PRODUCT DESCRIPTION

The Fidelis XPS^TM 5.0.3 is an Extrusion Prevention System® (XPS) system that is focused on network data leakage prevention where TOE appliances detect attempts to send inappropriate information, based on configuration, from one network to another; raise alarms and react to extrusion attempts to prevent an attack.

The evaluated Fidelis XPS includes four hardware appliances: three Fidelis Sensor appliance options (Fidelis XPS Direct, Fidelis XPS Proxy (sometimes referred to as Fidelis XPS ICAP), and Fidelis XPS Mail) and a Fidelis XPS CommandPost^TM Management Console Appliance.  A minimum of one CommandPost is required when using any of the TOE sensors, and at least one sensor is required.

The TOE is an Extrusion Prevention System® (XPS). Unlike Intrusion Detection Systems, designed to detect potential intruders, the TOE is designed to detect attempts to send potentially inappropriate information from one network to another (e.g., network abuse). It is designed to operate continuously, observing network traffic as it is perceived on the attached networks. Traffic to a Fidelis XPS Direct sensor is reassembled into TCP sessions; protocols are identified; applications are identified; and contents are analyzed in order to determine whether they seem to contain anything inappropriate based on the applicable rules. When inappropriate seeming content is identified, the sensor performs the action specified in the rule. Actions include terminating the network connection by either issuing TCP resets to both ends of the TCP connection and/or dropping packets depending on configuration, sending an alert to the CommandPost, or a combined response.  

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme.  The criteria against which the Fidelis XPS 5.0.3 TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.3.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.3.  Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 2 augmented with ALC_FLR.3 family of assurance requirements.  The product, when configured as specified in the Fidelis XPS Enterprise Setup and Configuration Guide and the Fidelis XPS User Guide, satisfies all of the security functional requirements stated in the Fidelis XPS 5.0.3 Security Target, Version 1.0.  Two Validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC.  The evaluation was completed in August 2008.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-VID10223-2008, dated 29 October 2008) prepared by CCEVS.

ENVIRONMENTAL STRENGTHS

The TOE is a commercial product whose users require a low to moderate level of independently assured security.  Fidelis XPS is targeted at a relatively benign environment with good physical access security and competent administrators.  Within such environments, it is assumed that attackers will have little attack potential.  The security environment also assumes that the TOE components are physically protected.

Fidelis XPS 5.0.3 supports the following eight security functions:

Security Audit

The TOE generates an audit record of security-relevant events that includes the date/time of event, user identity, and success or failure of the action. In addition, specific audit events are captured and those with specific details are associated with audit data as well. The TOE audit records are stored on the CommandPost appliance in a MySQL data repository that prevents audit data loss by overwriting the oldest stored audit records if the audit trail is full. Only an authorized administrator with audit read privilege are able to review and interpret the results.

Cryptographic Support

The TOE hashes passwords using the MySQL's embedded SHA1() function to hash and store user passwords and the TOE implements the RFC 1321-based free implementation of the RSA MD5 checksum library to hash exact file detection for Exact Content analyzer fingerprints.

User Data Protection

The TOE enforces an access control mechanism to control users' access to XPS objects and administrative interfaces.

Functional XPS Component Requirements (EXP)

The TOE uses a set of rules to inspect (e.g., sense via the Fidelis XPS Sensor) the network traffic and collect data based on potentially inappropriate content detected per the configured rules. The TOE contains a set of default rules/policies and allows an authorized administrator to customize the rules and policies used. The TOE analyzes the collected data and reacts to data leakage events.

Identification and Authentication

The CommandPost requires that all administrative users are identified and authenticated before access is allowed. The CommandPost maintains the administrator accounts that consist of the user identity (username), authentication data (password), authorizations (role with privileges and access levels) and assignments (alert management group and sensor). The TOE verifies password length and allowed character composition and rejects those that do not comply

Security Management

The CommandPost is accessed via its web-based Graphical User Interface (GUI) that provides the interface to manage the Fidelis XPS Sensor(s).  All users of the TOE are considered authorized Administrators. The CommandPost includes one default user (named admin) with full system control. Through the admin account, other users can be created with full or restricted access. The TOE Security Function (TSF) restricts the ability to manage the functions of the system based on the user's role, the user's assigned alert management group(s), and the user's assigned sensor(s).  There are eight (8) defined functions of the system: Alert Management, Quarantine Management, Alert Issue Tracking, Alert Reporting, Policy Authoring, User Management, System Configuration, and Audit Trail. The user's role defines the access level (either full control access, view-only access, or no access) per system function.   

Protection of the TSF

The packets passing between the CommandPost and Fidelis XPS Sensors are protected using FIPS 140-2 certified OpenSSL, Version 1.1.2 (FIPS certificate 918) data encryption and decryption over TLS, Version 1.0 such that all data is protected from disclosure and modification. The Sensors monitor network traffic and sends the information to the registered CommandPost. Each TOE appliance provides protection from outside attacks by being self-contained devices that only provide TOE functionality. Only authorized administrators may access TOE security functions once properly identified and authenticated to provide non-bypassability and domain separation. Additionally, the CommandPost hardware provides a reliable time stamp for security audit generation as well as collected system data events. The evaluation configuration of the TOE does not support any additional software to be installed on the appliance devices.

Session Locking

The TOE terminates any browser session between the web-based interface and the CommandPost after 15 minutes of inactivity and requires the authorized administrator to re-login to establish a new session. This functionality is hard-coded within the TOE.

Vendor Information

Fidelis Security Systems, Inc.
David Etue
301-652-7190
301-652-7097 (Fax)
david.etue@fidelissecurity.com

http://www.fidelissecurity.com