PRODUCT DESCRIPTION

Sniffer InfiniStream Enterprise (Sniffer InfiniStream 3.0 Service Pack 1 (MR7) Console Software, Sniffer InfiniStream 3.0 Service Pack 1 (MR7) Capture Engine Software, Sniffer Enterprise Administrator 4.1 (MR2) Software, Sniffer Enterprise Visualizer 4.1 (MR2) Software). The TOE is a network management system that is capable of capturing and storing network traffic used for network(s) monitoring, network(s) performance measurements, trending and network(s) problem solving. The TOE provides user GUIs that can display the captured information or a subset of the captured information in graphical and statistical representations. The displayed information can be tailored to show the gathered information in a variety of methods, such as date/time, LAN segment, IP pair, TCP/UDP port, or a combination of these methods. The TOE is capable of providing real-time analysis, point-in-time analysis, back-in-time analysis and historical analysis of captured network traffic.

The TOE consists of four components, the Sniffer InfiniStream CAPTURE ENGINE, the Sniffer InfiniStream CONSOLEand VISUALIZER. The InfiniStream CAPTURE ENGINE component captures the network traffic, the ADMINISTRATOR manages the InfiniStream CAPTURE ENGINE and VISUALIZER, the InfiniStream CONSOLE is the user interface into the system, and the VISUALIZER provides both canned and user created reporting capabilities.

The scope of the evaluation covers the access controls and related security features implemented to protect the information in captured streams of network traffic that are retained by the evaluated product. The evaluation does not make any statements about the effectiveness of the evaluated product for Network Management or forensic purposes. Also, note that the TOE does not directly protect the network traffic on the backbone network.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. TOE was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 2.2. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.2.

COACT, Inc. CAFE Lab has determined that the product meets the security criteria in the Security Target, which specifies an assurance level of Evaluation Assurance Level (EAL) 3 augmented with ALC_FLR A team of validators, on behalf of the CCEVS Validation Body, monitored the evaluation. The evaluation was completed in January of 2007.

ENVIRONMENTAL STRENGTHS

Identification and Authentication – Sniffer InfiniStream Enterprise requires users to identify and authenticate themselves before accessing the TOE software, before viewing any TSF data, or configuring any portion of the TOE. No action can be initiated before proper identification and authentication. Each TOE user account includes security attributes that define the functionality the user is allowed to perform.

Security Management – The TOE performs management functions directly related to the secure operation of its components and management functions that ensure the strict limitations of access to stored captured network traffic. The system limits the access and operations of certain features of the product, limits access to user data, maintains and manages roles. The TOE uses security attributes associated with users, user data, and the specification of default values for certain security attributes necessary for the secure execution of security policies.

Access Control – The TOE is a network management system that stores network traffic content and statistics used for network performance management, application troubleshooting, and security forensics.

Session Establishment – TOE management systems use Administrator-managed IP address access control lists to limit user session establishment to trusted console platforms. The TOE denies access to all others.

Capture Filter – Capture filtering allows organizations to specify exactly what type of traffic they are interested in capturing. Capture filter uses the IP address, MAC address, Protocol, TCP port, UDP port, or VLAN ID or combinations in order to filter unwanted traffic.

Frame Slicing – Frame slicing allows organizations to limit their depth of visibility into confidential packets by truncating each packet at the end of the packet header data. In some cases, these remaining packet headers provide enough data to analyze and troubleshoot network traffic patterns without compromising privacy.

VISUALIZER Statistics – The Sniffer Enterprise Visualizer is used for long-term trending of captured network traffic. It uses statistics derived from captured network traffic to produce graphical reports, including trends, baselines, and deviations from baselines.

Self Protection – The TOE protects itself from bypass and interference via interfaces within its scope of control. The TOE includes interfaces that invoke other security functions (security enforcing) as well as those that do not invoke any other security function (security supporting). The security supporting interfaces are designed and implemented such that they do not have any access to TSF data and may not interfere with or bypass security functionality of the TOE. Security enforcing interfaces are designed and implemented such that all security policies are enforced.

Vendor Information

NetScout Systems (formerly Network General)
Heidi Edgar
972.713.4411
heidi.edgar@netscout.com

http://www.netscout.com/