audit filters and audit log.

The TOE protects its management functions by isolating them within a single component that allows only administrators (i.e., NSMs) to log in and perform management functions.  It is assumed that the management console will be appropriately protected from unauthorized physical access.

Each NSD is protected largely by virtue of the fact that its interface is limited to primarily only support network traffic.  A physical card reader device that limits any potential for logical attacks provides the identification and authentication interface of the NSD.  The security policy management interface of the NSD is limited to the NSD initiating connections to the NSC when it starts-up or when a user logs on. The information flow policies, including encryption capabilities, contribute to protection of the TOE since they serve to ensure that TSF data is only accepted when it originates from an allowed source and that it is protected when outside control of the TOE.  All communication between an NSD and the NSC is protected by always requiring that it be encrypted using IPsec.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that DiamondTEK meets the security requirements contained in the Security Target.  The criteria against which the DiamondTEK was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.1 and National and International Interpretations effective February of 2004.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 1.0.  Science Application International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the DiamondTEK TOE is EAL 4.  The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target.  Validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC.  The evaluation was completed in December of 2005.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, DiamondTEK prepared by CCEVS.

ENVIRONMENTAL STRENGTHS

DiamondTEK is a commercial network product that provides identification and authentication, information flow control, and audit. Additionally, DiamondTEK provides support against bypass and tampering as well as a central management in the form of a graphical user interface.