Validated Product - eEye Retina Enterprise Suite, comprising the following eEye components: Retina Network Security Scanner Version 5.4.21.53, REM version 3.0.2.571, and REM Events Server version 2.2.0.194Certificate Date: 25 May 2007 Validation Report Number: CCEVS-VR-07-0043 Product Type: IDS/IPS Conformance Claim: EAL2 PP Identifiers: None CC Testing Lab: SAIC Common Criteria Testing Laboratory
PRODUCT DESCRIPTIONThe TOE, eEye Retina Enterprise Suite, is a software-only, non-disruptive network security scanner – the TOE is not invasive and does not interfere with the operation of the IT system being monitored. The TOE does not scan network traffic anomalies reported by sensors, as do some other types of IDS products. Instead, the TOE scans hosts identified within a specific IP range. Ports on targeted hosts are monitored for specific activities and events identified in an audit policy. The TOE includes a management capability that provides an authorized administrator with the ability to manage multiple scanners in the enterprise network, collating the results of scans from the various scanners and highlighting potential vulnerabilities for remedial action.
SECURITY EVALUATION SUMMARYThe evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process. The criteria against which the eEye Retina Enterprise Suite TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.2 and International Interpretations effective on 8 October 2004. The evaluation methodology used by the Evaluation Team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.2. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is the EAL2 family of assurance requirements. The product, when configured as specified in the following documents, satisfies all of the security functional requirements stated in the Retina Enterprise Suite Security Target:
· REM Security Management Console Administration Guide, v3.02, 2005
· REM Users Manual, REM-M-032803, 2003
· REM Manual Addendum, REM-EU-M-030305, v2.2.0, 2005
· Retina Network Security Scanner Users Manual, 5-3-1, 2005
· Release Notes for REM Events Manager version 3.0.2
· Release Notes for REM Events Server version 2.2.0
· Release Notes for Retina Network Security Scanner version 5.4.21.
Several functions such as auto-update were excluded from the evaluation. See the VR and ST for a complete list.
One validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in May 2007. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-07-0043) prepared by CCEVS.
ENVIRONMENTAL STRENGTHSThe evaluation assurance level against which the eEye Retina Enterprise Suite TOE has been evaluated (EAL2) provides a low to moderate level of independently assured security in a conventional TOE and is suitable for a cooperative non-hostile environment with good physical access security and competent administrators.
The primary security functionality of the TOE is to provide the capabilities for non-intrusive scanning of IT systems within the IT environment of the TOE. The results of such scans identify vulnerabilities within the scanned IT systems that could lead to an intrusion of the IT environment. The TOE provides extensive security management capabilities for controlling scanning and reporting and requires identification and authentication before granting access to those capabilities.
eEye Retina Enterprise Suite provides the following security functions:
Network Security System
The TOE scans hosts identified within a specific IP range against predefined audit policies (that are set at the granularity of a specific host or collection of hosts), to detect known potential vulnerabilities. The audit policies govern the collection of data regarding inappropriate activities on the IT systems the TOE monitors. The TOE collects the following information from targeted IT systems:
· Security configuration changes
· Access control configuration
· Service configuration
· Authentication configuration
· Accountability policy configuration
· Detected known vulnerabilities.
The results of scans are analyzed to highlight potential areas of vulnerability. Potential vulnerabilities are highlighted as ‘Events’ and reported as such to the TOE administrator.
Security Management
The TOE provides the user with a GUI that can be used to configure and modify the options of the TOE. In particular, the GUI provides the user with the following capabilities:
· Manage scanning policies and schedule scans across multiple scanners
· Review results of scans, including classification of vulnerabilities and other collected data
· Assign detected events to administrators for remediation
· Generate remediation and summary reports of the results of the audit
· Manage users and groups, including assigning permissions and scopes (i.e., ranges of IP addresses the user is responsible for).
Identification and Authentication
The TOE allows users to directly exercise the capabilities of the Network Security Scanner without being identified or authenticated. Otherwise, the TOE requires users to provide unique identification and authentication data (passwords) before being granted access to the management capabilities provided by the Events Manager.
|
![[X]](/assets/images/button_close.gif){kind=small}
![[PDF]](http://www.niap-ccevs.org:80/assets/images/icon_pdf.gif){kind=icon}
