Validated Product - IntruShield Product Family Intrusion Detection System (IntruShield 1200/1400 Appliances, Rev. 3 or earlier; 2600/4000 Appliances, Rev. 7 or earlier; 2700 Appliances, Rev. 1; 3000/4010 Appliances, Rev. 6 or earlier; IntruShield Security Management System Version 3.1.5.13; The Sensor Builds Version 3.1.3.63; and The Signature Set 3.1.40.6)

Certificate Date: 13 January 2009

Validation Report Number: CCEVS-VR-VID10169-2009

Product Type: IDS/IPS

Conformance Claim: EAL3

PP Identifier: Intrusion Detection System System Protection Profile, Version 1.5 (Archived)

CC Testing Lab: SAIC Common Criteria Testing Laboratory

Maintenance Releases:

CC Certificate [PDF]
Security Target [PDF]
Validation Report [PDF]

PRODUCT DESCRIPTION

The TOE is the McAfee, Inc., IntruShield Intrusion Prevention System product. The TOE consists of the IntruShield sensor(s), and the IntruShield Security Management system.

The IntruShield IDS system is composed of a family of sensor appliances, and IntruShield ISM system. The sensor appliances are stand-alone appliances from McAfee. The seven sensor appliances are the IntruShield 1200, IntruShield 1400, IntruShield 2600, IntruShield 2700, IntruShield 3000, IntruShield 4000, and IntruShield 4010. All other components of the product are software only components that run on a Windows workstation. The ISM system is an IPS management solution for managing IntruShield sensor appliance deployments for large and distributed enterprise networks. The ISM operates with an MYSQL database to persist configuration information and alert data.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the IntruShield Intrusion Prevention System TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.3 and International Interpretations effective on 10 May, 2006.

The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.3. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 3 family of assurance requirements. The product, when configured as specified in the installation guides and release notes, satisfies all of the security functional requirements stated in the IntruShield Product Family Intrusion Prevention System Security Target.

The IntruShield Intrusion Prevention System meets the assumptions, threats, organizational policies, security objectives and security functional requirements of the Intrusion Prevention System System Protection Profile, Version 1.6, April 4, 2006.

The evaluation was completed in November 2008. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report for IntruShield Intrusion Prevention System, prepared by CCEVS.

ENVIRONMENTAL STRENGTHS

The IntruShield Intrusion Prevention System is a commercial intrusion Prevention product that provides the following security functions:

  • Security Audit – The IntruShield Intrusion Prevention system generates audit records related to the administration/management of the TOE and traffic logs for IDS information.
  • Identification and Authentication – The IntruShield Intrusion Prevention system requires users to provide unique identification (user IDs) and authentication data (passwords) before any access to the TOE is granted.
  • Security Management – The IntruShield Intrusion Prevention system provides a web–based (using https) management interface for all administration, including the IDS rule set, user accounts and roles, and audit functions.
  • Protection of Security Functions – The IntruShield Intrusion Prevention system protects the security functions it provides through a variety of mechanisms. These mechanisms include the requirement that users must authenticate before any administrative operations can be performed on the system, The encrypted data transferred between the ISM and sensor uses a proprietary SSL implementation.
  • Intrusion Prevention Functions
    • System Data Collection – The IntruShield Intrusion Prevention system has the ability to set rules to govern the collection of data regarding potential intrusions.
    • System Data Analysis – The IntruShield Intrusion Prevention system provides tools to analyze both IDS traffic log data as well as audit information.
    • System Data Review, Availability and Loss - The IntruShield Intrusion Prevention system provides a user interface for menu selectable data review. The data stores of the raw collection data are limited only by the storage capacity of the platform and table management of the database. The IntruShield Intrusion Prevention system monitors the data store to determine when storage is exhausted and takes appropriate action.

Vendor Information

logo
McAfee Incorporated
Christopher Marks
408-346-3126
408-970-9727 (Fax)
Christopher_marks@McAfee.com

http://www.mcafee.com/