Validated Product - eEye Retina Network Security Scanner Version 5.4.21.53Certificate Date: 25 May 2007 Validation Report Number: CCEVS-VR-07-0044 Product Type: IDS/IPS Conformance Claim: EAL2 PP Identifiers: None CC Testing Lab: SAIC Common Criteria Testing Laboratory Maintenance Release(s): None PRODUCT DESCRIPTIONThe TOE, eEye Retina Network Security Scanner Version 5.4.21.53, is a software-only, non-disruptive network security scanner – the TOE is not invasive and does not interfere with the operation of the IT system being monitored. The TOE does not scan network traffic anomalies reported by sensors, as do some other types of IDS products. Instead, the TOE scans hosts identified within a specific IP range. Ports on targeted hosts are monitored for specific activities and events identified in an audit policy.
Retina Network Security Scanner comprises the scanning engine, which runs as a Windows service, and the management shell, which runs as a user mode application. The scanning engine performs all the scanning operations, based on the configured audit policies. The management shell provides a GUI that handles all aspects of the local user interface of a scan, such as scan range entry, audit set-up, results display, and reporting. The evaluated configuration is supported on Microsoft Windows NT 4.0 SP6a, Microsoft Windows 2000, Microsoft Windows Server 2003, and Microsoft Windows XP.
SECURITY EVALUATION SUMMARYThe evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process. The criteria against which the eEye Retina Network Security Scanner Version 5.4.21.53 TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.2 and International Interpretations effective on 8 October 2004. The evaluation methodology used by the Evaluation Team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.2. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is the EAL2 family of assurance requirements. The product, when configured and used as specified in “Retina Network Security Scanner Users Manual”, Version 5-3-1, 4 May 2006, and in accordance with the CC guidance in the Release Notes for Retina Network Security Scanner Version 5.4.21 satisfies all of the security functional requirements stated in the Retina Network Security Scanner Security Target.
Several functions such as auto-update were excluded from the evaluation. See the VR and ST for a complete list.
One validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in May 2007. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-07-0044) prepared by CCEVS.
ENVIRONMENTAL STRENGTHSThe eEye Retina Network Security Scanner Version 5.4.21.53 provides a low to moderate level of independently assured security in a conventional TOE and is suitable for a cooperative non-hostile environment with good physical access security and competent administrators.
The primary security functionality of the TOE is to provide the capabilities for non-intrusive scanning of IT systems within the IT environment of the TOE. The results of such scans identify vulnerabilities within the scanned IT systems that could lead to an intrusion of the IT environment.
eEye Retina Network Security Scanner Version 5.4.21.53 provides the following security functions:
Network Security System
The TOE scans hosts identified within a specific IP range against predefined audit policies (that are set at the granularity of a specific host or collection of hosts), to detect known potential vulnerabilities. The audit policies govern the collection of data regarding inappropriate activities on the IT systems the TOE monitors. The TOE collects the following information from targeted IT systems:
· Security configuration changes
· Access control configuration
· Service configuration
· Authentication configuration
· Accountability policy configuration
· Detected known vulnerabilities.
Security Management
The TOE provides the user with a GUI that can be used to configure and modify the options of the TOE. In particular, the GUI provides the user with the following capabilities:
· Discover target hosts by IP address, IP address range, CIDR notation, or host name
· Configure and launch audits of discovered hosts, including selecting audit options
· Review results of audits, including classification of vulnerabilities and other collected data
· Generate remediation and summary reports of the results of the audit.
|
![[X]](/assets/images/button_close.gif){kind=small}
![[PDF]](http://www.niap-ccevs.org/assets/images/icon_pdf.gif){kind=icon}
